[CERT-daily] Tageszusammenfassung - 02.01.2024
Daily end-of-shift report
team at cert.at
Tue Jan 2 18:11:16 CET 2024
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 29-12-2023 18:00 − Dienstag 02-01-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK ∗∗∗
---------------------------------------------
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information.
---------------------------------------------
https://thehackernews.com/2023/12/cert-ua-uncovers-new-malware-wave.html
∗∗∗ Neue Lücke in altem E-Mail-Protokoll: SMTP smuggling ∗∗∗
---------------------------------------------
Sicherheitsforscher haben eine Schwäche im Simple Mail Transfer Protocol (SMTP) entdeckt. Sie hebt das Fälschen des Absenders auf ein neues Niveau.
---------------------------------------------
https://www.heise.de/-9584467
∗∗∗ Ransomware: Fehler in Black-Basta-Programmierung ermöglicht Entschlüsselungstool ∗∗∗
---------------------------------------------
Unter bestimmten Bedingungen kann das kostenlose Entschlüsselungstool Black Basta Buster Opfern des Erpressungstrojaners Black Basta helfen.
---------------------------------------------
https://www.heise.de/-9584846
∗∗∗ New DLL Search Order Hijacking Technique Targets WinSxS Folder ∗∗∗
---------------------------------------------
Attackers can abuse a new DLL search order hijacking technique to execute code in applications within the WinSxS folder.
---------------------------------------------
https://www.securityweek.com/new-dll-search-order-hijacking-technique-targets-winsxs-folder/
∗∗∗ Domain (in)security: the state of DMARC ∗∗∗
---------------------------------------------
This blog discusses the state of DMARC, the role that DMARC plays in email authentication, and why it should be a key component of your email security solution.
---------------------------------------------
https://www.bitsight.com/blog/domain-insecurity-state-dmarc
=====================
= Vulnerabilities =
=====================
∗∗∗ Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise ∗∗∗
---------------------------------------------
In this post I describe the 18 vulnerabilities that I discovered in PandoraFMS Enterprise v7.0NG.767 available at https://pandorafms.com. PandoraFMS is an enterprise scale network monitoring and management application which provides systems administrators with a central ‘hub’ to monitor and manipulate the state of computers (agents) deployed across the network.
---------------------------------------------
https://research.nccgroup.com/2024/01/02/technical-advisory-multiple-vulnerabilities-in-pandorafms-enterprise/
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ansible, asterisk, cjson, firefox-esr, kernel, libde265, libreoffice, libspreadsheet-parseexcel-perl, php-guzzlehttp-psr7, thunderbird, tinyxml, and xerces-c), Fedora (podman-tui, proftpd, python-asyncssh, squid, and xerces-c), Mageia (libssh and proftpd), and SUSE (deepin-compressor, gnutls, gstreamer, libreoffice, opera, proftpd, and python-pip).
---------------------------------------------
https://lwn.net/Articles/956521/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Gentoo (Joblib), Red Hat (firefox and thunderbird), SUSE (gstreamer-plugins-bad, libssh2_org, and webkit2gtk3), and Ubuntu (firefox and thunderbird).
---------------------------------------------
https://lwn.net/Articles/956568/
∗∗∗ Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7103673
∗∗∗ Multiple vulnerabilities affect IBM Storage Scale Hadoop Connector ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7104389
∗∗∗ IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7104391
∗∗∗ IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7104390
∗∗∗ Vulnerabilities in Apache Ant affect IBM Operations Analytics - Log Analysis (CVE-2020-11023, CVE-2020-23064, CVE-2020-11022) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7104401
∗∗∗ Multiple vulnerabilities in Golang Go affect Cloud Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7037900
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list