[CERT-daily] Tageszusammenfassung - 19.10.2023

Daily end-of-shift report team at cert.at
Thu Oct 19 18:08:49 CEST 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 18-10-2023 18:00 − Donnerstag 19-10-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Money-making scripts attack organizations ∗∗∗
---------------------------------------------
Cybercriminals attack government, law enforcement, non-profit organizations, agricultural and commercial companies by slipping a cryptominer, keylogger, and backdoor into their systems.
---------------------------------------------
https://securelist.com/miner-keylogger-backdoor-attack-b2b/110761/


∗∗∗ HasMySecretLeaked findet auf GitHub veröffentlichte Secrets ∗∗∗
---------------------------------------------
Wer prüfen möchte, ob seine Secrets auf GitHub geleakt sind, kann das kostenfreie Toolset von GitGuardian nutzen. Es soll dabei private Daten schützen.
---------------------------------------------
https://www.heise.de/news/Security-Toolset-HasMySecretLeaked-sucht-auf-GitHub-veroeffentlichte-Secrets-9338326.html


∗∗∗ Public Report – Caliptra Security Assessment ∗∗∗
---------------------------------------------
During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. Caliptra is an open-source silicon IP block for datacenter-focused server-class ASICs.
---------------------------------------------
https://research.nccgroup.com/2023/10/18/public-report-caliptra-security-assessment/


∗∗∗ Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 ∗∗∗
---------------------------------------------
The number of Cisco devices hacked via the CVE-2023-20198 zero-day has reached 40,000, including many in the US.
---------------------------------------------
https://www.securityweek.com/number-of-cisco-devices-hacked-via-unpatched-vulnerability-increases-to-40000/


∗∗∗ Ein PayPal-Tonband ruft an? Drücken Sie nicht die 1! ∗∗∗
---------------------------------------------
Eine unbekannte Nummer erscheint am Smartphone-Bildschirm. Sie heben ab und eine Roboterstimme meldet sich im Namen PayPals. Angeblich soll Geld von Ihrem PayPal-Konto behoben werden. Um das zu verhindern, sollen Sie die Taste „1“ drücken. Tun Sie dies nicht – Kriminelle versuchen, Ihnen dadurch Geld und Daten zu stehlen.
---------------------------------------------
https://www.watchlist-internet.at/news/ein-paypal-tonband-ruft-an-druecken-sie-nicht-die-1/


∗∗∗ Es cyberwart wieder. Oder so. ∗∗∗
---------------------------------------------
Wie schon zu Beginn des Krieges in der Ukraine vor inzwischen eineinhalb Jahren kam es auch kurz nach den Ereignissen, die am 07.10.2023 Israel erschüttert haben, relativ schnell zu Berichten über die mögliche Rolle von Cyberangriffen in diesem Konflikt.
---------------------------------------------
https://cert.at/de/blog/2023/10/es-cyberwart-wieder-oder-so


∗∗∗ Hackers Exploit QR Codes with QRLJacking for Malware Distribution ∗∗∗
---------------------------------------------
Researchers report a surge in QR code-related cyberattacks exploiting phishing and malware distribution, especially QRLJacking and Quishing attacks.
---------------------------------------------
https://www.hackread.com/hackers-exploit-qr-codes-qrljacking-malware/


∗∗∗ CISA, NSA, FBI, MS-ISAC Publish Guide on Preventing Phishing Intrusions ∗∗∗
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC) today published “Phishing Guidance, Stopping the Attack Cycle at Phase One” to help organizations reduce likelihood and impact of successful phishing attacks.
---------------------------------------------
https://www.cisa.gov/news-events/news/cisa-nsa-fbi-ms-isac-publish-guide-preventing-phishing-intrusions


∗∗∗ Exploited SSH Servers Offered in the Dark web as Proxy Pools ∗∗∗
---------------------------------------------
Aqua Nautilus researchers have shed brighter light on a long-standing threat to SSH in the context of the cloud. More specifically, the threat actor harnessed our SSH server to be a slave proxy and pass traffic through it.
---------------------------------------------
https://blog.aquasec.com/threat-alert-exploited-ssh-servers-offered-in-the-dark-web-as-proxy-pools



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Casio discloses data breach impacting customers in 149 countries ∗∗∗
---------------------------------------------
Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/casio-discloses-data-breach-impacting-customers-in-149-countries/


∗∗∗ Sophos Firewall: PDF-Passwortschutz der SPX-Funktion umgehbar ∗∗∗
---------------------------------------------
Sophos verteilt aktualisierte Firmware für die Firewalls. Im Secure PDF eXchange können Angreifer den Schutz umgehen und unbefugt PDF-Dateien entschlüsseln.
---------------------------------------------
https://www.heise.de/news/Sophos-Firewall-PDF-Passwortschutz-der-SPX-Funktion-umgehbar-9338226.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (node-babel), Fedora (moodle), Gentoo (mailutils), Oracle (go-toolset:ol8 and java-11-openjdk), Red Hat (ghostscript, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, nghttp2, nodejs:16, nodejs:18, and rhc-worker-script), SUSE (cni, cni-plugins, container-suseconnect, containerd, cups, exim, grub2, helm, libeconf, nodejs18, python3, runc, slurm, supportutils, and tomcat), and Ubuntu (glib2.0, openssl, and vips).
---------------------------------------------
https://lwn.net/Articles/948246/


∗∗∗ ZDI-23-1568: NI Measurement & Automation Explorer Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1568/


∗∗∗ ZDI-23-1567: SolarWinds Access Rights Manager OpenClientUpdateFile Directory Traversal Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1567/


∗∗∗ ZDI-23-1566: SolarWinds Access Rights Manager GetParameterFormTemplateWithSelectionState Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1566/


∗∗∗ ZDI-23-1565: SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1565/


∗∗∗ ZDI-23-1564: SolarWinds Access Rights Manager createGlobalServerChannelInternal Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1564/


∗∗∗ ZDI-23-1563: SolarWinds Access Rights Manager ExecuteAction Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1563/


∗∗∗ ZDI-23-1562: SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1562/


∗∗∗ ZDI-23-1561: SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1561/


∗∗∗ ZDI-23-1560: SolarWinds Access Rights Manager IFormTemplate Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-1560/


∗∗∗ Cisco Catalyst SD-WAN Manager Local File Inclusion Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-lfi-OWLbKUGe


∗∗∗ Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052) ∗∗∗
---------------------------------------------
https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list