[CERT-daily] Tageszusammenfassung - 15.01.2024
Daily end-of-shift report
team at cert.at
Mon Jan 15 18:45:50 CET 2024
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 12-01-2024 18:00 − Montag 15-01-2024 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ 2FA war wohl inaktiv: Aufarbeitung des Angriffs auf X-Konto der SEC gefordert ∗∗∗
---------------------------------------------
Die SEC hatte es wohl versäumt, die Zwei-Faktor-Authentifizierung ihres X-Accounts zu aktivieren. Einige US-Senatoren halten dies für "unentschuldbar".
---------------------------------------------
https://www.golem.de/news/2fa-war-wohl-inaktiv-aufarbeitung-des-angriffs-auf-x-konto-der-sec-gefordert-2401-181141.html
∗∗∗ Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage of a feature called My Flow [...]
---------------------------------------------
https://thehackernews.com/2024/01/opera-myflaw-bug-could-let-hackers-run.html
∗∗∗ Cybersecurity Alert - Self-Service Password Reset ∗∗∗
---------------------------------------------
Effective controls are essential to authenticate users who access your information systems. As configured by some organizations, applications or features that allow users to reset passwords themselves, do not securely authenticate users. If your organization uses, or is considering using, these features (commonly referred to as self-service password reset or SSPR), please review the information below.
---------------------------------------------
https://www.dfs.ny.gov/industry_guidance/industry_letters/il20240112_cyber_alert_self_service_pw_reset
∗∗∗ Nvidia-Updates schließen kritische Sicherheitslücken in KI-Systemen ∗∗∗
---------------------------------------------
Nvidia hat aktualisierte Firmware für die KI-Systeme DGX A100 und H100 veröffentlicht. Sie dichtet kritische Sicherheitslecks ab.
---------------------------------------------
https://www.heise.de/-9597460.html
∗∗∗ Vorsicht vor gefälschten FinanzOnline-E-Mails ∗∗∗
---------------------------------------------
„Bitte überprüfen Sie Ihre Angaben zur zusätzlichen Verpflichtung“ lautet der Betreff eines betrügerischen E-Mails angeblich von FinanzOnline. Im Mail wird behauptet, dass sich in Ihrem Briefkasten ein Dokument befindet. Dieses können Sie über einen Link aufrufen. Wenn Sie auf den Link klicken, landen Sie auf einer gefälschten FinanzOnline-Login-Seite.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-finanzonline-e-mails/
∗∗∗ Microsoft SharePoint Server: RCE-Schwachstelle CVE-2024-21318 patchen, und alte CVE-2023-29357 wird angegriffen ∗∗∗
---------------------------------------------
Noch ein Nachtrag vom Januar 2024-Patchday zu Microsoft SharePoint Server. Ich hatte in den Patchday-Artikeln die SharePoint Server RCE-Schwachstelle CVE-2024-21318 angesprochen. Diese wurde mit den Sicherheitsupdates vom 9. Januar 2023 geschlossen. Es gibt eine zweite, bereits im Juni 2023 geschlossene, Elevation of Privilege-Schwachstelle CVE-2023-29357, für die ein Exploit bekannt ist. Die US CISA hat eine Warnung veröffentlicht, weil inzwischen Angriffe auf die RCE-Schwachstelle beobachtet wurden.
---------------------------------------------
https://www.borncity.com/blog/2024/01/13/microsoft-sharepoint-server-rce-schwachstelle-cve-2024-21318-patchen-und-alte-cve-2023-29357-wird-angegriffen/
∗∗∗ Bitdefender findet Schwachstellen in Bosch BCC100-Thermostaten ∗∗∗
---------------------------------------------
Kleiner Nachtrag von dieser Woche, denn der Sicherheitsanbieter Bitdefender hat mich darüber informiert, dass Sicherheitsforscher in seinen Labs Schwachstellen in Bosch BCC100-Thermostaten gefunden haben. Hacker können solche intelligenten Thermostate über diese Schwachstellen unter ihre Kontrolle bringen und sich einen Zugriff auf Smart-Home-Netzwerke verschaffen.
---------------------------------------------
https://www.borncity.com/blog/2024/01/14/bitdefender-findet-schwachstellen-in-bosch-bcc100-thermostaten/
∗∗∗ Deobfuscating Android ARM64 strings with Ghidra: Emulating, Patching, and Automating ∗∗∗
---------------------------------------------
In a recent engagement I had to deal with some custom encrypted strings inside an Android ARM64 app. I had a lot of fun reversing the app and in the process I learned a few cool new techniques which are discussed in this writeup. This is mostly a beginner guide which explains step-by-step how you [...]
---------------------------------------------
https://blog.nviso.eu/2024/01/15/deobfuscating-android-arm64-strings-with-ghidra-emulating-patching-and-automating/
=====================
= Vulnerabilities =
=====================
∗∗∗ OpenSSL Security Advisory - Excessive time spent checking invalid RSA public keys (CVE-2023-6237) ∗∗∗
---------------------------------------------
Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service.
---------------------------------------------
https://www.openssl.org/news/secadv/20240115.txt
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (bind, cups, curl, firefox, ipa, iperf3, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, linux-firmware, open-vm-tools, openssh, postgresql, python, python3, squid, thunderbird, tigervnc, and xorg-x11-server), Fedora (chromium, python-flask-security-too, and tkimg), Gentoo (libgit2, Opera, QPDF, and zlib), Mageia (chromium-browser-stable, gnutls, openssh, packages, and vlc), Oracle (.NET 6.0, fence-agents, frr, ipa, kernel, nss, pixman, and tomcat), and SUSE (gstreamer-plugins-bad).
---------------------------------------------
https://lwn.net/Articles/958315/
∗∗∗ Mattermost security updates 9.2.4 / 9.1.5 / 8.1.8 (ESR) released ∗∗∗
---------------------------------------------
We’re informing you about a Mattermost security update, which addresses low- to medium-level severity vulnerabilities. We highly recommend that you apply the update. The security update is available for Mattermost dot releases 9.2.4, 9.1.5, and 8.1.8 (Extended Support Release) for both Team Edition and Enterprise Edition.
---------------------------------------------
https://mattermost.com/blog/mattermost-security-updates-9-2-4-9-1-5-8-1-8-esr-released/
∗∗∗ CVE-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability ∗∗∗
---------------------------------------------
Revised the Security Updates table as follows: Added PowerShell 7.2, PowerShell 7.3, and PowerShell 7.4 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/72](https://github.com/PowerShell/Announcements/issues/72) for more information. Corrected Download and Article links for .NET Framework 3.5 and 4.8.1 installed on Windows 10 version 22H2.
---------------------------------------------
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057
∗∗∗ ZDI-24-073: Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-24-073/
∗∗∗ ZDI-24-072: Synology RT6600ax Qualcomm LDB Service Improper Input Validation Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-24-072/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ K000138219 : libssh2 vulnerability CVE-2020-22218 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000138219
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list