[CERT-daily] Tageszusammenfassung - 30.11.2023

Thu Nov 30 18:49:11 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 29-11-2023 18:00 − Donnerstag 30-11-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ FjordPhantom Android malware uses virtualization to evade detection ∗∗∗
---------------------------------------------
A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fjordphantom-android-malware-uses-virtualization-to-evade-detection/


∗∗∗ TRAP; RESET; POISON; - Übernahme eines Landes nach Kaminsky Art ∗∗∗
---------------------------------------------
Ein technischer Einblick in die Manipulation der DNS-Namensauflösung eines ganzen Landes.
---------------------------------------------
https://sec-consult.com/de/blog/detail/uebernahme-eines-landes-nach-kaminsky-art/


∗∗∗ CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks ∗∗∗
---------------------------------------------
A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments.
---------------------------------------------
https://thehackernews.com/2023/11/cactus-ransomware-exploits-qlik-sense.html


∗∗∗ Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data ∗∗∗
---------------------------------------------
Zoom Rooms, the cloud-based video conferencing platform by Zoom, is making headlines due to a recently discovered vulnerability. This flaw poses a significant security risk as it enables attackers to seize control of a Zoom Room’s service account, gaining unauthorized access to the victim organization’s tenant.
---------------------------------------------
https://www.hackread.com/zoom-vulnerability-hackers-hijack-meetings-data/


∗∗∗ BLUFFS: Neue Angriffe gefährden Bluetooth-Datensicherheit auf Milliarden Geräten ∗∗∗
---------------------------------------------
Durch eine Lücke im Bluetooth-Protokoll können Angreifer einfach zu knackende Schlüssel erzwingen und so vergangene wie zukünftige Datenübertragung knacken.
---------------------------------------------
https://www.heise.de/-9544862


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Drupal: Xsendfile - Moderately critical - Access bypass - SA-CONTRIB-2023-053 ∗∗∗
---------------------------------------------
The Xsendfile module enables fast transfer for private files in Drupal. In order to control private file downloads, the module overrides ImageStyleDownloadController, for which a vulnerability was disclosed in SA-CORE-2023-005. The Xsendfile module was still based on an insecure version of ImageStyleDownloadController.
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-053


∗∗∗ Apache ActiveMQ: Mehrere Codeschmuggel-Lücken von Botnetbetreibern ausgenutzt ∗∗∗
---------------------------------------------
Derweil meldet das ActiveMQ-Projekt eine neue Sicherheitslücke, die ebenfalls zur Ausführung von Schadcode genutzt werden kann. Der Fehler verbirgt sich in der Deserialisierungsroutine der Jolokia-Komponente, setzt aber eine Authentisierung voraus. Während die ActiveMQ-Entwickler von einem mittleren Schweregrad ausgehen, vergeben der Warn- und Informationsdienst des BSI einen CVSS-Wert von 8.8 und stuft den Schweregrad somit als "hoch" ein. CVE ID: CVE-2022-41678
---------------------------------------------
https://www.heise.de/-9544281


∗∗∗ MOVEit Transfer Service Pack (November 2023) ∗∗∗
---------------------------------------------
This article contains the details of the specific updates within the MOVEit Transfer November 2023 Service Pack. The Service Pack contains fixes for (2) newly disclosed CVEs described below. Progress Software highly recommends you apply this Service Pack for product updates and security improvements. CVE IDs: CVE-2023-6217, CVE-2023-6218
---------------------------------------------
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023


∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023) ∗∗∗
---------------------------------------------
Last week, there were 115 vulnerabilities disclosed in 87 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
---------------------------------------------
https://www.wordfence.com/blog/2023/11/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-20-2023-to-november-26-2023/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (chromium, gnutls, gst-devtools, gstreamer1, gstreamer1-doc, libcap, mingw-poppler, python-gstreamer1, qbittorrent, webkitgtk, and xen), Mageia (docker, kernel-linus, and python-django), Oracle (dotnet6.0, dotnet7.0, dotnet8.0, firefox, samba, squid, and thunderbird), Red Hat (firefox, postgresql:13, squid, and thunderbird), SUSE (cilium, freerdp, java-1_8_0-ibm, and java-1_8_0-openj9), and Ubuntu (ec2-hibinit-agent, freerdp2, gimp, gst-plugins-bad1.0, openjdk-17, openjdk-21, openjdk-lts, openjdk-8, pypy3, pysha3, and u-boot-nezha).
---------------------------------------------
https://lwn.net/Articles/953379/


∗∗∗ [R1] Nessus Network Monitor 6.3.1 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
Risk Factor: Critical, CVE ID: CVE-2023-5363, CVE-2021-23369, CVE-2021-23383, CVE-2018-9206
---------------------------------------------
https://www.tenable.com/security/tns-2023-43


∗∗∗ Zyxel security advisory for authentication bypass and command injection vulnerabilities in NAS products ∗∗∗
---------------------------------------------
Zyxel has released patches addressing an authentication bypass vulnerability and command injection vulnerabilities in NAS products. Users are advised to install them for optimal protection. CVEs: CVE-2023-35137, CVE-2023-35138, CVE-2023-37927, CVE-2023-37928, CVE-2023-4473, CVE-2023-4474
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products


∗∗∗ CISA Adds Two Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/11/30/cisa-adds-two-known-exploited-vulnerabilities-catalog


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ PTC KEPServerEx ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03


∗∗∗ Delta Electronics DOPSoft ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-01


∗∗∗ Mitsubishi Electric FA Engineering Software Products ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-04


∗∗∗ Yokogawa STARDOM ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily