[CERT-daily] Tageszusammenfassung - 24.05.2023
Daily end-of-shift report
team at cert.at
Wed May 24 18:22:20 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 23-05-2023 18:00 − Mittwoch 24-05-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Barracuda warns of email gateways breached via zero-day flaw ∗∗∗
---------------------------------------------
Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security Gateway (ESG) appliances were breached last week by targeting a now-patched zero-day vulnerability.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/barracuda-warns-of-email-gateways-breached-via-zero-day-flaw/
∗∗∗ Legion Malware Upgraded to Target SSH Servers and AWS Credentials ∗∗∗
---------------------------------------------
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch.
---------------------------------------------
https://thehackernews.com/2023/05/legion-malware-upgraded-to-target-ssh.html
∗∗∗ Malvertising via brand impersonation is back again ∗∗∗
---------------------------------------------
In recent months, numerous incidents have shown that malvertising is on the rise again and affecting the user experience and trust in their favorite search engine. Indeed, Search Engine Results Pages (SERPs) include paid Google ads that in some cases lead to scams or malware.
---------------------------------------------
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/malvertising-its-a-jungle-out-there
∗∗∗ Von legitim zu bösartig: Die Verwandlung einer Android‑App innerhalb eines Jahres ∗∗∗
---------------------------------------------
ESET-Forscher entdecken AhRat - ein neuer Android-RAT auf der Basis von AhMyth - der Dateien exfiltriert und Audio aufzeichnet.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2023/05/23/von-legitim-zu-bosartig-ahrat/
∗∗∗ Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own ∗∗∗
---------------------------------------------
MikroTik patches a major security defect in its RouterOS product a full five months after it was exploited at Pwn2Own Toronto.
---------------------------------------------
https://www.securityweek.com/mikrotik-belatedly-patches-routeros-flaw-exploited-at-pwn2own/
∗∗∗ Zahlreiche World4You Phishing-Mails im Umlauf! ∗∗∗
---------------------------------------------
Website-Betreiber:innen aufgepasst: Kriminelle versenden aktuell vermehrt E-Mails im Namen des österreichischen Hosting-Providers World4You. Darin wird meist fälschlicherweise behauptet, dass Rechnungen nicht beglichen oder Webadressen gesperrt wurden.
---------------------------------------------
https://www.watchlist-internet.at/news/zahlreiche-world4you-phishing-mails-im-umlauf/
∗∗∗ CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF) ∗∗∗
---------------------------------------------
Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/05/23/cisa-and-partners-update-stopransomware-guide-developed-through-joint-ransomware-task-force-jrtf
=====================
= Vulnerabilities =
=====================
∗∗∗ VMSA-2023-0010 ∗∗∗
---------------------------------------------
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0010.html
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libssh and sofia-sip), Fedora (cups-filters, dokuwiki, qt5-qtbase, and vim), Oracle (git, python-pip, and python3-setuptools), Red Hat (git, kernel, kpatch-patch, rh-git227-git, and sudo), SUSE (openvswitch, rmt-server, and texlive), and Ubuntu (binutils, cinder, cloud-init, firefox, golang-1.13, Jhead, liblouis, ncurses, node-json-schema, node-xmldom, nova, python-glance-store, python-os-brick, and runc).
---------------------------------------------
https://lwn.net/Articles/932827/
∗∗∗ Nextcloud: user_oidc app is missing bruteforce protection ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x8mc-84wj-rf34
∗∗∗ Nextcloud: User session not correctly destroyed on logout ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38
∗∗∗ Nextcloud: Basic auth header on WebDAV requests is not brute-force protected ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54
∗∗∗ Apple security updates: iTunes 12.12.9 for Windows ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT213763
∗∗∗ F5: K000134744 : Intel BIOS vulnerability CVE-2022-38087 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000134744
∗∗∗ F5: K000134747 : PHP vulnerability CVE-2023-0568 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000134747
∗∗∗ Bosch: Unrestricted SSH port forwarding in BVMS ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-025794-bt.html
∗∗∗ Bosch: Vulnerability in Wiegand card data interpretation ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-391095-bt.html
∗∗∗ Bosch: .NET Remote Code Execution Vulnerability in BVMS, BIS and AMS ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-110112-bt.html
∗∗∗ IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js (CVE-2023-0842) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6997617
∗∗∗ IBM App Connect Enterprise is vulnerable to a denial of service due to cURL libcurl and Google protobuf-java. (CVE-2022-42915, CVE-2021-22569, CVE-2022-3509, CVE-2022-3171, CVE-2022-3510) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6997631
∗∗∗ IBM InfoSphere Information Server is affected by a remote code execution vulnerability (CVE-2023-32336) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6995879
∗∗∗ This Power System update is being released to address CVE 2023-30438 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6993021
∗∗∗ TADDM affected by multiple vulnerabilities due to IBM Java and its runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6997919
∗∗∗ Vulnerability in IBM\u00ae Runtime Environment Java\u2122 Version 8 \u00a0affect Cloud Pak System. [CVE-2023-30441] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6997913
∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-27554) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6997097
∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2022-39161) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6997921
∗∗∗ A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2022-39161) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6997923
∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-24966) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6997925
∗∗∗ Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6997115
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list