End-of-Day report
Timeframe: Mittwoch 04-10-2023 18:00 - Donnerstag 05-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Curl 8.4.0 is to be released on October 11th ...
... containing a fix for "the worst security problem found in curl in a long time". The associated CVE is expected to be published shortly after. Use the time to check where you have #curl & #libcurl in your environment.
https://twitter.com/pyotam2/status/1709305830573473987
Jetzt patchen! Confluence Data Center: Angreifer machen sich zu Admins
Atlassian hat eine kritische Sicherheitslücke in Confluence Data Center und Server geschlossen.
https://www.heise.de/-9325414
Lorenz ransomware crew bungles blackmail blueprint by leaking two years of contacts
A security researcher noticed Lorenz's dark web victim blog was leaking backend code, pulled the data from the site, and uploaded to it a public GitHub repository. The data includes names, email addresses, and the subject line entered into the ransomware group's limited online form to request information from Lorenz.
https://go.theregister.com/feed/www.theregister.com/2023/10/05/lorenz_ransomware_group_leaks_details/
The discovery of Gatekeeper bypass CVE-2023-27943
Looking for vulnerabilities is not my usual daily routine. I am a software developer for Endpoint Security software. I implement new features, improve existing functionality, fixing bugs. So, the discovery of this vulnerability was a surprise. And it made me scared that a macOS update broke our product. In the end, it turned out to be quite a severe vulnerability on macOS.
https://blog.f-secure.com/discovery-of-gatekeeper-bypass-cve-2023-27943/
H1 2023 - a brief overview of main incidents in industrial cybersecurity
In this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations.
https://ics-cert.kaspersky.com/publications/h1-2023-a-brief-overview-of-main-incidents-in-industrial-cybersecurity/
Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit
In this post, we look at the attack surface of another target in a different category. The Sony XAV-AX5500 is a popular aftermarket head unit that interacts with different systems within a vehicle. It also offers attackers a potential foothold into an automobile.
https://www.thezdi.com/blog/2023/10/5/looking-at-the-attack-surface-of-the-sony-xav-ax5500-head-unit
Exposing Infection Techniques Across Supply Chains and Codebases
This entry delves into threat actors intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
https://www.trendmicro.com/en_us/research/23/j/infection-techniques-across-supply-chains-and-codebases.html
Your printer is not your printer ! - Hacking Printers at Pwn2Own Part I
At 2021, we found Pre-auth RCE vulnerabilities(CVE-2022-24673 and CVE-2022-3942) in Canon and HP printers, and vulnerabilty(CVE-2021-44734) in Lexmark. We used these vulnerabilities to exploit Canon ImageCLASS MF644Cdw, HP Color LaserJet Pro MFP M283fdw and Lexmark MC3224i in Pwn2Own Austin 2021. Following we will describe the details of the Canon and HP vulnerabilities and exploitation.
https://devco.re/blog/2023/10/05/your-printer-is-not-your-printer-hacking-printers-pwn2own-part1-en/
EvilProxy Phishing Kit Targets Microsoft Users via Indeed.com Vulnerability
Threat actors are exploiting the open redirection vulnerability on Indeed.com to launch EvilProxy phishing attacks against high-ranking executives.
https://www.hackread.com/evilproxy-phishing-kit-microsoft-indeed-vulnerability/
CISA and NSA Release New Guidance on Identity and Access Management
Today, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that threaten critical infrastructure and national security systems.
https://www.cisa.gov/news-events/alerts/2023/10/04/cisa-and-nsa-release-new-guidance-identity-and-access-management
Notruf-Tool Cisco Emergency Responder mit statischen Zugangsdaten
Der Netzwerkausrüster Cisco hat für mehrere Produkte wichtige Sicherheitsupdates veröffentlicht.
https://www.heise.de/-9325669
Vulnerabilities
Cisco Security Advisories 2023-10-04
Cisco has published 3 Security Advisories (1 Critical, 1 High, 1 Medium Severity)
https://sec.cloudapps.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2023%2F10%2F04&firstPublishedEndDate=2023%2F10%2F04
(0Day) D-Link
ZDI-23-1501 - ZDI-23-1525: Multiple Routers, DIR-X3260, DAP-2622, DAP-1325 and D-View
https://www.zerodayinitiative.com/advisories/published/
Wieder Exploit-Update für iOS und iPadOS - das wohl auch Hitzeproblem fixt
Apple hat in der Nacht zum Donnerstag erneut wichtige Fixes für sein iPhone- und iPad-Betriebssystem vorgelegt. Es geht um Sicherheit und Überhitzung.
https://www.heise.de/-9325367
Malware-Schutz: Schwachstellen in Watchguard EPDR und AD360 geschlossen
In den Malware-Schutzlösungen Watchguard EPDR und AD360 klaffen teils Sicherheitslücken mit hohem Risiko. Aktualisierungen stehen bereit.
https://www.heise.de/-9326078
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 25, 2023 to October 1, 2023)
Last week, there were 90 vulnerabilities disclosed in 68 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week.
https://www.wordfence.com/blog/2023/10/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-25-2023-to-october-1-2023/
Security updates for Thursday
Security updates have been issued by Debian (chromium, libx11, and libxpm), Fedora (ckeditor, drupal7, glibc, golang-github-cncf-xds, golang-github-envoyproxy-control-plane, golang-github-hashicorp-msgpack, golang-github-minio-highwayhash, golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, golang-github-protobuf, golang-google-protobuf, nats-server, and pgadmin4), Red Hat (firefox and thunderbird), SUSE (chromium, exim, ghostscript, kernel, poppler, python-gevent, and python-reportlab), and Ubuntu (binutils, exim4, jqueryui, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux-kvm, linux-oem-6.1, nodejs, and python-django).
https://lwn.net/Articles/946698/
ZDI-23-1498: Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-1498/
Open Redirect in SAP® BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)
https://sec-consult.com/vulnerability-lab/advisory/open-redirect-in-bsp-test-application-it00-bypass-for-cve-2020-6215-patch/
Qognify NiceVision
https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-02
Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch
https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-03
Hitachi Energy AFS65x, AFF66x, AFS67x, and AFR67x Series Products
https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/