[CERT-daily] Tageszusammenfassung - 31.01.2024

Daily end-of-shift report team at cert.at
Wed Jan 31 18:49:57 CET 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 30-01-2024 18:00 − Mittwoch 31-01-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Debian, Ubuntu und mehr: glibc-Schwachstelle ermöglicht Root-Zugriff unter Linux ∗∗∗
---------------------------------------------
Darüber hinaus wurden weitere Schwachstellen in der Gnu-C-Bibliothek aufgedeckt. Eine davon existiert wohl schon seit über 30 Jahren.
---------------------------------------------
https://www.golem.de/news/debian-ubuntu-und-mehr-glibc-schwachstelle-ermoeglicht-root-zugriff-unter-linux-2401-181724.html


∗∗∗ Tracking 15 Years of Qakbot Development ∗∗∗
---------------------------------------------
Qakbot (aka QBot or Pinkslipbot) is a malware trojan that has been used to operate one of the oldest and longest running cybercriminal enterprises. Qakbot has evolved from a banking trojan to a malware implant that can be used for lateral movement and the eventual deployment of ransomware. In August 2023, the Qakbot infrastructure was dismantled by law enforcement. However, just several months later in December 2023, the fifth (and latest) version of Qakbot was released, [...]
---------------------------------------------
https://www.zscaler.com/blogs/security-research/tracking-15-years-qakbot-development


∗∗∗ Ransomware: Online-Tool entschlüsselt unter Umständen BlackCat & Co. ∗∗∗
---------------------------------------------
Stimmen die Voraussetzungen, können Ransomwareopfer auf einer Website Daten entschlüsseln, ohne Lösegeld zu zahlen.
---------------------------------------------
https://www.heise.de/-9614278.html


∗∗∗ A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs ∗∗∗
---------------------------------------------
A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for enterprise defenders. Discovered by a security researcher named Florian and reported to Microsoft, the vulnerability is yet to be patched. In the meantime, the researcher has gotten the go-ahead from the company to publish a PoC exploit.
---------------------------------------------
https://www.helpnetsecurity.com/2024/01/31/windows-event-log-vulnerability/


∗∗∗ Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation ∗∗∗
---------------------------------------------
Update (Jan. 31): We released a follow-up blog post containing additional details from our investigations into this threat, along with more recommendations for defenders. Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more indicators, detections, and information to this blog post as needed.
---------------------------------------------
https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day


∗∗∗ CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers ∗∗∗
---------------------------------------------
Today, CISA and the Federal Bureau of Investigation (FBI) published guidance on Security Design Improvements for SOHO Device Manufacturers as a part of the new Secure by Design (SbD) Alert series that focuses on how manufacturers should shift the burden of security away from customers by integrating security into product design and development.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-and-fbi-release-secure-design-alert-urging-manufacturers-eliminate-defects-soho-routers



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bind9 and glibc), Fedora (ncurses), Gentoo (containerd, libaom, and xorg-server, xwayland), Mageia (python-pillow and zlib), Oracle (grub2 and tomcat), Red Hat (avahi, c-ares, container-tools:3.0, curl, firefox, frr, kernel, kernel-rt, kpatch-patch, libfastjson, libmicrohttpd, linux-firmware, oniguruma, openssh, perl-HTTP-Tiny, python-pip, python-urllib3, python3, rpm, samba, sqlite, tcpdump, thunderbird, tigervnc, and virt:rhel and virt-devel:rhel modules), SUSE (python-Pillow, slurm, slurm_20_02, slurm_20_11, slurm_22_05, slurm_23_02, and xen), and Ubuntu (libde265, linux-nvidia, mysql-8.0, openldap, pillow, postfix, and xorg-server, xwayland).
---------------------------------------------
https://lwn.net/Articles/960248/


∗∗∗ Mattermost security updates 9.4.2 / 9.3.1 / 9.2.5 / 8.1.9 (ESR) released ∗∗∗
---------------------------------------------
We’re informing you about a Mattermost security update, which addresses low- to medium-level severity vulnerabilities. We highly recommend that you apply the update.
---------------------------------------------
https://mattermost.com/blog/mattermost-security-updates-9-4-2-9-3-1-9-2-5-8-1-9-esr-released/


∗∗∗ CISA ICS Advisories ∗∗∗
---------------------------------------------
- Hitron Systems Security Camera DVR 
- Rockwell Automation ControlLogix and GuardLogix 
- Rockwell Automation FactoryTalk Service Platform 
- Rockwell Automation LP30/40/50 and BM40 Operator Interface
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories?f%5B0%5D=advisory_type%3A95&f%5B1%5D=release_date_year%3A2024


∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog ∗∗∗
---------------------------------------------
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. 
CVE-2022-48618 Apple Multiple Products Improper Authentication Vulnerability
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog


∗∗∗ Security Advisory Report - OBSO-2401-03 ∗∗∗
---------------------------------------------
A Command injection vulnerability has been identified in the MyPortal at Work application of Atos OpenScape Business which, if successfully exploited, could allow a malicious actor to execute arbitrary scripts on a client machine. 
The severity is rated high. 
Customers are advised to update the systems with the available fix release.
---------------------------------------------
https://networks.unify.com/security/advisories/OBSO-2401-03.pdf


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Google Chrome: Update schließt vier Sicherheitslücken ∗∗∗
---------------------------------------------
https://www.heise.de/-9613823.html


∗∗∗ SVD-2024-0112: Third-Party Package Updates in Splunk Add-on Builder - January 2024 ∗∗∗
---------------------------------------------
https://advisory.splunk.com//advisories/SVD-2024-0112


∗∗∗ SVD-2024-0111: Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder ∗∗∗
---------------------------------------------
https://advisory.splunk.com//advisories/SVD-2024-0111


∗∗∗ SVD-2024-0110: Session Token Disclosure to Internal Log Files in Splunk Add-on Builder ∗∗∗
---------------------------------------------
https://advisory.splunk.com//advisories/SVD-2024-0110


∗∗∗ The WordPress 6.4.3 Security Update – What You Need to Know ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2024/01/the-wordpress-6-4-3-security-update-what-you-need-to-know/


∗∗∗ Tor Code Audit Finds 17 Vulnerabilities ∗∗∗
---------------------------------------------
https://www.securityweek.com/tor-code-audit-finds-17-vulnerabilities/


∗∗∗ Update #5: Kritische Sicherheitslücken in Ivanti Connect Secure und Ivanti Policy Secure - aktiv ausgenützt - Patches verfügbar ∗∗∗
---------------------------------------------
https://cert.at/de/warnungen/2024/1/kritische-sicherheitslucken-in-ivanti-connect-secure-und-ivanti-policy-secure-aktiv-ausgenutzt


∗∗∗ List of Security Fixes and Improvements in Veeam Backup for Nutanix AHV ∗∗∗
---------------------------------------------
https://www.veeam.com/kb4236

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list