Tageszusammenfassung - 05.10.2023

End-of-Day report

Timeframe: Mittwoch 04-10-2023 18:00 - Donnerstag 05-10-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer

News

Curl 8.4.0 is to be released on October 11th ...

... containing a fix for "the worst security problem found in curl in a long time". The associated CVE is expected to be published shortly after. Use the time to check where you have #curl & #libcurl in your environment.

https://twitter.com/pyotam2/status/1709305830573473987

Jetzt patchen! Confluence Data Center: Angreifer machen sich zu Admins

Atlassian hat eine kritische Sicherheitslücke in Confluence Data Center und Server geschlossen.

https://www.heise.de/-9325414

Lorenz ransomware crew bungles blackmail blueprint by leaking two years of contacts

A security researcher noticed Lorenz's dark web victim blog was leaking backend code, pulled the data from the site, and uploaded to it a public GitHub repository. The data includes names, email addresses, and the subject line entered into the ransomware group's limited online form to request information from Lorenz.

https://go.theregister.com/feed/www.theregister.com/2023/10/05/lorenz_ransomware_group_leaks_details/

The discovery of Gatekeeper bypass CVE-2023-27943

Looking for vulnerabilities is not my usual daily routine. I am a software developer for Endpoint Security software. I implement new features, improve existing functionality, fixing bugs. So, the discovery of this vulnerability was a surprise. And it made me scared that a macOS update broke our product. In the end, it turned out to be quite a severe vulnerability on macOS.

https://blog.f-secure.com/discovery-of-gatekeeper-bypass-cve-2023-27943/

H1 2023 - a brief overview of main incidents in industrial cybersecurity

In this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations.

https://ics-cert.kaspersky.com/publications/h1-2023-a-brief-overview-of-main-incidents-in-industrial-cybersecurity/

Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit

In this post, we look at the attack surface of another target in a different category. The Sony XAV-AX5500 is a popular aftermarket head unit that interacts with different systems within a vehicle. It also offers attackers a potential foothold into an automobile.

https://www.thezdi.com/blog/2023/10/5/looking-at-the-attack-surface-of-the-sony-xav-ax5500-head-unit

Exposing Infection Techniques Across Supply Chains and Codebases

This entry delves into threat actors intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.

https://www.trendmicro.com/en_us/research/23/j/infection-techniques-across-supply-chains-and-codebases.html

Your printer is not your printer ! - Hacking Printers at Pwn2Own Part I

At 2021, we found Pre-auth RCE vulnerabilities(CVE-2022-24673 and CVE-2022-3942) in Canon and HP printers, and vulnerabilty(CVE-2021-44734) in Lexmark. We used these vulnerabilities to exploit Canon ImageCLASS MF644Cdw, HP Color LaserJet Pro MFP M283fdw and Lexmark MC3224i in Pwn2Own Austin 2021. Following we will describe the details of the Canon and HP vulnerabilities and exploitation.

https://devco.re/blog/2023/10/05/your-printer-is-not-your-printer-hacking-printers-pwn2own-part1-en/

EvilProxy Phishing Kit Targets Microsoft Users via Indeed.com Vulnerability

Threat actors are exploiting the open redirection vulnerability on Indeed.com to launch EvilProxy phishing attacks against high-ranking executives.

https://www.hackread.com/evilproxy-phishing-kit-microsoft-indeed-vulnerability/

CISA and NSA Release New Guidance on Identity and Access Management

Today, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that threaten critical infrastructure and national security systems.

https://www.cisa.gov/news-events/alerts/2023/10/04/cisa-and-nsa-release-new-guidance-identity-and-access-management

Notruf-Tool Cisco Emergency Responder mit statischen Zugangsdaten

Der Netzwerkausrüster Cisco hat für mehrere Produkte wichtige Sicherheitsupdates veröffentlicht.

https://www.heise.de/-9325669

Vulnerabilities

Cisco Security Advisories 2023-10-04

Cisco has published 3 Security Advisories (1 Critical, 1 High, 1 Medium Severity)

https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2023%2F10%2F04&firstPublishedEndDate=2023%2F10%2F04

(0Day) D-Link

ZDI-23-1501 - ZDI-23-1525: Multiple Routers, DIR-X3260, DAP-2622, DAP-1325 and D-View

https://www.zerodayinitiative.com/advisories/published/

Wieder Exploit-Update für iOS und iPadOS - das wohl auch Hitzeproblem fixt

Apple hat in der Nacht zum Donnerstag erneut wichtige Fixes für sein iPhone- und iPad-Betriebssystem vorgelegt. Es geht um Sicherheit und Überhitzung.

https://www.heise.de/-9325367

Malware-Schutz: Schwachstellen in Watchguard EPDR und AD360 geschlossen

In den Malware-Schutzlösungen Watchguard EPDR und AD360 klaffen teils Sicherheitslücken mit hohem Risiko. Aktualisierungen stehen bereit.

https://www.heise.de/-9326078

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 25, 2023 to October 1, 2023)

Last week, there were 90 vulnerabilities disclosed in 68 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week.

https://www.wordfence.com/blog/2023/10/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-25-2023-to-october-1-2023/

Security updates for Thursday

Security updates have been issued by Debian (chromium, libx11, and libxpm), Fedora (ckeditor, drupal7, glibc, golang-github-cncf-xds, golang-github-envoyproxy-control-plane, golang-github-hashicorp-msgpack, golang-github-minio-highwayhash, golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, golang-github-protobuf, golang-google-protobuf, nats-server, and pgadmin4), Red Hat (firefox and thunderbird), SUSE (chromium, exim, ghostscript, kernel, poppler, python-gevent, and python-reportlab), and Ubuntu (binutils, exim4, jqueryui, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux-kvm, linux-oem-6.1, nodejs, and python-django).

https://lwn.net/Articles/946698/

ZDI-23-1498: Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-23-1498/

Open Redirect in SAP® BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)

https://sec-consult.com/vulnerability-lab/advisory/open-redirect-in-bsp-test-application-it00-bypass-for-cve-2020-6215-patch/