Tageszusammenfassung - 16.11.2023

End-of-Day report

Timeframe: Mittwoch 15-11-2023 18:00 - Donnerstag 16-11-2023 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer

News

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens.

https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html


Deep Dive: Learning from Okta - the hidden risk of HAR files

HAR is short for HTTP Archive, and it-s a way of saving full details of the high-level network traffic in a web browsing session, usually for development, debugging, or testing purposes.

https://pducklin.com/2023/11/14/deep-dive-learning-from-okta-the-hidden-risk-of-har-files/


Fake-Shops locken mit Black-Friday-Angeboten

Rund um den Blackfriday lässt sich das ein oder andere Schnäppchen ergattern. Wir raten aber dazu, Online-Shops vor einer Bestellung genau zu prüfen.

https://www.watchlist-internet.at/news/fake-shops-locken-mit-black-friday-angeboten/


Attacker - hidden in plain sight for nearly six months - targeting Python developers

For close to six months, a malicious actor has been stealthily uploading dozens of malicious Python packages, most of them mimicking the names of legitimate ones, to bait unsuspecting developers.

https://checkmarx.com/blog/attacker-hidden-in-plain-sight-for-nearly-six-months-targeting-python-developers/


FBI and CISA Release Advisory on Scattered Spider Group

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Scattered Spider-a cybercriminal group targeting commercial facilities sectors and subsectors.

https://www.cisa.gov/news-events/alerts/2023/11/16/fbi-and-cisa-release-advisory-scattered-spider-group

Vulnerabilities

New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar

Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory.

https://thehackernews.com/2023/11/new-poc-exploit-for-apache-activemq.html


Security updates for Thursday

Security updates have been issued by Debian (chromium and openvpn), Oracle (kernel, microcode_ctl, plexus-archiver, and python), Red Hat (.NET 6.0, dotnet6.0, dotnet7.0, dotnet8.0, kernel, linux-firmware, and open-vm-tools), SUSE (apache2, chromium, jhead, postgresql12, postgresql13, and qemu), and Ubuntu (dotnet6, dotnet7, dotnet8, frr, python-pip, quagga, and tidy-html5).

https://lwn.net/Articles/951681/


Mollie for Drupal - Moderately critical - Faulty payment confirmation logic - SA-CONTRIB-2023-052

https://www.drupal.org/sa-contrib-2023-052


FortiOS & FortiProxy VM - Bypass of root file system integrity checks at boot time on VM

https://fortiguard.fortinet.com/psirt/FG-IR-22-396


FortiOS & FortiProxy - DOS in headers management

https://fortiguard.fortinet.com/psirt/FG-IR-23-151


Cisco Secure Client Software Denial of Service Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8


Cisco IP Phone Stored Cross-Site Scripting Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA


Cisco Secure Endpoint for Windows Scanning Evasion Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd


Cisco Identity Services Engine Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR


Cisco AppDynamics PHP Agent Privilege Escalation Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5


FortiSIEM - OS command injection in Report Server

https://www.fortiguard.com/psirt/FG-IR-23-135


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/


2023-11 Security Bulletin: JSA Series: Multiple vulnerabilities resolved

https://supportportal.juniper.net/s/article/2023-11-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved


WebKitGTK and WPE WebKit Security Advisory WSA-2023-0010

https://webkitgtk.org/security/WSA-2023-0010.html


Released: November 2023 Exchange Server Security Updates

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2023-exchange-server-security-updates/ba-p/3980209


Citrix Releases Security Updates for Citrix Hypervisor

https://www.cisa.gov/news-events/alerts/2023/11/16/citrix-releases-security-updates-citrix-hypervisor-0