[CERT-daily] Tageszusammenfassung - 10.05.2023

Wed May 10 18:30:05 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 09-05-2023 18:00 − Mittwoch 10-05-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Patchday: Adobe schließt Schadcode-Lücke in Substance 3D Painter ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für Adobe Substance 3D Painter. Wer damit 3D-Modelle bearbeitet, sollte die Anwendung aktualisieren.
---------------------------------------------
https://heise.de/-8991973


∗∗∗ Microsoft Patchday: Angreifer verschaffen sich System-Rechte unter Windows ∗∗∗
---------------------------------------------
Microsoft schließt unter anderem in Windows mehrere kritische Schadcode-Lücken. Attacken laufen bereits, weitere könnten bevorstehen.
---------------------------------------------
https://heise.de/-8991967


∗∗∗ Kritische Schwachstellen ermöglichen Übernahme von Aruba Access Points ∗∗∗
---------------------------------------------
Die HPE-Tochter Aruba schließt mehrere, zum Teil kritische Sicherheitslücken in den Access Points. Angreifer aus dem Netz könnten Schadcode einschleusen.
---------------------------------------------
https://heise.de/-8992292


∗∗∗ Patchday: 18 Sicherheitsnotizen zu teils kritischen Lücken in SAP-Software ∗∗∗
---------------------------------------------
Am Mai-Patchday dichtet SAP zum Teil kritische Sicherheitslücken in der Software des Unternehmens ab. IT-Verantwortliche sollten die Updates zügig anwenden.
---------------------------------------------
https://heise.de/-8992005


∗∗∗ Root-Rechte für lokale Angreifer dank Lücken im Linux-Kernel ∗∗∗
---------------------------------------------
In zwei Komponenten des Linuxkernels verstecken sich Sicherheitslücken, die lokalen Angreifern eine Rootshell spendieren. Ein erster Exploit ist öffentlich.
---------------------------------------------
https://heise.de/-8992648


∗∗∗ Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324) ∗∗∗
---------------------------------------------
Among the vulnerabilities fixed by Microsoft on May 2023 Patch Tuesday is CVE-2023-29324, a bug in the Windows MSHTML platform that Microsoft rates as “important.” Akamai’s research team and Ben Barnea, the researcher who’s credited with finding the flaw, disagree with that assessment, because “the new vulnerability [CVE-2023-29324] re-enables the exploitation of a critical vulnerability [CVE-2023-23397] that was seen in the wild and used by APT operators.”
---------------------------------------------
https://www.helpnetsecurity.com/2023/05/10/cve-2023-29324/


∗∗∗ Vorsicht vor betrügerischem Tier-, Welpen- und Katzenhandel im Internet ∗∗∗
---------------------------------------------
Vermehrt werden der Watchlist Internet aktuell betrügerische Tierangebote aus dem Internet und auf Social Media wie Facebook gemeldet. Süße Bilder junger Kätzchen und Hunde auf Websites, die Vertrauen schaffen sollen, verleiten zu einer unüberlegten Bestellung und Vorabzahlung. Eine Lieferung erfolgt nie – egal wie vielen Zahlungsaufforderungen der kriminellen Züchter:innen nachgekommen wird!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischem-tier-welpen-und-katzenhandel-im-internet/


∗∗∗ Free Tool Unlocks Some Encrypted Data in Ransomware Attacks ∗∗∗
---------------------------------------------
"White Phoenix" automated tool for recovering data on partially encrypted files hit with ransomware is available on GitHub.
---------------------------------------------
https://www.darkreading.com/attacks-breaches/free-tool-unlocks-some-encrypted-data-in-ransomware-attacks


∗∗∗ PwnAssistant - Controlling /homes via a Home Assistant RCE ∗∗∗
---------------------------------------------
[..] we decided to look into the very established and known open-source automation ecosystem known as Home Assistant. [..] So without further ado, come with us on this journey to understanding the Home Assistant architecture, enumerating the attack surface and trawling for pre-authentication vulnerabilities within the code base.
---------------------------------------------
https://www.elttam.com/blog/pwnassistant/


∗∗∗ Xjquery Wave of WordPress SocGholish Injections ∗∗∗
---------------------------------------------
By the end of March, 2023, we started noticing a new wave of SocGholish injections that used the intermediary xjquery[.]com domain. It appeared to be another evolution of the same malware. This time, however, attackers were using the same tricks in a different way.
---------------------------------------------
https://blog.sucuri.net/2023/05/xjquery-wave-of-wordpress-socgholish-injections.html


∗∗∗ ESET APT Activity Report Q4 2022–Q1 2023 ∗∗∗
---------------------------------------------
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023
---------------------------------------------
https://www.welivesecurity.com/2023/05/09/eset-apt-activity-report-q42022-q12023/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (emacs), Fedora (chromium, community-mysql, and LibRaw), Red Hat (nodejs nodejs-nodemon, nodejs:18, and webkit2gtk3), Slackware (mozilla), SUSE (amazon-ssm-agent, conmon, distribution, docker-distribution, google-cloud-sap-agent, ignition, kernel, ntp, prometheus-ha_cluster_exporter, protobuf-c, python-cryptography, runc, and shim), and Ubuntu (ceph, freetype, and node-css-what).
---------------------------------------------
https://lwn.net/Articles/931488/


∗∗∗ ICS Patch Tuesday: Siemens, Schneider Electric Address Few Dozen Vulnerabilities ∗∗∗
---------------------------------------------
Siemens and Schneider Electric’s Patch Tuesday advisories for May 2023 address a few dozen vulnerabilities found in their products.
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-address-few-dozen-vulnerabilities/


∗∗∗ Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities ∗∗∗
---------------------------------------------
Intel and AMD have informed their customers about a total of more than 100 vulnerabilities found in their products.
---------------------------------------------
https://www.securityweek.com/chipmaker-patch-tuesday-intel-amd-address-over-100-vulnerabilities/


∗∗∗ Hitachi Energy MSM ∗∗∗
---------------------------------------------
CVSS v3 9.8 
ATTENTION: Exploitable remotely/low attack complexity 
Vendor: Hitachi Energy 
Equipment: Modular Switchgear Monitoring (MSM) 
Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Authentication Bypass by Capture-replay, Code Injection, Improper Restriction of Operations within the Bounds of a Memory Buffer, NULL Pointer Dereference, Insufficient Entropy 
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-129-02


∗∗∗ Vulnerability Spotlight: Authentication bypass, use-after-free vulnerabilities found in a library for the µC/OS open-source operating system ∗∗∗
---------------------------------------------
TALOS-2022-1680 (CVE-2022-41985) could allow an attacker to bypass the authentication protocol on the operating system, or cause a denial-of-service, by sending the targeted machine a specially crafted set of network packets.
---------------------------------------------
https://blog.talosintelligence.com/vulnerability-spotlight-authentication-bypass-use-after-free-vulnerabilities-found-in-uc/


∗∗∗ SLP Protocol Denial-of-Service Guidance ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500563-SLP-PROTOCOL-DENIAL-OF-SERVICE-GUIDANCE


∗∗∗ Multi-vendor BIOS Security Vulnerabilities (May 2023) ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500559-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-MAY-2023


∗∗∗ ThinkPad Dock Driver Elevation of Privilege Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500562-THINKPAD-DOCK-DRIVER-ELEVATION-OF-PRIVILEGE-VULNERABILITY


∗∗∗ [R1] Nessus Network Monitor Version 6.2.1 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-19


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily