[CERT-daily] Tageszusammenfassung - 20.09.2023
Daily end-of-shift report
team at cert.at
Wed Sep 20 18:32:31 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 19-09-2023 18:00 − Mittwoch 20-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Gitlab warnt vor kritischer Sicherheitslücke ∗∗∗
---------------------------------------------
Eine kritische Sicherheitslücke bedroht die Enterprise-Anwender des Repository-Diensts Gitlab. Kunden sollten unverzüglich ein Update einspielen.
---------------------------------------------
https://www.heise.de/-9311249.html
∗∗∗ Atlassian stopft Sicherheitslecks in Bitbucket, Confluence und Jira ∗∗∗
---------------------------------------------
Atlassian warnt vor Sicherheitslücken in Bitbucket, Confluence und Jira. Aktualisierte Fassungen dichten sie ab.
---------------------------------------------
https://www.heise.de/-9311520.html
∗∗∗ Trend Micro: Update schließt ausgenutzte, kritische Schwachstelle CVE-2023-41179 ∗∗∗
---------------------------------------------
Kurzer Hinweis für Nutzer und Administratoren von Trend Micro die Sicherheitsprodukte Apex One und Worry-Free Business Security unter Windows einsetzen. In den Produkten gibt es eine kritische Sicherheitslücke (CVE-2023-41179), die bereits in freier Wildbahn ausgenutzt wird. Der Hersteller bietet aber [...]
---------------------------------------------
https://www.borncity.com/blog/2023/09/20/trend-micro-notfall-update-schliet-ausgenutzte-kritische-schwachstelle-cve-2023-41179/
∗∗∗ Analyzing a Modern In-the-wild Android Exploit ∗∗∗
---------------------------------------------
In December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG’s blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the [...]
---------------------------------------------
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
∗∗∗ Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far: [...]
---------------------------------------------
https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html
∗∗∗ The mystery of the CVEs that are not vulnerabilities ∗∗∗
---------------------------------------------
Researchers have raised the alarm about a large set of CVE for older bugs that never were vulnerabilities.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2023/09/the-mystery-of-the-cves-that-are-not-vulnerabilities
∗∗∗ Shodan Verified Vulns 2023-09-01 ∗∗∗
---------------------------------------------
Mit Stand 2023-09-01 sieht Shodan in Österreich die folgenden Schwachstellen: [...] In diesem Monat folgen die Schwachstellen in den unteren zwei Dritteln wieder dem Abwärtstrend und nähern sich der Nullmarke oder haben diese bereits erreicht. Im oberen Drittel ist im Gegensatz zu den Vormonaten ein leichter Anstieg bei FREAK (CVE-2015-0204) (+131) und Logjam (CVE-2015-4000) (+63) zu verzeichnen.
---------------------------------------------
https://cert.at/de/aktuelles/2023/9/shodan-verified-vulns-2023-09-01
∗∗∗ #StopRansomware: Snatch Ransomware ∗∗∗
---------------------------------------------
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more [...]
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a
∗∗∗ Attacker Unleashes Stealthy Crypto Mining via Malicious Python Package ∗∗∗
---------------------------------------------
Recently, our team came across a Python package named “culturestreak”. A closer look reveals a darker purpose: unauthorized cryptocurrency mining. Let’s break down how “culturestreak” operates, its potential impact, and the broader implications for user security and ethical [...]
---------------------------------------------
https://checkmarx.com/blog/attacker-unleashes-stealthy-crypto-mining-via-malicious-python-package/
∗∗∗ Protect CNC Machines in Networked IT/OT Environments ∗∗∗
---------------------------------------------
Networking IT/OT environments is a bit like walking a tightrope, balancing the pursuit of intelligence and efficiency against the risks of exposing OT systems to the wider world. Trend Micro recently teamed up with global machine tool company Celada to identify specific risks associated with industrial CNC machines—and how to mitigate them.
---------------------------------------------
https://www.trendmicro.com/en_us/ciso/23/i/cnc-machine-security.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Critical Security Flaws Exposed in Nagios XI Network Monitoring Software ∗∗∗
---------------------------------------------
Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, [...]
---------------------------------------------
https://thehackernews.com/2023/09/critical-security-flaws-exposed-in.html
∗∗∗ Xen Security Advisory CVE-2023-34322 / XSA-438 ∗∗∗
---------------------------------------------
top-level shadow reference dropped too early for 64-bit PV guests | Impact: Privilege escalation, Denial of Service (DoS) affecting the entire host, and information leaks all cannot be ruled out.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-438.html
∗∗∗ IBM Security Guardium is affected by several vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7007815
∗∗∗ IBM Security Guardium is affected by an SQL Injection vulnerability (CVE-2023-33852) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028514
∗∗∗ IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6981101
∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-30435, CVE-2023-30436, CVE-2023-30437) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028506
∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028511
∗∗∗ IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2022-43904) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7028509
∗∗∗ IBM Security Guardium is affected by an Hazardous Input Validation vulnerability (CVE-2022-43903) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7030110
∗∗∗ IBM Storage Protect is vulnerable to a remote attack due to Java ( CVE-2023-21967 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7034474
∗∗∗ IBM Storage Protect is vulnerable to deserialization issues due to Java ( CVE-2022-40609 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7034467
∗∗∗ Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7035336
∗∗∗ IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to IBM MQ (CVE-2023-28513). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7035334
∗∗∗ The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7035367
∗∗∗ A vulnerability in python-request affects IBM Robotic Process Automation for Cloud Pak and may result in an attacker obtaining sensitive information (CVE-2023-32681) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7034002
∗∗∗ A vulnerability in gRPC may affect IBM Robotic Process Automation and result in an attacker obtaining sensitive information. (CVE-2023-32731) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7034007
∗∗∗ A vulnerability in Apache Johnzon may affect IBM Robotic Process Automation and result in a denial of service (CVE-2023-33008) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7034006
∗∗∗ A vulnerability in Microsoft ASP.NET Core may affect IBM Robotic Process Automation and result in an exposure of sensitive information (CVE-2023-35391). ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7034005
∗∗∗ IBM Security Guardium is affected by a Command injection in CLI vulnerability [CVE-2023-35893] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7027853
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list