[CERT-daily] Tageszusammenfassung - 09.05.2023
Daily end-of-shift report
team at cert.at
Tue May 9 18:45:59 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Montag 08-05-2023 18:00 − Dienstag 09-05-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ A new, stealthier type of Typosquatting attack spotted targeting NPM ∗∗∗
---------------------------------------------
Attackers have been using lowercase letters in package names on the Node Package Manager (NPM) registry for potential malicious package impersonation. This deceptive tactic presents a dangerous twist on a well-known attack method -- "Typosquatting."
---------------------------------------------
https://checkmarx.com/blog/a-new-stealthier-type-of-typosquatting-attack-spotted-targeting-npm/
∗∗∗ AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability ∗∗∗
---------------------------------------------
Owners of Ruckus access points (APs) have been warned that a DDoS botnet named AndoryuBot has been exploiting a recently patched vulnerability to hack devices. The vulnerability in question is tracked as CVE-2023-25717 and it was patched by Ruckus in February in many of its wireless APs.
---------------------------------------------
https://www.securityweek.com/andoryubot-ddos-botnet-exploiting-ruckus-ap-vulnerability/
∗∗∗ Building Automation System Exploit Brings KNX Security Back in Spotlight ∗∗∗
---------------------------------------------
A public exploit targeting building automation systems has brought KNX security back into the spotlight, with industrial giant Schneider Electric releasing a security bulletin to warn customers about the potential risks.
---------------------------------------------
https://www.securityweek.com/building-automation-system-exploit-brings-knx-security-back-in-spotlight/
∗∗∗ Buchen Sie Ihre Unterkunft nicht über booked.net oder hotel-mix.de ∗∗∗
---------------------------------------------
Sie suchen eine Unterkunft? Buchen Sie lieber nicht auf booked.net oder hotel-mix.de, denn die beiden Buchungsplattformen listen Unterkünfte, die keinen Vertrag mit der Plattform haben. In der gebuchten Unterkunft angekommen, kann es Ihnen passieren, dass die Betreiber:innen gar nichts von Ihrer Buchung wissen und Sie kurzfristig eine neue Schlafmöglichkeit suchen müssen.
---------------------------------------------
https://www.watchlist-internet.at/news/buchen-sie-ihre-unterkunft-nicht-ueber-bookednet-oder-hotel-mixde/
∗∗∗ New phishing-as-a-service tool “Greatness” already seen in the wild ∗∗∗
---------------------------------------------
A previously unreported phishing-as-a-service (PaaS) offering named “Greatness” has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots.
---------------------------------------------
https://blog.talosintelligence.com/new-phishing-as-a-service-tool-greatness-already-seen-in-the-wild/
=====================
= Vulnerabilities =
=====================
∗∗∗ WordPress Plugin "Newsletter" vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability (CWE-79). An arbitrary script may be executed on the web browser of the user who is logging in to the WordPress using the plugin.
---------------------------------------------
https://jvn.jp/en/jp/JVN59341308/
∗∗∗ WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
* An arbitrary script may be executed on the web browser of the user who is logging in to the product - CVE-2023-27923, CVE-2023-28367
* An arbitrary script may be executed on the web browser of the user who is accessing the site using the product - CVE-2023-27925, CVE-2023-27926
---------------------------------------------
https://jvn.jp/en/jp/JVN95792402/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (java-11-openjdk-portable and rubygem-redcarpet), Red Hat (autotrace, bind, buildah, butane, conmon, containernetworking-plugins, curl, device-mapper-multipath, dhcp, edk2, emacs, fence-agents, freeradius, freerdp, frr, fwupd, gdk-pixbuf2, git, git-lfs, golang-github-cpuguy83-md2man, grafana, grafana-pcp, gstreamer1-plugins-good, Image Builder, jackson, kernel, kernel-rt, krb5, libarchive, libguestfs-winsupport, libreswan, libtiff, libtpms, lua, mysql, net-snmp, openssh, openssl, pcs, php:8.1, pki-core, podman, poppler, postgresql-jdbc, python-mako, qemu-kvm, samba, skopeo, sysstat, tigervnc, toolbox, unbound, webkit2gtk3, wireshark, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (cfengine, cfengine-masterfiles, go1.19, go1.20, libfastjson, python-cryptography, and python-ujson), and Ubuntu (mysql-5.7).
---------------------------------------------
https://lwn.net/Articles/931384/
∗∗∗ Citrix ADC and Citrix Gateway Security Bulletin ∗∗∗
---------------------------------------------
* CVE-2023-24488, Cross site scripting, CVSS 6.1
* CVE-2023-24487, Arbitrary file read, CVSS 6.3
---------------------------------------------
https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488
∗∗∗ SSA-932528 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-932528.html
∗∗∗ SSA-892048 V1.0: Third-Party Component Vulnerabilities in SINEC NMS before V1.0.3.1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-892048.html
∗∗∗ SSA-789345 V1.0: Code Execution Vulnerabilities in Siveillance Video Event and Management Servers ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-789345.html
∗∗∗ SSA-555292 V1.0: Security Vulnerabilities Fixed in SIMATIC Cloud Connect 7 V2.1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-555292.html
∗∗∗ SSA-516174 V1.0: Wi-Fi Encryption Bypass Vulnerabilities in SCALANCE W1750D ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-516174.html
∗∗∗ SSA-325383 V1.0: Multiple Vulnerabilities in SCALANCE LPE9403 before V2.1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-325383.html
∗∗∗ F5: K000133759 : Python vulnerability CVE-2020-26116 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000133759
∗∗∗ F5: K000134496 : Jettison vulnerability CVE-2022-45685 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000134496
∗∗∗ Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6988953
∗∗∗ Tensorflow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6988959
∗∗∗ IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6986333
∗∗∗ TensorFlow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6988979
∗∗∗ Ansi-html is vulnerable to CVE-2021-23424 used in IBM Maximo Application Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6988981
∗∗∗ Node-forge is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6988969
∗∗∗ Apache Log4j is vulnerable to CVE-2021-45105 and CVE-2021-45046 used in IBM Maximo Application Suite - Monitor Component ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6988975
∗∗∗ Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/888295
∗∗∗ IBM Cloud Pak for Network Automation 2.4.6 fixes multiple security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6989099
∗∗∗ CVE-2023-24536, CVE-2023-24537 and CVE-2023-24534 may affect IBM CICS TX Standard ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6989115
∗∗∗ CVE-2023-24536, CVE-2023-24537, CVE-2023-24534 may affect IBM CICS TX Advanced ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6989117
∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2022-39161) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6989119
∗∗∗ WebSphere Application Server Liberty is vulnerable to CVE-2022-3509 and CVE-2022-3171 used in IBM Maximo Application Suite - Monitor Component ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6989133
∗∗∗ IBM WebSphere Application Server Liberty and Open Liberty is vulnerable to CVE-2022-22475 used in IBM Maximo Application Suite - Monitor Component ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6989131
∗∗∗ IBM WebSphere Application Server Liberty is vulnerable to CVE-2022-22393 used in IBM Maximo Application Suite - Monitor Component ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6989127
∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2022-39161) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6989145
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list