End-of-Day report
Timeframe: Mittwoch 29-11-2023 18:00 - Donnerstag 30-11-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
News
FjordPhantom Android malware uses virtualization to evade detection
A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection.
https://www.bleepingcomputer.com/news/security/fjordphantom-android-malware-uses-virtualization-to-evade-detection/
TRAP; RESET; POISON; - Übernahme eines Landes nach Kaminsky Art
Ein technischer Einblick in die Manipulation der DNS-Namensauflösung eines ganzen Landes.
https://sec-consult.com/de/blog/detail/uebernahme-eines-landes-nach-kaminsky-art/
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments.
https://thehackernews.com/2023/11/cactus-ransomware-exploits-qlik-sense.html
Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data
Zoom Rooms, the cloud-based video conferencing platform by Zoom, is making headlines due to a recently discovered vulnerability. This flaw poses a significant security risk as it enables attackers to seize control of a Zoom Room-s service account, gaining unauthorized access to the victim organization-s tenant.
https://www.hackread.com/zoom-vulnerability-hackers-hijack-meetings-data/
BLUFFS: Neue Angriffe gefährden Bluetooth-Datensicherheit auf Milliarden Geräten
Durch eine Lücke im Bluetooth-Protokoll können Angreifer einfach zu knackende Schlüssel erzwingen und so vergangene wie zukünftige Datenübertragung knacken.
https://www.heise.de/-9544862
Vulnerabilities
Drupal: Xsendfile - Moderately critical - Access bypass - SA-CONTRIB-2023-053
The Xsendfile module enables fast transfer for private files in Drupal. In order to control private file downloads, the module overrides ImageStyleDownloadController, for which a vulnerability was disclosed in SA-CORE-2023-005. The Xsendfile module was still based on an insecure version of ImageStyleDownloadController.
https://www.drupal.org/sa-contrib-2023-053
Apache ActiveMQ: Mehrere Codeschmuggel-Lücken von Botnetbetreibern ausgenutzt
Derweil meldet das ActiveMQ-Projekt eine neue Sicherheitslücke, die ebenfalls zur Ausführung von Schadcode genutzt werden kann. Der Fehler verbirgt sich in der Deserialisierungsroutine der Jolokia-Komponente, setzt aber eine Authentisierung voraus. Während die ActiveMQ-Entwickler von einem mittleren Schweregrad ausgehen, vergeben der Warn- und Informationsdienst des BSI einen CVSS-Wert von 8.8 und stuft den Schweregrad somit als "hoch" ein. CVE ID: CVE-2022-41678
https://www.heise.de/-9544281
MOVEit Transfer Service Pack (November 2023)
This article contains the details of the specific updates within the MOVEit Transfer November 2023 Service Pack. The Service Pack contains fixes for (2) newly disclosed CVEs described below. Progress Software highly recommends you apply this Service Pack for product updates and security improvements. CVE IDs: CVE-2023-6217, CVE-2023-6218
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)
Last week, there were 115 vulnerabilities disclosed in 87 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
https://www.wordfence.com/blog/2023/11/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-20-2023-to-november-26-2023/
Security updates for Thursday
Security updates have been issued by Fedora (chromium, gnutls, gst-devtools, gstreamer1, gstreamer1-doc, libcap, mingw-poppler, python-gstreamer1, qbittorrent, webkitgtk, and xen), Mageia (docker, kernel-linus, and python-django), Oracle (dotnet6.0, dotnet7.0, dotnet8.0, firefox, samba, squid, and thunderbird), Red Hat (firefox, postgresql:13, squid, and thunderbird), SUSE (cilium, freerdp, java-1_8_0-ibm, and java-1_8_0-openj9), and Ubuntu (ec2-hibinit-agent, freerdp2, gimp, gst-plugins-bad1.0, openjdk-17, openjdk-21, openjdk-lts, openjdk-8, pypy3, pysha3, and u-boot-nezha).
https://lwn.net/Articles/953379/
[R1] Nessus Network Monitor 6.3.1 Fixes Multiple Vulnerabilities
Risk Factor: Critical, CVE ID: CVE-2023-5363, CVE-2021-23369, CVE-2021-23383, CVE-2018-9206
https://www.tenable.com/security/tns-2023-43
Zyxel security advisory for authentication bypass and command injection vulnerabilities in NAS products
Zyxel has released patches addressing an authentication bypass vulnerability and command injection vulnerabilities in NAS products. Users are advised to install them for optimal protection. CVEs: CVE-2023-35137, CVE-2023-35138, CVE-2023-37927, CVE-2023-37928, CVE-2023-4473, CVE-2023-4474
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products
CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2023/11/30/cisa-adds-two-known-exploited-vulnerabilities-catalog
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
PTC KEPServerEx
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03
Delta Electronics DOPSoft
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-01
Mitsubishi Electric FA Engineering Software Products
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-04
Yokogawa STARDOM
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-02