End-of-Day report
Timeframe: Montag 02-10-2023 18:00 - Dienstag 03-10-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
AVM: Fritzbox-Schwachstelle wohl ohne Fernzugriff ausnutzbar
Seit Anfang September verteilt AVM Sicherheitsupdates für die Fritzbox. Inzwischen gibt es weitere Informationen zur gepatchten Schwachstelle.
https://www.golem.de/news/avm-fritzbox-schwachstelle-wohl-ohne-fernzugriff-ausnutzbar-2310-178153.html
Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)
Researchers have identified the exfiltration infrastructure of a LockBit affiliate while investigating a LockBit extortion incident that occurred in Q3 2023.
https://securityaffairs.com/151862/breaking-news/exfiltration-infrastructure.html
BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums
Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023.
https://securityaffairs.com/151869/malware/bunnyloader-maas.html
Security researchers believe mass exploitation attempts against WS_FTP have begun
Security researchers have spotted what they believe to be a "possible mass exploitation" of vulnerabilities in Progress Softwares WS_FTP Server.
https://go.theregister.com/feed/www.theregister.com/2023/10/02/ws_ftp_update/
Cloudflare Protection Bypass Vulnerability on Threat Actors- Radar
Researchers have identified two mechanisms that hinge on the assumption that traffic originating from Cloudflare towards the origin server is inherently trustworthy, while traffic from other origins should be blocked.
https://socradar.io/cloudflare-protection-bypass-vulnerability-on-threat-actors-radar/
Drei Fragen und Antworten: Der beste Schutz für das Active Directory
Bis zu 90 Prozent aller Angriffe bedienen sich Microsofts Active Directory - es ist der Hebel, um die eigene Sicherheit zu verbessern. Wir zeigen, wie das geht.
https://www.heise.de/news/Drei-Fragen-und-Antworten-Der-beste-Schutz-fuer-das-Active-Directory-9323431.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitrag
Exim-Lücke: Erste Patches laufen ein
Nach verschiedenen Kommunikationspannen hat das Exim-Team kritische Sicherheitslücken im beliebten Mailserver behoben. Debian verteilt bereits Updates.
https://www.heise.de/news/Exim-Luecke-Erste-Patches-laufen-ein-9323709.html?wt_mc=rss.red.ho.ho.atom.beitrag.beitrag
Angriffe auf ältere Android-Geräte: Lücke in Mali-GPU nur teilweise geschlossen
Aufgrund mehrerer Schwachstellen im Treiber der Grafikeinheit Mali sind unter anderem Smartphone-Modelle von Samsung und Xiaomi verwundbar.
https://www.heise.de/news/Angriffe-auf-aeltere-Android-Geraete-Luecke-in-Mali-GPU-nur-teilweise-geschlossen-9323856.html
Booking.com: Achtung bei -fehlgeschlagener Zahlung- oder -Verifikation Ihrer Zahlungsinfos-
Fälle, in denen Unterkünfte über booking.com gebucht wurden und Buchende anschließend zur Verifikation ihrer Zahlungen oder zu einer neuerlichen Zahlung aufgefordert werden, häufen sich aktuell. Vorsicht ist geboten, denn die Aufforderungen stammen von Kriminellen, die sich Zugang zu den Buchungsdaten verschaffen konnten und es nun auf das Geld der Hotelgäste abgesehen haben!
https://www.watchlist-internet.at/news/bookingcom-achtung-bei-fehlgeschlagener-zahlung-oder-verifikation-ihrer-zahlungsinfos/
Fortinet Labs Uncovers Series of Malicious NPM Packages Stealing Data
FortiGuard Labs has uncovered a series of malicious packages concealed within NPM (Node Package Manager), the primary software repository for JavaScript developers. The researchers utilized a dedicated system designed to detect nefarious open-source packages across multiple ecosystems, including PyPI and NPM.
https://www.hackread.com/fortinet-labs-malicious-npm-packages-steal-data/
Vulnerabilities
Microsoft Edge, Teams get fixes for zero-days in open-source libraries
Microsoft released emergency security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries used by the three products. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-teams-get-fixes-for-zero-days-in-open-source-libraries/
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.
https://www.bleepingcomputer.com/news/security/qualcomm-says-hackers-exploit-3-zero-days-in-its-gpu-dsp-drivers/
Jetzt patchen! Ransomware schlüpft durch kritische TeamCity-Lücke
Angreifer nutzen eine Sicherheitslücke des Software-Distributionssystems TeamCity aus, das weltweit über 30.000 Firmen wie Citibank, HP und Nike einsetzen.
https://www.heise.de/news/Jetzt-patchen-Ransomware-schluepft-durch-kritische-TeamCity-Luecke-9323844.html
Security updates for Tuesday
Security updates have been issued by Debian (exim4), Fedora (firecracker, rust-aes-gcm, rust-axum, rust-tokio-tungstenite, rust-tungstenite, and rust-warp), Gentoo (nvidia-drivers), Mageia (chromium-browser-stable, glibc, and libwebp), Red Hat (kernel), SUSE (ghostscript and python3), and Ubuntu (firefox, libtommath, libvpx, and thunderbird).
https://lwn.net/Articles/946313/
Mattermost security updates Desktop app v5.5.1 and Mobile app v2.8.1 released
We-re informing you about a Mattermost security update, which addresses the vulnerability CVE-2023-4863 of the third-party library libwebp which was affecting the Desktop app and the Mobile iOS app. We highly recommend that you apply the update. The security update is available for Mattermost dot releases Desktop app v5.5.1 and Mobile app v2.8.1.
https://mattermost.com/blog/mattermost-security-updates-desktop-app-v5-5-1-and-mobile-app-v2-8-1-released/
K000137090 : Node.js vulnerabilities CVE-2018-12121, CVE-2018-12122, and CVE-2018-12123
https://my.f5.com/manage/s/article/K000137090?utm_source=f5support&utm_medium=RSS
K000137093 : Node.js vulnerabilities CVE-2018-7167, CVE-2018-12115, and CVE-2018-12116
https://my.f5.com/manage/s/article/K000137093?utm_source=f5support&utm_medium=RSS
The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable to a server-side request forgery due to Apache Batik (CVE-2022-44730, CVE-2022-44729)
https://www.ibm.com/support/pages/node/7043490
Vulnerabilities in Node.js affect IBM Voice Gateway
https://www.ibm.com/support/pages/node/7043727
IBM App Connect Enterprise is vulnerable to a denial of service due to Google Protocol Buffer protobuf-cpp (CVE-2022-1941)
https://www.ibm.com/support/pages/node/7045071
Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase.
https://www.ibm.com/support/pages/node/7035373
Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase
https://www.ibm.com/support/pages/node/7035370
Multiple vulnerabilities in the IBM Java Runtime affects IBM Rational ClearCase.
https://www.ibm.com/support/pages/node/7035371
A vulnerability in libcURL affect IBM Rational ClearCase.
https://www.ibm.com/support/pages/node/7035382
IBM Spectrum Symphony openssl 1.1.1 End of Life
https://www.ibm.com/support/pages/node/7045753
IBM\u00ae Db2\u00ae is vulnerable to information disclosure due to improper privilege management when certain federation features are used. (CVE-2023-29256)
https://www.ibm.com/support/pages/node/7010573