End-of-Day report
Timeframe: Dienstag 24-10-2023 18:00 - Mittwoch 25-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Citrix Bleed exploit lets hackers hijack NetScaler accounts
A proof-of-concept (PoC) exploit is released for the Citrix Bleed vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances.
https://www.bleepingcomputer.com/news/security/citrix-bleed-exploit-lets-hackers-hijack-netscaler-accounts/
Phishing-Masche: Klarstellung wegen Viren-Versands gefordert
Die Verbraucherzentralen warnen vor Betrugsmails, die Empfänger zu einer Klarstellung auffordern. Es seien Beschwerden wegen Malware-Versands eingegangen.
https://www.heise.de/news/Phishing-Masche-Klarstellung-wegen-Viren-Versands-gefordert-9343487.html
Exploitcode für Root-Lücke in VMware Aria Operations for Logs in Umlauf
In Umlauf befindlicher Exploitcode gefährdet VMwares Management-Plattform für Cloudumgebungen. Admins sollten jetzt Sicherheitsupdates installieren.
https://www.heise.de/news/Exploitcode-fuer-Root-Luecke-in-VMware-Aria-Operations-for-Logs-in-Umlauf-9343519.html
Webmailer Roundcube: Attacken auf Zero-Day-Lücke
Im Webmailer Roundcube missbrauchen Cyberkriminelle eine Sicherheitslücke, um verwundbare Einrichtungen anzugreifen. Ein Update schließt das Leck.
https://www.heise.de/news/Webmailer-Roundcube-Attacken-auf-Zero-Day-Luecke-9343924.html
Teils kritische Lücken in VMware vCenter Server und Cloud Foundation geschlossen
VMware hat aktualisierte Softwarepakete veröffentlicht, die mehrere Lücken in vCenter Server und Cloud Foundation abdichten. Eine gilt als kritisch.
https://www.heise.de/news/Update-stopft-kritische-Luecke-in-VMware-vCenter-Server-und-Cloud-Foundation-9344041.html
Nusuccess: Seriöse Marketingagentur oder unseriöses Schneeballsystem?
Die Nusuccess FZCO mit Sitz in Dubai - vormals mit Sitz in Kärnten - bezeichnet sich selbst als -weltweit renommierte Werbeagentur-. Welche Leistungen diese Firma tatsächlich erbringt, bleibt aber im besten Fall vage. Erfahrungsberichte deuten darauf hin, dass sie ihren Gewinn hauptsächlich durch den Verkauf von teuren -Franchise-Paketen- erzielt. Was genau Inhalt dieser Franchise-Pakete sein soll, bleibt unklar.
https://www.watchlist-internet.at/news/nusuccess-serioese-marketingagentur-oder-unserioeses-schneeballsystem/
Social engineering: Hacking minds over bytes
In this blog, lets focus on the intersection of psychology and technology, where cybercriminals manipulate human psychology through digital means to achieve their objectives.
https://cybersecurity.att.com/blogs/security-essentials/social-engineering-hacking-minds-over-bytes
How to Secure the WordPress Login Page
Given that WordPress powers millions of websites worldwide, it-s no surprise that it-s a prime target for malicious activities ranging from brute force attacks and hacking attempts to unauthorized access - all of which can wreak havoc on your site-s functionality, damage reputation, or even result in lost revenue and sales. A common entry point often exploited by hackers is the WordPress login page, [...]
https://blog.sucuri.net/2023/10/how-to-secure-the-wordpress-login-page.html
The Rise of S3 Ransomware: How to Identify and Combat It
In todays digital landscape, around 60% of corporate data now resides in the cloud, with Amazon S3 standing as the backbone of data storage for many major corporations. Despite S3 being a secure service from a reputable provider, its pivotal role in handling vast amounts of sensitive data (customer personal information, financial data, intellectual property, etc.), provides a juicy target for threat actors. It remains susceptible to ransomware attacks which are often initiated using leaked access keys that have accidentally been exposed by human error and have access to the organization's buckets.
https://thehackernews.com/2023/10/the-rise-of-s3-ransomware-how-to.html
RT 5.0.5 and 4.4.7 Now Available
RT versions 5.0.5 and 4.4.7 are now available. In addition to some new features and bug fixes, these releases contain important security updates and are recommended for all RT users.
https://bestpractical.com/blog/2023/10/rt-505-and-447-now-available
Vulnerabilities
Lücke in Cisco IOS XE: Auch Rockwell-Industrieswitches betroffen
Neben Cisco-eigenen Geräten sind auch Rockwell-Switches der Stratix-Serie für den Industrieeinsatz betroffen. Eine Fehlerbehebung steht noch aus.
https://www.heise.de/news/Luecke-in-Cisco-IOS-XE-Auch-Rockwell-Industrieswitches-betroffen-9343547.html
VMSA-2023-0023
Synopsis: VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)
1. Impacted Products
* VMware vCenter Server
* VMware Cloud Foundation
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
Several Critical Vulnerabilities Patched in AI ChatBot Plugin for WordPress
On September 28, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for multiple vulnerabilities in AI ChatBot, a WordPress plugin with over 4,000 active installations. After making our initial contact attempt on September 28th, 2023, we received a response on September 29, 2023 and sent over our full disclosure details.
https://www.wordfence.com/blog/2023/10/several-critical-vulnerabilities-patched-in-ai-chatbot-plugin-for-wordpress/
Security updates for Wednesday
Security updates have been issued by Debian (gst-plugins-bad1.0, openssl, roundcube, and xorg-server), Fedora (dotnet6.0, dotnet7.0, roundcubemail, and wordpress), Mageia (redis), Oracle (dnsmasq, python27:2.7, python3, tomcat, and varnish), Red Hat (python39:3.9, python39-devel:3.9), Slackware (mozilla and vim), SUSE (openssl-3, poppler, ruby2.5, and xen), and Ubuntu (.Net, linux-gcp-5.15, linux-gkeop-5.15, linux-intel-iotg-5.15, linux-starfive-6.2, mysql-5.7, ncurses, and openssl).
https://lwn.net/Articles/948814/
Movable Type vulnerable to cross-site scripting
https://jvn.jp/en/jp/JVN39139884/
TEM Opera Plus FM Family Transmitter 35.45 XSRF
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5800.php
TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5799.php
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) Remote Denial Of Service
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5798.php
AIX is vulnerable to sensitive information exposure due to Perl (CVE-2023-31484 and CVE-2023-31486)
https://www.ibm.com/support/pages/node/7047272
IBM QRadar SIEM includes components with known vulnerabilities
https://www.ibm.com/support/pages/node/7049133
IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to weaker than expected security (CVE-2023-46158)
https://www.ibm.com/support/pages/node/7058540
IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to weaker than expected security (CVE-2023-46158)
https://www.ibm.com/support/pages/node/7058536
A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Business Developer.
https://www.ibm.com/support/pages/node/7059262