[CERT-daily] Tageszusammenfassung - 17.10.2023

Daily end-of-shift report team at cert.at
Tue Oct 17 18:15:09 CEST 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 16-10-2023 18:00 − Dienstag 17-10-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Discord still a hotbed of malware activity — Now APTs join the fun ∗∗∗
---------------------------------------------
Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal authentication tokens.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/discord-still-a-hotbed-of-malware-activity-now-apts-join-the-fun/


∗∗∗ A hack in hand is worth two in the bush ∗∗∗
---------------------------------------------
We analyzed the data published by Cyber Av3ngers and found it to be sourced from older leaks by another hacktivist group called Moses Staff.
---------------------------------------------
https://securelist.com/a-hack-in-hand-is-worth-two-in-the-bush/110794/


∗∗∗ Android Mobile Root Detection – Snake Oil or Silver Bullet? ∗∗∗
---------------------------------------------
Android is one of the most widely used mobile operating systems in the world. However, with its widespread use, it is also susceptible to security threats.
---------------------------------------------
https://sec-consult.com/blog/detail/android-mobile-root-detection-snake-oil-or-silver-bullet/


∗∗∗ NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics ∗∗∗
---------------------------------------------
NSA has released Elitewolf, a repository of intrusion detection signatures and analytics for OT environments.
---------------------------------------------
https://www.securityweek.com/nsa-publishes-ics-ot-intrusion-detection-signatures-and-analytics/


∗∗∗ Betrügerische Spendenorganisationen sammeln Geld für Israel ∗∗∗
---------------------------------------------
Kriminelle wissen, dass die Spendenbereitschaft in Krisensituationen besonders hoch ist. Nur wenige Tage nach dem Anschlag in Israel tauchen im Netz betrügerische Spenden-Websiten für Israel auf.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-spendenorganisationen-sammeln-geld-fuer-israel/


∗∗∗ Snapshot fuzzing direct composition with WTF ∗∗∗
---------------------------------------------
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
---------------------------------------------
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/


∗∗∗ Principles for ransomware-resistant cloud backups ∗∗∗
---------------------------------------------
Helping to make cloud backups resistant to the effects of destructive ransomware.
---------------------------------------------
https://www.ncsc.gov.uk/guidance/principles-for-ransomware-resistant-cloud-backups



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software ∗∗∗
---------------------------------------------
Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems.
---------------------------------------------
https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html


∗∗∗ Cisco: Schwere Sicherheitslücke in IOS XE ermöglicht Netzwerk-Übernahme ∗∗∗
---------------------------------------------
Geräte mit IOS XE und Web-UI können von Angreifern ohne Weiteres aus der Ferne übernommen werden. Cisco hat keine Patches, aber Empfehlungen für Betroffene.
---------------------------------------------
https://www.heise.de/news/Cisco-Schwere-Sicherheitsluecke-in-IOS-XE-erlaubt-Netzwerk-Uebernahme-9336068.html


∗∗∗ SonicOS: Angreifer können Sonicwalls abstürzen lassen ∗∗∗
---------------------------------------------
Sonicwall hat Updates für SonicOS veröffentlicht, die Sicherheitslücken schließen. Die Lecks erlauben Angreifern, verwundbare Geräte lahmzulegen.
---------------------------------------------
https://www.heise.de/news/SonicOS-Angreifer-koennen-Sonicwalls-abstuerzen-lassen-9336604.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (axis, nghttp2, node-babel7, and tomcat9), Fedora (curl and ghostscript), Oracle (bind, kernel-container, mariadb:10.5, and python3.11), Red Hat (.NET 7.0, go-toolset, golang, and go-toolset:rhel8), SUSE (kernel, libcue, libxml2, python-Django, and python-gevent), and Ubuntu (curl, ghostscript, iperf3, libcue, python2.7, quagga, and samba).
---------------------------------------------
https://lwn.net/Articles/948010/


∗∗∗ K000137211 : cURL vulnerabilities CVE-2023-38546 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000137211


∗∗∗ Festo: Vulnerable Siemens TIA-Portal in multiple Festo Didactic products ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-047/


∗∗∗ WAGO: Multiple products vulnerable to local file inclusion ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-046/


∗∗∗ Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-290-01


∗∗∗ Rockwell Automation FactoryTalk Linx ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-290-02


∗∗∗ Vulnerability CVE-2023-35116 affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7052938


∗∗∗ IBM Personal Communications could allow a remote user to obtain sensitive information including user passwords, allowing unauthorized access. (CVE-2016-0321) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/276845


∗∗∗ IBM Db2 is vulnerable to denial of service via a specially crafted query on certain databases. (CVE-2023-30987) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7047560


∗∗∗ Vulnerability in pycrypto-2.6.1.tar.gz affects IBM Integrated Analytics System [CVE-2013-7459, CVE-2018-6594] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7053417


∗∗∗ Multiple vulnerabilities in OpenSSL affect IBM Observability with Instana (Agent container image) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7053623


∗∗∗ Remote code execution/denial of service attack is possible in IBM Observability with Instana (Self-hosted on Docker) due to use of Apache Kafka ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7053643


∗∗∗ Due to use of Apache Commons FileUpload and Tomcat, IBM UrbanCode Release is vulnerable to a denial of service. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7053627

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list