[CERT-daily] Tageszusammenfassung - 19.09.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 18-09-2023 18:00 − Dienstag 19-09-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Jetzt patchen! Tausende Juniper-Firewalls immer noch ohne Sicherheitsupdate ∗∗∗
---------------------------------------------
Aufgrund eines neuen Exploits sind Attacken auf Juniper-Firewalls jetzt noch einfacher. Sicherheitspatches sind verfügbar.
---------------------------------------------
https://www.heise.de/news/Jetzt-patchen-Tausende-Juniper-Firewalls-immer-noch-ohne-Sicherheitsupdate-9309664.html


∗∗∗ Bumblebee malware returns in new attacks abusing WebDAV folders ∗∗∗
---------------------------------------------
The malware loader Bumblebee has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/bumblebee-malware-returns-in-new-attacks-abusing-webdav-folders/


∗∗∗ Security baseline for Microsoft Edge version 117 ∗∗∗
---------------------------------------------
Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode (Added)
---------------------------------------------
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-117/ba-p/3930862


∗∗∗ Härtung des Dateitransfers: Microsoft sichert das SMB-Protokoll ab ∗∗∗
---------------------------------------------
Mit zwei Maßnahmen sichert Microsoft sowohl die SMB Client- als auch die Serverseite besser ab. Wir zeigen, worauf Administratoren achten müssen.
---------------------------------------------
https://www.heise.de/news/Haertung-des-Dateitransfers-Microsoft-sichert-das-SMB-Protokoll-ab-9309870.html


∗∗∗ CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks ∗∗∗
---------------------------------------------
The US cybersecurity agency CISA says four vulnerabilities found last year in Owl Labs video conferencing devices — flaws that require the attacker to be in close range of the target — have been exploited in attacks.
---------------------------------------------
https://www.securityweek.com/cisa-says-owl-labs-vulnerabilities-requiring-close-physical-range-exploited-in-attacks/


∗∗∗ Fake-Shop-Trends im Herbst und Winter ∗∗∗
---------------------------------------------
Warme Jacken, Skianzüge und Regenstiefel haben wieder Saison. Auch die Nachfrage nach Pellets und Holz steigt langsam wieder. Das wissen auch Kriminelle und stellen ihre Fake-Shops auf Herbst- und Winterangebote um. Wir zeigen Ihnen, welche Fake-Shop-Trends es gerade gibt und wie Sie sich vor betrügerischen Angeboten schützen.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-shop-trends-im-herbst-und-winter/


∗∗∗ Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT ∗∗∗
---------------------------------------------
Researchers should be aware of threat actors repurposing older proof of concept (PoC) code to quickly craft a fake PoC for a newly released vulnerability. On Aug. 17, 2023, the Zero Day Initiative publicly reported a remote code execution (RCE) vulnerability in WinRAR tracked as CVE-2023-40477. They had disclosed it to the vendor on June 8, 2023. Four days after the public reporting of CVE-2023-40477, an actor using an alias of whalersplonk committed a fake PoC script to their GitHub repository.
---------------------------------------------
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346) ∗∗∗
---------------------------------------------
VxWorks is a real-time operating system used in many embedded devices in high-availability environments with high safety and security requirements. This includes important industrial, medical, airospace, networking and automotive devices. For example, NASAs Curiosity rover currently deployed on planet Mars is using Wind Rivers VxWorks operating system.
---------------------------------------------
https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/


∗∗∗ SolarWinds Platform 2023.3.1 Release Notes ∗∗∗
---------------------------------------------
SolarWinds Platform 2023.3.1 is a service release providing bug and security fixes for release 2023.3. For information about the 2023.3 release, including EOL notices and upgrade information, see SolarWinds Platform 2023.3 Release Notes.
---------------------------------------------
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, flac, gnome-shell, libwebp, openjdk-11, and xrdp), Fedora (giflib), Oracle (kernel), Red Hat (busybox, dbus, firefox, frr, kpatch-patch, libwebp, open-vm-tools, and thunderbird), Slackware (netatalk), SUSE (flac, gcc12, kernel, libeconf, libwebp, libxml2, and thunderbird), and Ubuntu (binutils, c-ares, libraw, linux-intel-iotg, nodejs, python-django, and vsftpd).
---------------------------------------------
https://lwn.net/Articles/944848/


∗∗∗ Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products ∗∗∗
---------------------------------------------
Trend Micro on Tuesday released an advisory to warn customers that a critical vulnerability affecting Apex One and other endpoint security products has been exploited in the wild.
---------------------------------------------
https://www.securityweek.com/trend-micro-patches-exploited-zero-day-vulnerability-in-endpoint-security-products/


∗∗∗ Spring Security 5.8.7, 6.0.7, 6.1.4, 6.2.0-M1 Released, including fixes for CVE-2023-34042 ∗∗∗
---------------------------------------------
https://spring.io/blog/2023/09/18/spring-security-5-8-7-6-0-7-6-1-4-6-2-0-m1-released-including-fixes-for-cve


∗∗∗ Spring for GraphQL 1.0.5, 1.1.6, 1.2.3 released ∗∗∗
---------------------------------------------
https://spring.io/blog/2023/09/19/spring-for-graphql-1-0-5-1-1-6-1-2-3-released


∗∗∗ Zyxel security advisory for command injection vulnerability in EMG2926-Q10A Ethernet CPE ∗∗∗
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe


∗∗∗ PHOENIX CONTACT: Multiple products affected by WIBU Codemeter Vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-030/


∗∗∗ Omron CJ/CS/CP Series ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05


∗∗∗ Omron Engineering Software ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04


∗∗∗ Omron Engineering Software Zip-Slip ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-03


∗∗∗ Vulnerabilities in Bash affect ProtecTIER (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/690049


∗∗∗ Multiple vulnerabilities in OpenSSL affect ProtecTIER ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/691201


∗∗∗ Multiple vulnerabilities in Samba – including Badlock – affect ProtecTIER ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/691257


∗∗∗ Vulnerability in Linux Kernel affects ProtecTIER: Dirty COW vulnerability (CVE-2016-5195) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/696401


∗∗∗ Vulnerability in glibc library affects ProtecTIER(CVE-2014-5119) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/690187


∗∗∗ Vulnerability in OpenSSL affects ProtecTIER (CVE-2016-2108) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/695443


∗∗∗ IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7000021


∗∗∗ IBM Storage Protect Operations Center is vulnerable to denial of service due to Websphere Application Server Liberty ( CVE-2023-28867 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7034039


∗∗∗ IBM Storage Protect Server is vulnerable to denial of service and other attacks due to Db2 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7034037


∗∗∗ Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7034198


∗∗∗ Vulnerabilities in Linux kernel and Python can affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7034265


∗∗∗ IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules tough-cookie and semver (CVE-2023-26136, CVE-2022-25883). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7031733


∗∗∗ A vulnerability in the Administrative command line client affects IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2023-40368) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7034288

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily