[CERT-daily] Tageszusammenfassung - 15.05.2023

Mon May 15 18:52:57 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 12-05-2023 18:00 − Montag 15-05-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ The .zip gTLD: Risks and Opportunities, (Fri, May 12th) ∗∗∗
---------------------------------------------
About ten years ago, ICANN started the "gTLD" program. "Generic TLDs" allows various brands to register their own trademark as a TLD. Instead of "google.com", you now can have ".google"! Applying for a gTLD isn't cheap, and success isn't guaranteed. But since its inception, dozens of new gTLDs have been approved and started to be used [1]. The reputation of these new gTLDs has been somewhat mixed.
---------------------------------------------
https://isc.sans.edu/diary/rss/29838


∗∗∗ XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems. Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany.
---------------------------------------------
https://thehackernews.com/2023/05/xworm-malware-exploits-follina.html


∗∗∗ CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware ∗∗∗
---------------------------------------------
Poorly managed Microsoft SQL (MS SQL) servers are the target of a new campaign thats designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware.
---------------------------------------------
https://thehackernews.com/2023/05/clr-sqlshell-malware-targets-ms-sql.html


∗∗∗ New MichaelKors Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems ∗∗∗
---------------------------------------------
A new ransomware-as-service (RaaS) operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023. The development points to cybercriminal actors increasingly setting their eyes on the ESXi, cybersecurity firm CrowdStrike said in a report shared with The Hacker News.
---------------------------------------------
https://thehackernews.com/2023/05/new-michaelkors-ransomware-as-service.html


∗∗∗ WordPress Field Builder Plugin Vulnerability Exploited in Attacks Two Days After Patch ∗∗∗
---------------------------------------------
PoC exploit targeting an XSS vulnerability in the Advanced Custom Fields WordPress plugin started being used in malicious attacks two days after patch.
---------------------------------------------
https://www.securityweek.com/wordpress-field-builder-plugin-vulnerability-exploited-in-attacks-two-days-after-patch/


∗∗∗ Webinar: Smartphone, Tablet & Co. sicher nutzen ∗∗∗
---------------------------------------------
Wie kann ich meine persönlichen Daten am Smartphone, Tablet & Co. schützen? In diesem Webinar zeigen wir Ihnen die wichtigsten Sicherheitseinstellungen – von Berechtigungen über Datenschutz bis hin zu Nutzungszeiten. Nehmen Sie kostenlos teil: Dienstag 23. Mai 2023, 18:30 - 20:00 Uhr via zoom
---------------------------------------------
https://www.watchlist-internet.at/news/webinar-smartphone-tablet-co-sicher-nutzen-1/


∗∗∗ Mit diesen 3 Einstellungen schützen Sie Ihr Smartphone ∗∗∗
---------------------------------------------
Sie denken Ihr Smartphone ist mit einer Bildschirmsperre vor fremden Zugriffen gut geschützt? Falsch! Kriminelle finden Wege, um in gestohlene oder verlorene Smartphones einzudringen. Im schlimmsten Fall greifen sie auf Ihre Banking-App zu und räumen Ihr Konto ab. Wir zeigen Ihnen 3 wichtige Einstellungen, um Ihr Smartphone bei Verlust oder Diebstahl zu schützen.
---------------------------------------------
https://www.watchlist-internet.at/news/mit-diesen-3-einstellungen-schuetzen-sie-ihr-smartphone/


∗∗∗ Ransomware tracker: The latest figures [May 2023] ∗∗∗
---------------------------------------------
Note: this Ransomware Tracker is updated on the second Sunday of each month to stay current Although ransomware attacks overall were down in April compared to the prior month, attacks against healthcare organizations shot up to one of its highest levels in years as hospitals and doctors offices increasingly find themselves targeted by hackers.
---------------------------------------------
https://therecord.media/ransomware-tracker-the-latest-figures


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks ∗∗∗
---------------------------------------------
Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology (OT) networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the Black Hat Asia 2023 conference last week. The 11 vulnerabilities allow "remote code execution and full control over hundreds of thousands of devices and OT networks - in some cases, even those not actively configured to use the cloud."
---------------------------------------------
https://thehackernews.com/2023/05/industrial-cellular-routers-at-risk-11.html


∗∗∗ Screen SFT DAB 600/C: Multiple Vulnerabilities ∗∗∗
---------------------------------------------
* Authentication Bypass Account Creation Exploit * Authentication Bypass Password Change Exploit * Authentication Bypass Erase Account Exploit * Authentication Bypass Admin Password Change Exploit * Authentication Bypass Reset Board Config Exploit * Unauthenticated Information Disclosure (userManager.cgx)
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/


∗∗∗ SECURITY BULLETIN: May 2023 Security Bulletin for Trend Micro Mobile Security (Enterprise) ∗∗∗
---------------------------------------------
CVE Identifier(s): CVE-2023-32521 through CVE-2023-32528 Trend Micro has released a new build for Trend Micro Mobile Security (Enterprise) that resolves several vulnerabilities.
---------------------------------------------
https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US


∗∗∗ Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App ∗∗∗
---------------------------------------------
Multiple vulnerabilities have been identified in the Kiddoware Kids Place Parental Control Android App. Users of the parent's web dashboard can be attacked via cross site scripting or cross site request forgery vulnerabilities, or attackers may upload arbitrary files to the children's devices. Furthermore, children are able to bypass any restrictions without the parents noticing.
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-kiddoware-kids-place-parental-control-android-app/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (golang-websocket, kernel, postgresql-11, and thunderbird), Fedora (firefox, kernel, libreswan, libssh, tcpreplay, and thunderbird), SUSE (dcmtk, gradle, libraw, postgresql12, postgresql13, postgresql14, and postgresql15), and Ubuntu (firefox, nova, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/931892/


∗∗∗ VM2 Security Advisory: Inspect Manipulation ∗∗∗
---------------------------------------------
A threat actor can edit options for console.log.
---------------------------------------------
https://github.com//patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v


∗∗∗ VM2 Security Advisory: Sandbox Escape ∗∗∗
---------------------------------------------
A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.
---------------------------------------------
https://github.com//patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5


∗∗∗ WAGO: Unauthenticated command execution via Web-based-management ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-007/


∗∗∗ Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-008/


∗∗∗ MB Connect Line: Multiple vulnerabilities in mbConnect24 and mymbConnect24 ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-002/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily