End-of-Day report
Timeframe: Mittwoch 15-11-2023 18:00 - Donnerstag 16-11-2023 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens.
https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html
Deep Dive: Learning from Okta - the hidden risk of HAR files
HAR is short for HTTP Archive, and it-s a way of saving full details of the high-level network traffic in a web browsing session, usually for development, debugging, or testing purposes.
https://pducklin.com/2023/11/14/deep-dive-learning-from-okta-the-hidden-risk-of-har-files/
Fake-Shops locken mit Black-Friday-Angeboten
Rund um den Blackfriday lässt sich das ein oder andere Schnäppchen ergattern. Wir raten aber dazu, Online-Shops vor einer Bestellung genau zu prüfen.
https://www.watchlist-internet.at/news/fake-shops-locken-mit-black-friday-angeboten/
Attacker - hidden in plain sight for nearly six months - targeting Python developers
For close to six months, a malicious actor has been stealthily uploading dozens of malicious Python packages, most of them mimicking the names of legitimate ones, to bait unsuspecting developers.
https://checkmarx.com/blog/attacker-hidden-in-plain-sight-for-nearly-six-months-targeting-python-developers/
FBI and CISA Release Advisory on Scattered Spider Group
Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Scattered Spider-a cybercriminal group targeting commercial facilities sectors and subsectors.
https://www.cisa.gov/news-events/alerts/2023/11/16/fbi-and-cisa-release-advisory-scattered-spider-group
Vulnerabilities
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar
Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory.
https://thehackernews.com/2023/11/new-poc-exploit-for-apache-activemq.html
Security updates for Thursday
Security updates have been issued by Debian (chromium and openvpn), Oracle (kernel, microcode_ctl, plexus-archiver, and python), Red Hat (.NET 6.0, dotnet6.0, dotnet7.0, dotnet8.0, kernel, linux-firmware, and open-vm-tools), SUSE (apache2, chromium, jhead, postgresql12, postgresql13, and qemu), and Ubuntu (dotnet6, dotnet7, dotnet8, frr, python-pip, quagga, and tidy-html5).
https://lwn.net/Articles/951681/
Mollie for Drupal - Moderately critical - Faulty payment confirmation logic - SA-CONTRIB-2023-052
https://www.drupal.org/sa-contrib-2023-052
FortiOS & FortiProxy VM - Bypass of root file system integrity checks at boot time on VM
https://fortiguard.fortinet.com/psirt/FG-IR-22-396
FortiOS & FortiProxy - DOS in headers management
https://fortiguard.fortinet.com/psirt/FG-IR-23-151
Cisco Secure Client Software Denial of Service Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8
Cisco IP Phone Stored Cross-Site Scripting Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA
Cisco Secure Endpoint for Windows Scanning Evasion Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd
Cisco Identity Services Engine Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR
Cisco AppDynamics PHP Agent Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5
FortiSIEM - OS command injection in Report Server
https://www.fortiguard.com/psirt/FG-IR-23-135
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
2023-11 Security Bulletin: JSA Series: Multiple vulnerabilities resolved
https://supportportal.juniper.net/s/article/2023-11-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0010
https://webkitgtk.org/security/WSA-2023-0010.html
Released: November 2023 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2023-exchange-server-security-updates/ba-p/3980209
Citrix Releases Security Updates for Citrix Hypervisor
https://www.cisa.gov/news-events/alerts/2023/11/16/citrix-releases-security-updates-citrix-hypervisor-0