[CERT-daily] Tageszusammenfassung - 04.09.2023
Daily end-of-shift report
team at cert.at
Mon Sep 4 18:16:12 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 01-09-2023 18:00 − Montag 04-09-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Chrome extensions can steal plaintext passwords from websites ∗∗∗
---------------------------------------------
A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a websites source code.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/chrome-extensions-can-steal-plaintext-passwords-from-websites/
∗∗∗ New ‘YouPorn’ sextortion scam threatens to leak your sex tape ∗∗∗
---------------------------------------------
A new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-youporn-sextortion-scam-threatens-to-leak-your-sex-tape/
∗∗∗ Yes, theres an npm package called @(-.-)/env and some others like it ∗∗∗
---------------------------------------------
Strangely named npm packages like -, @!-!/-, @(-.-)/env, and --hepl continue to exist on the internets largest software registry. While not all of these may necessarily pose an obvious security risk, some were named before npm enforced naming guidelines and could potentially break tooling.
---------------------------------------------
https://www.bleepingcomputer.com/news/technology/yes-theres-an-npm-package-called-env-and-some-others-like-it/
∗∗∗ PoC Exploit Released for Critical VMware Arias SSH Auth Bypass Vulnerability ∗∗∗
---------------------------------------------
Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.
---------------------------------------------
https://thehackernews.com/2023/09/poc-exploit-released-for-critical.html
∗∗∗ Webinar: Betrugsfallen im Internet erkennen ∗∗∗
---------------------------------------------
Wie schütze ich mich vor Internetkriminalität? Wie kann ich einen Fake Shop von einem seriösen Online-Shop unterscheiden? Wo lauern die dreistesten Abo-Fallen? Wie verschaffen sich Kriminelle Zugang zu meinen Daten? Das Webinar informiert über gängige Betrugsfallen im Internet und hilft, diese zu erkennen. Nehmen Sie kostenlos teil: Dienstag 12. September 2023, 18:30 - 20:00 Uhr via zoom
---------------------------------------------
https://www.watchlist-internet.at/news/webinar-betrugsfallen-im-internet-erkennen/
∗∗∗ Neue Phishing-Mails im Namen der ÖGK und des Finanzamtes unterwegs ∗∗∗
---------------------------------------------
Aktuell sind zwei neue Phishing-Mails im Umlauf. In der einen geben sich Kriminelle als Österreichische Gesundheitskasse (ÖGK) aus und behaupten, dass Sie eine Erstattung erhalten. Im anderen Mail wird Ihnen im Namen von FinanzOnline eine Erhöhung der Rente versprochen. Beide Mails fordern Sie auf, auf einen Link zu klicken. Ignorieren Sie diese Mails. Kriminelle stehlen damit Ihre Bankdaten.
---------------------------------------------
https://www.watchlist-internet.at/news/neue-phishing-mails-im-namen-der-oegk-und-des-finanzamtes-unterwegs/
∗∗∗ Decryptor für Key Group Ransomware verfügbar ∗∗∗
---------------------------------------------
Sicherheitsforscher von ElectricIQ haben in den Routinen der Key Group Ransomware eine Schwachstelle entdeckt, die es ermöglichte, Entschlüsselungs-Tools zur Wiederherstellung verschlüsselter Dateien zu entwickeln.
---------------------------------------------
https://www.borncity.com/blog/2023/09/03/decryptor-fr-key-group-ransomware-verfgbar/
∗∗∗ Firmware-Updates: Surface Laptop 4 und Surface Duo ∗∗∗
---------------------------------------------
Microsoft hat zum 31. August 2023 ein Firmware-Update für seinen Surface Laptop 4 veröffentlicht, welches Sicherheitsprobleme und ein Lade-Problem beheben soll. Zudem gibt es wohl das (vermutlich) letzte Firmware-Update für das Smartphone Surface Duo.
