Tageszusammenfassung - 16.02.2023

End-of-Day report

Timeframe: Mittwoch 15-02-2023 18:00 - Donnerstag 16-02-2023 18:00 Handler: Robert Waldner Co-Handler: n/a

News

Emsisoft says hackers are spoofing its certs to breach networks

-A hacker is using fake code-signing certificates impersonating cybersecurity firm Emsisoft to target customers using its security products, hoping to bypass their defenses.

https://www.bleepingcomputer.com/news/security/emsisoft-says-hackers-are-spoofing-its-certs-to-breach-networks/


Hackers backdoor Microsoft IIS servers with new Frebniis malware

Hackers are deploying a new malware named Frebniss on Microsofts Internet Information Services (IIS) that stealthily executes commands sent via web requests.

https://www.bleepingcomputer.com/news/security/hackers-backdoor-microsoft-iis-servers-with-new-frebniis-malware/


-Fake Customer Trick-: Kriminelle ergaunern hochwertige Produkte

Der Name des Halbleiterherstellers Infineon wird derzeit für kriminelle Zwecke missbraucht: Per Mail geben sich Betrüger:innen als Infineon-Mitarbeiter Marcus Schlenker aus und bekunden Interesse an einer Großbestellung. Für die Empfänger:innen klingt das nach einem unkomplizierten und schnellen Geschäft. Doch tatsächlich landen die versendeten Produkte in den Händen von Kriminellen, auf die Bezahlung warten die Opfer vergeblich.

https://www.watchlist-internet.at/news/fake-customer-trick-kriminelle-ergaunern-hochwertige-produkte/


Malware Reverse Engineering for Beginners - Part 2

Often, malware targeting Windows will be packed and delivered as a second stage. There are different ways to -deliver- malware to the endpoint. This blog will cover key concepts and examples regarding how malware is packed, obfuscated, delivered, and executed on the endpoint.

https://www.intezer.com/blog/incident-response/malware-reverse-engineering-for-beginners-part-2/

Vulnerabilities

Patchday bei Intel: Angreifer könnten Server über Root-Lücke attackieren

Intel hat für verschiedene Firm- und Software wichtige Sicherheitsupdates veröffentlicht. In vielen Fällen könnten sich Angreifer höhere Rechte verschaffen.

https://heise.de/-7517141


Jetzt patchen! Entwickler des CMS Joomla warnen vor kritischer Sicherheitslücke

Es ist ein "sehr wichtiger" Sicherheitspatch für Joomla erscheinen.

https://heise.de/-7517312


Security updates for Thursday

Security updates have been issued by Debian (firefox-esr), Fedora (community-mysql, edk2, firefox, and git), Slackware (curl and git), SUSE (apache2-mod_security2, aws-efs-utils, bind, curl, git, ImageMagick, java-11-openjdk, java-17-openjdk, java-1_8_0-openjdk, kernel, libksba, and mozilla-nss), and Ubuntu (golang-golang-x-text, golang-x-text, linux-aws, linux-intel-iotg, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux linux-ibm-5.4, linux-oracle-5.4, linux-gke, linux-gke-5.15, nss, and xorg-server, xorg-server-hwe-16.04).

https://lwn.net/Articles/923503/


Splunk Enterprise Updates Patch High-Severity Vulnerabilities

Splunk updates for Enterprise products resolve multiple high-severity vulnerabilities, including several in third-party packages.

https://www.securityweek.com/splunk-enterprise-updates-patch-high-severity-vulnerabilities/


Security Vulnerabilities fixed in Thunderbird 102.8

CVE-2023-0616: User Interface lockup with messages combining S/MIME and OpenPGP CVE-2023-25728: Content security policy leak in violation reports using iframes CVE-2023-25730: Screen hijack via browser fullscreen mode CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry CVE-2023-25738: Printing on Windows could potentially crash Thunderbird with some device drivers CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8 ...

https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/


MISP 2.4.168 released with bugs fixed, security fixes and major improvements in STIX support.

We are pleased to announce the immediate availability of MISP v2.4.168 with bugs fixed and various security fixes.

https://github.com/MISP/MISP/releases/tag/v2.4.168


ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN


ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy


WAGO: Exposure of configuration interface in unmanaged switches

https://cert.vde.com/de/advisories/VDE-2022-055/


IBM App Connect Enterprise is affected by a remote attacker due to the zip4j library [CVE-2023-22899]

https://www.ibm.com/support/pages/node/6955913


Multiple vulnerabilities in moment.js affect IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-31129, CVE-2022-24785)

https://www.ibm.com/support/pages/node/6852667


IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities.

https://www.ibm.com/support/pages/node/6850801


WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF

https://www.ibm.com/support/pages/node/6956223


Intel Ethernet controllers as used in IBM QRadar SIEM are vulnerable to a denial of service (CVE-2021-0197, CVE-2021-0198, CVE-2021-0199, CVE-2021-0200)

https://www.ibm.com/support/pages/node/6956287