Tageszusammenfassung - 04.10.2023

End-of-Day report

Timeframe: Dienstag 03-10-2023 18:00 - Mittwoch 04-10-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Sicherheitswarnung: Schwachstellen in Qualcomm-Treibern werden aktiv ausgenutzt

Mehrere Schwachstellen in Qualcomm-Treibern gefährden Smartphones und Tablets weltweit. Patches sind vorhanden - zumindest bei den Herstellern.

https://www.golem.de/news/sicherheitswarnung-schwachstellen-in-qualcomm-treibern-werden-aktiv-ausgenutzt-2310-178174.html


Looney Tunables: Schwachstelle in C-Bibliothek gefährdet Linux-Systeme

Eine Pufferüberlauf-Schwachstelle im dynamischen Lader von glibc ermöglicht es Angreifern, auf Linux-Systemen Root-Rechte zu erlangen.

https://www.golem.de/news/looney-tunables-schwachstelle-in-c-bibliothek-gefaehrdet-linux-systeme-2310-178180.html


Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement

Microsoft security researchers recently identified an attack where attackers attempted to move laterally to a cloud environment through a SQL Server instance. The attackers initially exploited a SQL injection vulnerability in an application within the target-s environment to gain access and elevated permissions to a Microsoft SQL Server instance deployed in an Azure Virtual Machine (VM).

https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/


Optimizing WordPress: Security Beyond Default Configurations

Default configurations in software are not always the most secure. For example, you might buy a network-attached home security camera from your friendly neighborhood electronics store. While these are handy to keep an eye on your property from the comfort of your phone, they also typically come shipped with a default username and password. And since they are connected to the web, they can be accessed from anywhere. Attackers know this, [...]

https://blog.sucuri.net/2023/10/optimizing-wordpress-security-beyond-default-configurations.html


Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. "These vulnerabilities [...] can lead to a full chain Remote Code Execution (RCE), leaving countless thousands of services and end-users - including some of the world's largest companies - open to unauthorized access and insertion of malicious AI models, and potentially a full server takeover," [...]

https://thehackernews.com/2023/10/warning-pytorch-models-vulnerable-to.html


Patchday: Attacken auf Android 11, 12 und 13 beobachtet

Unter anderem Google hat wichtige Sicherheitsupdates für Android-Geräte veröffentlicht. Zwei Lücken haben Angreifer bereits im Visier.

https://www.heise.de/-9324125.html


Linux tries to dump Windows notoriously insecure RNDIS protocol

Here we go again. Linux developers are trying, once more, to rid Linux of Microsofts Remote Network Driver Interface Specification. Heres why its complicated.

https://www.zdnet.com/home-and-office/networking/linux-tries-to-dump-windows-notoriously-insecure-rndis-protocol/


Five Misconfigurations Threatening Your AWS Environment Today

In the ever-expanding realm of AWS, with over 200 services at your disposal, securing your cloud account configurations and mastering complex environments can feel like an overwhelming challenge. To help you prioritize and root them out, we-ve put together a guide for AWS configurations that are most commonly overlooked. Here are five of the top misconfigurations that could be lurking in your AWS environment right now.

https://blog.aquasec.com/five-misconfigurations-threatening-your-aws-environment-today

Vulnerabilities

CVE-2023-22515 - Privilege Escalation Vulnerability in Confluence Data Center and Server

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html


Security updates for Wednesday

Security updates have been issued by Debian (glibc, postgresql-11, and thunderbird), Fedora (openmpi, pmix, prrte, and slurm), Gentoo (glibc and libvpx), Oracle (kernel), Red Hat (kernel), Slackware (libX11 and libXpm), SUSE (firefox, kernel, libeconf, libqb, libraw, libvpx, libX11, libXpm, mdadm, openssl-1_1, poppler, postfix, python311, rubygem-puma, runc, and vim), and Ubuntu (freerdp2, glibc, grub2-signed, grub2-unsigned, libx11, libxpm, linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, linux-oracle-5.15, and mozjs102).

https://lwn.net/Articles/946496/


New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks

Supermicro has released BMC IPMI firmware updates to address multiple vulnerabilities impacting select motherboard models.

https://www.securityweek.com/new-supermicro-bmc-vulnerabilities-could-expose-many-servers-to-remote-attacks/


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/