---------------------------------------------
https://www.borncity.com/blog/2023/09/03/firmware-updates-surface-laptop-4-und-surface-duo/
=====================
= Vulnerabilities =
=====================
∗∗∗ Tinycontrol LAN Controller v3 (LK3) Remote Admin Password Change ∗∗∗
---------------------------------------------
The application suffers from an insecure access control allowing an unauthenticated attacker to change accounts passwords and bypass authentication gaining panel control access.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5787.php
∗∗∗ Tinycontrol LAN Controller v3 (LK3) Remote Credentials Extraction PoC ∗∗∗
---------------------------------------------
An unauthenticated attacker can retrieve the controllers configuration backup file and extract sensitive information that can allow him/her/them to bypass security controls and penetrate the system in its entirety.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5786.php
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (thunderbird), Fedora (firefox, kernel, kubernetes, and mediawiki), Mageia (openldap), SUSE (terraform), and Ubuntu (atftp, busybox, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/943492/
∗∗∗ Mattermost security updates 8.1.1 (ESR) / 8.0.2 / 7.8.10 (ESR) released ∗∗∗
---------------------------------------------
We’re informing you about a Mattermost security update, which addresses low- to medium-level severity vulnerabilities. We highly recommend that you apply the update. The security update is available for Mattermost dot releases 8.1.1 (Extended Support Release), 8.0.2, and 7.8.10 (Extended Support Release), for both Team Edition and Enterprise Edition.
---------------------------------------------
https://mattermost.com/blog/mattermost-security-updates-8-1-1-esr-8-0-2-7-8-10-esr-released/
∗∗∗ Sicherheitslücken (CVE-2023-40481, CVE-2023-31102) in 7-ZIP; Fix in Version 23.00 (August 2023) ∗∗∗
---------------------------------------------
Kurzer Nachtrag vom Ende August 2023. Im Programm 7-Zip, welches zum Packen und Entpacken von ZIP-Archivdateien eingesetzt wird, haben Sicherheitsforscher gleich zwei Schwachstellen gefunden. Die Schwachstellen CVE-2023-40481 und CVE-2023-31102 werden vom Sicherheitsaspekt als hoch riskant eingestuft [..] Beide Schwachstellen wurden am 21. November 2022 an die 7-ZIP-Entwickler gemeldet und laut der Zero-Day-Initiative vom 23. August 2023 mit einem Update der Software auf die Version 23.00 (damals noch Beta) geschlossen.
---------------------------------------------
https://www.borncity.com/blog/2023/09/03/sicherheitslcken-cve-2023-40481-cve-2023-31102-in-7-zip-fix-in-version-23-00-august-2023/
∗∗∗ IBM MQ Explorer is affected by vulnerabilities in Eclipse Jetty (CVE-2023-26048, CVE-2023-26049) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027923
∗∗∗ IBM MQ is affected by a denial of service vulnerability in OpenSSL (CVE-2023-2650) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027922
∗∗∗ Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Maximo Application Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030429
∗∗∗ IBM Security Verify Information Queue has multiple information exposure vulnerabilities (CVE-2023-33833, CVE-2023-33834, CVE-2023-33835) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7029584
∗∗∗ IBM Sterling Connect:Direct Browser User Interface vulnerable to remote code execution due to IBM Java (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030442
∗∗∗ IBM Sterling Connect:Direct Web Services is vulnerable to remote code execution due to IBM Java (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030443
∗∗∗ The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server traditional is vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030450
∗∗∗ The IBM Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to denial of service (CVE-2023-38737) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030449
∗∗∗ The IBM Engineering Lifecycle Engineering product using IBM\u00ae SDK, Java\u2122 Technology Edition is affected by multiple vulnerabilities (CVE-2023-22045, CVE-2023-22049) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030448
∗∗∗ IBM Event Endpoint Management is vulnerable to a denial of service in Netty (CVE-2023-34462) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030456
∗∗∗ A vulnerability has been identified in IBM WebSphere Application Server Liberty profile shipped with IBM Business Automation Workflow CVE-2023-38737) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030458
∗∗∗ A vulnerability found in IBM WebSphere Application Server Liberty which is shipped with IBM\u00ae Intelligent Operations Center(CVE-2022-34165) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030460
∗∗∗ IBM Cloud Pak for Network Automation 2.6 addresses multiple security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030469
∗∗∗ Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030462
∗∗∗ Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030461
∗∗∗ IBM Cloud Pak for Network Automation 2.6.1 fixes multiple security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030470
∗∗∗ Multiple vulnerabilities may affect IBM SDK, Java\u2122 Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030463
∗∗∗ CVE-2022-40609 may affect Java Technology Edition used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030466
∗∗∗ CVE-2023-34149 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030464
∗∗∗ CVE-2023-34396 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030465
∗∗∗ IBM Java SDK update forJava deserialization filters (JEP 290) ignored during IBM ORB deserialization ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030522
∗∗∗ The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to Apache Johnzon (CVE-2023-33008) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030531
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list