[CERT-daily] Tageszusammenfassung - 05.10.2023

Thu Oct 5 18:50:15 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 04-10-2023 18:00 − Donnerstag 05-10-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Curl 8.4.0 is to be released on October 11th ... ∗∗∗
---------------------------------------------
... containing a fix for "the worst security problem found in curl in a long time". The associated CVE is expected to be published shortly after. Use the time to check where you have #curl & #libcurl in your environment.
---------------------------------------------
https://twitter.com/pyotam2/status/1709305830573473987


∗∗∗ Jetzt patchen! Confluence Data Center: Angreifer machen sich zu Admins ∗∗∗
---------------------------------------------
Atlassian hat eine kritische Sicherheitslücke in Confluence Data Center und Server geschlossen.
---------------------------------------------
https://www.heise.de/-9325414


∗∗∗ Lorenz ransomware crew bungles blackmail blueprint by leaking two years of contacts ∗∗∗
---------------------------------------------
A security researcher noticed Lorenz's dark web victim blog was leaking backend code, pulled the data from the site, and uploaded to it a public GitHub repository. The data includes names, email addresses, and the subject line entered into the ransomware group's limited online form to request information from Lorenz.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/10/05/lorenz_ransomware_group_leaks_details/


∗∗∗ The discovery of Gatekeeper bypass CVE-2023-27943 ∗∗∗
---------------------------------------------
Looking for vulnerabilities is not my usual daily routine. I am a software developer for Endpoint Security software. I implement new features, improve existing functionality, fixing bugs. So, the discovery of this vulnerability was a surprise. And it made me scared that a macOS update broke our product. In the end, it turned out to be quite a severe vulnerability on macOS.
---------------------------------------------
https://blog.f-secure.com/discovery-of-gatekeeper-bypass-cve-2023-27943/


∗∗∗ H1 2023 – a brief overview of main incidents in industrial cybersecurity ∗∗∗
---------------------------------------------
In this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations.
---------------------------------------------
https://ics-cert.kaspersky.com/publications/h1-2023-a-brief-overview-of-main-incidents-in-industrial-cybersecurity/


∗∗∗ Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit ∗∗∗
---------------------------------------------
In this post, we look at the attack surface of another target in a different category. The Sony XAV-AX5500 is a popular aftermarket head unit that interacts with different systems within a vehicle. It also offers attackers a potential foothold into an automobile.
---------------------------------------------
https://www.thezdi.com/blog/2023/10/5/looking-at-the-attack-surface-of-the-sony-xav-ax5500-head-unit


∗∗∗ Exposing Infection Techniques Across Supply Chains and Codebases ∗∗∗
---------------------------------------------
This entry delves into threat actors intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/j/infection-techniques-across-supply-chains-and-codebases.html


∗∗∗ Your printer is not your printer ! - Hacking Printers at Pwn2Own Part I ∗∗∗
---------------------------------------------
At 2021, we found Pre-auth RCE vulnerabilities(CVE-2022-24673 and CVE-2022-3942) in Canon and HP printers, and vulnerabilty(CVE-2021-44734) in Lexmark. We used these vulnerabilities to exploit Canon ImageCLASS MF644Cdw, HP Color LaserJet Pro MFP M283fdw and Lexmark MC3224i in Pwn2Own Austin 2021. Following we will describe the details of the Canon and HP vulnerabilities and exploitation.
---------------------------------------------
https://devco.re/blog/2023/10/05/your-printer-is-not-your-printer-hacking-printers-pwn2own-part1-en/


∗∗∗ EvilProxy Phishing Kit Targets Microsoft Users via Indeed.com Vulnerability ∗∗∗
---------------------------------------------
Threat actors are exploiting the open redirection vulnerability on Indeed.com to launch EvilProxy phishing attacks against high-ranking executives.
---------------------------------------------
https://www.hackread.com/evilproxy-phishing-kit-microsoft-indeed-vulnerability/


∗∗∗ CISA and NSA Release New Guidance on Identity and Access Management ∗∗∗
---------------------------------------------
Today, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that threaten critical infrastructure and national security systems.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/10/04/cisa-and-nsa-release-new-guidance-identity-and-access-management


∗∗∗ Notruf-Tool Cisco Emergency Responder mit statischen Zugangsdaten ∗∗∗
---------------------------------------------
Der Netzwerkausrüster Cisco hat für mehrere Produkte wichtige Sicherheitsupdates veröffentlicht.
---------------------------------------------
https://www.heise.de/-9325669


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Security Advisories 2023-10-04 ∗∗∗
---------------------------------------------
Cisco has published 3 Security Advisories (1 Critical, 1 High, 1 Medium Severity)
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2023%2F10%2F04&firstPublishedEndDate=2023%2F10%2F04


∗∗∗ (0Day) D-Link ∗∗∗
---------------------------------------------
ZDI-23-1501 - ZDI-23-1525: Multiple Routers, DIR-X3260, DAP-2622, DAP-1325 and D-View
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/


∗∗∗ Wieder Exploit-Update für iOS und iPadOS – das wohl auch Hitzeproblem fixt ∗∗∗
---------------------------------------------
Apple hat in der Nacht zum Donnerstag erneut wichtige Fixes für sein iPhone- und iPad-Betriebssystem vorgelegt. Es geht um Sicherheit und Überhitzung.
---------------------------------------------
https://www.heise.de/-9325367


∗∗∗ Malware-Schutz: Schwachstellen in Watchguard EPDR und AD360 geschlossen ∗∗∗
---------------------------------------------
In den Malware-Schutzlösungen Watchguard EPDR und AD360 klaffen teils Sicherheitslücken mit hohem Risiko. Aktualisierungen stehen bereit.
---------------------------------------------
https://www.heise.de/-9326078


∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (September 25, 2023 to October 1, 2023) ∗∗∗
---------------------------------------------
Last week, there were 90 vulnerabilities disclosed in 68 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week.
---------------------------------------------
https://www.wordfence.com/blog/2023/10/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-25-2023-to-october-1-2023/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, libx11, and libxpm), Fedora (ckeditor, drupal7, glibc, golang-github-cncf-xds, golang-github-envoyproxy-control-plane, golang-github-hashicorp-msgpack, golang-github-minio-highwayhash, golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, golang-github-protobuf, golang-google-protobuf, nats-server, and pgadmin4), Red Hat (firefox and thunderbird), SUSE (chromium, exim, ghostscript, kernel, poppler, python-gevent, and python-reportlab), and Ubuntu (binutils, exim4, jqueryui, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux-kvm, linux-oem-6.1, nodejs, and python-django).
---------------------------------------------
https://lwn.net/Articles/946698/


∗∗∗ ZDI-23-1498: Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1498/


∗∗∗ Open Redirect in SAP® BSP Test Application it00 (Bypass for CVE-2020-6215 Patch) ∗∗∗
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/open-redirect-in-bsp-test-application-it00-bypass-for-cve-2020-6215-patch/


∗∗∗ Qognify NiceVision ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-02


∗∗∗ Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-03


∗∗∗ Hitachi Energy AFS65x, AFF66x, AFS67x, and AFR67x Series Products ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily