[CERT-daily] Tageszusammenfassung - 16.11.2023

Thu Nov 16 18:20:37 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 15-11-2023 18:00 − Donnerstag 16-11-2023 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups ∗∗∗
---------------------------------------------
A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens.
---------------------------------------------
https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html


∗∗∗ Deep Dive: Learning from Okta – the hidden risk of HAR files ∗∗∗
---------------------------------------------
HAR is short for HTTP Archive, and it’s a way of saving full details of the high-level network traffic in a web browsing session, usually for development, debugging, or testing purposes.
---------------------------------------------
https://pducklin.com/2023/11/14/deep-dive-learning-from-okta-the-hidden-risk-of-har-files/


∗∗∗ Fake-Shops locken mit Black-Friday-Angeboten ∗∗∗
---------------------------------------------
Rund um den Blackfriday lässt sich das ein oder andere Schnäppchen ergattern. Wir raten aber dazu, Online-Shops vor einer Bestellung genau zu prüfen.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-shops-locken-mit-black-friday-angeboten/


∗∗∗ Attacker – hidden in plain sight for nearly six months – targeting Python developers ∗∗∗
---------------------------------------------
For close to six months, a malicious actor has been stealthily uploading dozens of malicious Python packages, most of them mimicking the names of legitimate ones, to bait unsuspecting developers. 
---------------------------------------------
https://checkmarx.com/blog/attacker-hidden-in-plain-sight-for-nearly-six-months-targeting-python-developers/


∗∗∗ FBI and CISA Release Advisory on Scattered Spider Group ∗∗∗
---------------------------------------------
Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/11/16/fbi-and-cisa-release-advisory-scattered-spider-group


=====================
=  Vulnerabilities  =
=====================

∗∗∗ New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar ∗∗∗
---------------------------------------------
Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory.
---------------------------------------------
https://thehackernews.com/2023/11/new-poc-exploit-for-apache-activemq.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium and openvpn), Oracle (kernel, microcode_ctl, plexus-archiver, and python), Red Hat (.NET 6.0, dotnet6.0, dotnet7.0, dotnet8.0, kernel, linux-firmware, and open-vm-tools), SUSE (apache2, chromium, jhead, postgresql12, postgresql13, and qemu), and Ubuntu (dotnet6, dotnet7, dotnet8, frr, python-pip, quagga, and tidy-html5).
---------------------------------------------
https://lwn.net/Articles/951681/


∗∗∗ Mollie for Drupal - Moderately critical - Faulty payment confirmation logic - SA-CONTRIB-2023-052 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-052


∗∗∗ FortiOS & FortiProxy VM - Bypass of root file system integrity checks at boot time on VM ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-22-396


∗∗∗ FortiOS & FortiProxy - DOS in headers management ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-23-151


∗∗∗ Cisco Secure Client Software Denial of Service Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8


∗∗∗ Cisco IP Phone Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA


∗∗∗ Cisco Secure Endpoint for Windows Scanning Evasion Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd


∗∗∗ Cisco Identity Services Engine Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR


∗∗∗ Cisco AppDynamics PHP Agent Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5


∗∗∗ FortiSIEM - OS command injection in Report Server ∗∗∗
---------------------------------------------
https://www.fortiguard.com/psirt/FG-IR-23-135


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ 2023-11 Security Bulletin: JSA Series: Multiple vulnerabilities resolved ∗∗∗
---------------------------------------------
https://supportportal.juniper.net/s/article/2023-11-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2023-0010 ∗∗∗
---------------------------------------------
https://webkitgtk.org/security/WSA-2023-0010.html


∗∗∗ Released: November 2023 Exchange Server Security Updates ∗∗∗
---------------------------------------------
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2023-exchange-server-security-updates/ba-p/3980209


∗∗∗ Citrix Releases Security Updates for Citrix Hypervisor ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/11/16/citrix-releases-security-updates-citrix-hypervisor-0

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily