End-of-Day report
Timeframe: Dienstag 03-10-2023 18:00 - Mittwoch 04-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Sicherheitswarnung: Schwachstellen in Qualcomm-Treibern werden aktiv ausgenutzt
Mehrere Schwachstellen in Qualcomm-Treibern gefährden Smartphones und Tablets weltweit. Patches sind vorhanden - zumindest bei den Herstellern.
https://www.golem.de/news/sicherheitswarnung-schwachstellen-in-qualcomm-treibern-werden-aktiv-ausgenutzt-2310-178174.html
Looney Tunables: Schwachstelle in C-Bibliothek gefährdet Linux-Systeme
Eine Pufferüberlauf-Schwachstelle im dynamischen Lader von glibc ermöglicht es Angreifern, auf Linux-Systemen Root-Rechte zu erlangen.
https://www.golem.de/news/looney-tunables-schwachstelle-in-c-bibliothek-gefaehrdet-linux-systeme-2310-178180.html
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement
Microsoft security researchers recently identified an attack where attackers attempted to move laterally to a cloud environment through a SQL Server instance. The attackers initially exploited a SQL injection vulnerability in an application within the target-s environment to gain access and elevated permissions to a Microsoft SQL Server instance deployed in an Azure Virtual Machine (VM).
https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/
Optimizing WordPress: Security Beyond Default Configurations
Default configurations in software are not always the most secure. For example, you might buy a network-attached home security camera from your friendly neighborhood electronics store. While these are handy to keep an eye on your property from the comfort of your phone, they also typically come shipped with a default username and password. And since they are connected to the web, they can be accessed from anywhere. Attackers know this, [...]
https://blog.sucuri.net/2023/10/optimizing-wordpress-security-beyond-default-configurations.html
Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. "These vulnerabilities [...] can lead to a full chain Remote Code Execution (RCE), leaving countless thousands of services and end-users - including some of the world's largest companies - open to unauthorized access and insertion of malicious AI models, and potentially a full server takeover," [...]
https://thehackernews.com/2023/10/warning-pytorch-models-vulnerable-to.html
Patchday: Attacken auf Android 11, 12 und 13 beobachtet
Unter anderem Google hat wichtige Sicherheitsupdates für Android-Geräte veröffentlicht. Zwei Lücken haben Angreifer bereits im Visier.
https://www.heise.de/-9324125.html
Linux tries to dump Windows notoriously insecure RNDIS protocol
Here we go again. Linux developers are trying, once more, to rid Linux of Microsofts Remote Network Driver Interface Specification. Heres why its complicated.
https://www.zdnet.com/home-and-office/networking/linux-tries-to-dump-windows-notoriously-insecure-rndis-protocol/
Five Misconfigurations Threatening Your AWS Environment Today
In the ever-expanding realm of AWS, with over 200 services at your disposal, securing your cloud account configurations and mastering complex environments can feel like an overwhelming challenge. To help you prioritize and root them out, we-ve put together a guide for AWS configurations that are most commonly overlooked. Here are five of the top misconfigurations that could be lurking in your AWS environment right now.
https://blog.aquasec.com/five-misconfigurations-threatening-your-aws-environment-today
Vulnerabilities
CVE-2023-22515 - Privilege Escalation Vulnerability in Confluence Data Center and Server
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
Security updates for Wednesday
Security updates have been issued by Debian (glibc, postgresql-11, and thunderbird), Fedora (openmpi, pmix, prrte, and slurm), Gentoo (glibc and libvpx), Oracle (kernel), Red Hat (kernel), Slackware (libX11 and libXpm), SUSE (firefox, kernel, libeconf, libqb, libraw, libvpx, libX11, libXpm, mdadm, openssl-1_1, poppler, postfix, python311, rubygem-puma, runc, and vim), and Ubuntu (freerdp2, glibc, grub2-signed, grub2-unsigned, libx11, libxpm, linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, linux-oracle-5.15, and mozjs102).
https://lwn.net/Articles/946496/
New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks
Supermicro has released BMC IPMI firmware updates to address multiple vulnerabilities impacting select motherboard models.
https://www.securityweek.com/new-supermicro-bmc-vulnerabilities-could-expose-many-servers-to-remote-attacks/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/