[CERT-daily] Tageszusammenfassung - 17.01.2024

Daily end-of-shift report team at cert.at
Wed Jan 17 18:43:04 CET 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 16-01-2024 18:00 − Mittwoch 17-01-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Jetzt patchen! Vorsicht vor DoS-Angriffen auf Citrix NetScaler ADC und Gateway ∗∗∗
---------------------------------------------
Citrix hat Produkte seiner NetScaler-Serie auf den aktuellen Stand gebracht und gegen laufende Attacken gerüstet.
---------------------------------------------
https://www.heise.de/-9599627.html


∗∗∗ Tausende Geräte kompromittiert durch Ivanti-Sicherheitslücken ∗∗∗
---------------------------------------------
Die Schwachstellen in Ivantis VPN-Software werden massiv angegriffen. IT-Forscher haben tausende kompromittierte Systeme gefunden.
---------------------------------------------
https://www.heise.de/-9599887.html


∗∗∗ LKA warnt vor WhatsApp-Betrugsmasche ∗∗∗
---------------------------------------------
Eine neue Betrugsmasche setzt auf erneutes Kontaktieren von Opfern vorheriger Betrügereien. Davor warnt das LKA Niedersachsen.
---------------------------------------------
https://www.heise.de/-9600403.html


∗∗∗ Apple, AMD, Qualcomm: GPUs mehrerer Hersteller anfällig für Datenklau ∗∗∗
---------------------------------------------
Ein Angriff ist wohl einfach ausführbar und benötigt weniger als 10 Zeilen Code. Abgreifen lassen sich zum Beispiel Unterhaltungen mit KI-Chatbots.
---------------------------------------------
https://www.golem.de/news/apple-amd-qualcomm-gpus-mehrerer-hersteller-anfaellig-fuer-datenklau-2401-181263.html


∗∗∗ GitHub rotates keys to mitigate impact of credential-exposing flaw ∗∗∗
---------------------------------------------
GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/github-rotates-keys-to-mitigate-impact-of-credential-exposing-flaw/


∗∗∗ PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions ∗∗∗
---------------------------------------------
The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code.
---------------------------------------------
https://thehackernews.com/2024/01/pax-pos-terminal-flaw-could-allow.html


∗∗∗ Whats worse than paying an extortion bot that auto-pwned your database? ∗∗∗
---------------------------------------------
Paying one that lied to you and only saved the first 20 rows of each table
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2024/01/17/extortion_bot_is_autopwning_postgresql/


∗∗∗ Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin ∗∗∗
---------------------------------------------
On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript that will be executed whenever a user accesses an injected page.
---------------------------------------------
https://www.wordfence.com/blog/2024/01/website-takeover-campaign-takes-advantage-of-unauthenticated-cross-site-scripting-vulnerability-in-popup-builder-plugin/


∗∗∗ Vorsicht vor versteckten Kosten auf prosperi.academy! ∗∗∗
---------------------------------------------
Investieren für alle zugänglich zu machen. So lautet die Mission der Prosperi Academy, die derzeit auf Facebook und Instagram kräftig die Werbetrommel rührt. Mit Hilfe der Prosperi Plattform sollen Interessierte die wichtigsten Begriffe und Regeln rund ums Investieren lernen und zusätzliche Einnahmequellen entdecken. Doch wer sich entscheidet, Prosperi zu testen, muss mit versteckten Kosten rechnen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-versteckten-kosten-auf-prosperiacademy/


∗∗∗ Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 ∗∗∗
---------------------------------------------
Ivanti VPNs can be exploited by CVE-2023-46805 (High severity) and CVE-2024-21887 (Critical severity), chained together to run commands without authentication.
---------------------------------------------
https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2023-46805-cve-2024-21887/


∗∗∗ The 7 deadly cloud security sins and how SMBs can do things better ∗∗∗
---------------------------------------------
By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk
---------------------------------------------
https://www.welivesecurity.com/en/business-security/7-deadly-cloud-security-sins-smb/


∗∗∗ Countdown für die NIS2-Richtline läuft​ ∗∗∗
---------------------------------------------
Zahlreiche Unternehmen müssen die NIS2-Richtlinie umsetzen. EU-Direktive schreibt strenge Maßnahmen zur Gewährleistung der Cybersicherheit vor.
---------------------------------------------
https://www.zdnet.de/88413795/countdown-fuer-die-nis2-richtline-laeuft%e2%80%8b/


∗∗∗ CISA Adds Three Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. 
- CVE-2023-6549 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability 
- CVE-2023-6548 Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability 
- CVE-2024-0519 Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/01/17/cisa-adds-three-known-exploited-vulnerabilities-catalog


∗∗∗ Static Code Analysis: Why Your Company’s Reputation Depends On It ∗∗∗
---------------------------------------------
Static application security testing (SAST) solutions provide organizations with peace of mind that their applications are secure. But SAST platforms differ from each other. A SAST tool that meets developers where they are can make AppSec team’s lives much easier, and significantly enhance the organization’s ability to defend itself from code vulnerabilities in the SDLC. This comprehensive guide covers all aspects of Static Application Security Testing, on your journey to choosing a SAST tool and vendor.
---------------------------------------------
https://checkmarx.com/appsec-knowledge-hub/sast/static-code-analysis-why-your-company-reputation-depends-on-it/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ MOVEit Transfer Service Pack (January 2024) ∗∗∗
---------------------------------------------
This article contains the details of the specific updates within the MOVEit Transfer January 2024 Service Pack. The Service Pack contains fixes for (1) newly disclosed CVE described below. Progress Software highly recommends you apply this Service Pack for product updates and security improvements. For Service Pack content, please review the Service Pack Release Notes and this knowledgebase article carefully.
---------------------------------------------
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024


∗∗∗ MOVEit Automation Service Pack (January 2024) ∗∗∗
---------------------------------------------
As of January 17, 2024, the MOVEit Automation Service Pack is available for download from the Progress Download Center at https://community.progress.com/s/products-list using your Progress ID credentials. Progress Software highly recommends you apply this Service Pack for product updates and security improvements. For Service Pack content, please review the Service Pack Release Notes and this knowledgebase article carefully.
---------------------------------------------
https://community.progress.com/s/article/MOVEit-Automation-Service-Pack-January-2024


∗∗∗ Google Chrome: Sicherheitslücke wird in freier Wildbahn ausgenutzt ∗∗∗
---------------------------------------------
Google aktualisiert den Webbrowser Chrome. Das Update schließt hochriskante Sicherheitslücken. Eine davon wird bereits missbraucht.
---------------------------------------------
https://www.heise.de/-9599575.html


∗∗∗ Critical Patch Update: Oracle veröffentlicht 389 Sicherheitsupdates ∗∗∗
---------------------------------------------
Oracle hat in seinem Quartalsupdate unter anderem Banking Enterprise, MySQL und Solaris gegen mögliche Angriffe abgesichert.
---------------------------------------------
https://www.heise.de/-9600083.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (zabbix), Gentoo (OpenJDK), Red Hat (kernel), Slackware (gnutls and xorg), SUSE (cloud-init, kernel, xorg-x11-server, and xwayland), and Ubuntu (freeimage, postgresql-10, and xorg-server, xwayland).
---------------------------------------------
https://lwn.net/Articles/958497/


∗∗∗ 2024-01-10: Cyber Security Advisory - AC500 V3 Multiple DoS vulnerabilities ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=3ADR011264&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ K000138178 : Apache Tomcat vulnerability CVE-2023-42795 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000138178


∗∗∗ K000138242 : OpenSSL vulnerability CVE-2023-5678 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000138242

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list