End-of-Day report
Timeframe: Donnerstag 16-02-2023 18:00 - Freitag 17-02-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
New Mirai Botnet Variant V3G4 Exploiting 13 Flaws to Target Linux and IoT Devices
A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different campaigns likely conducted by the same threat actor.
https://thehackernews.com/2023/02/new-mirai-botnet-variant-v3g4.html
Massenhaft SMS im Namen des Finanzamts im Umlauf
Wir erhalten derzeit zahlreiche Meldungen zu einer SMS, die im Namen des Finanzamtes versendet wird. Angeblich besteht eine offene Forderung, die trotz mehrfacher Mahnungen nicht beglichen wurde. Bei Nichtzahlung bis zum 18. Februar drohe der Gerichtsvollzieher und die Pfändung. Lassen Sie sich nicht unter Druck setzen. Es handelt sich um Betrug!
https://www.watchlist-internet.at/news/massenhaft-sms-im-namen-des-finanzamts-im-umlauf/
Kritische Sicherheitslücken in ClamAV - Updates verfügbar
17. Februar 2023
Beschreibung
Zwei kritische Schwachstellen in ClamAV erlauben es unauthentisierten Angreifenden, beliebigen Code auszuführen.
CVE-Nummer(n): CVE-2023-20032, CVE-2023-20052
Auswirkungen
Die Lücken in ClamAV können durch präparierte HFS+ bzw. DMG Images ausgelöst werden. Da ClamAV oft als Virenscanner in Mailservern eingesetzt wird, können durch den Versand entsprechender Files per Email verwundbare Installationen kompromittiert werden. [...]
https://cert.at/de/warnungen/2023/2/kritische-sicherheitslucken-in-clamav
Vulnerabilities
Fortinet Security Advisories
Secerity Critical: * FortiNAC - External Control of File Name or Path in keyUpload scriptlet * FortiWeb - Stack-based buffer overflows in Proxyd Severity High: 15 Advisories * FortiADC, FortiExtender, FortiNAC, FortiOS, FortiProxy, FortiSwitchManager, FortiWAN, FortiWeb Severity Medium/Low: 23 Advisories
https://fortiguard.fortinet.com/psirt?date=02-2023
Node.js Thursday February 16 2023 Security Releases
* OpenSSL Security updates * Node.js Permissions policies can be bypassed via process.mainModule * Node.js OpenSSL error handling issues in nodejs crypto library * Fetch API in Node.js did not protect against CRLF injection in host headers * Regular Expression Denial of Service in Headers in Node.js fetch API * Node.js insecure loading of ICU data through ICU_DATA environment variable * npm update for Node.js 14
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
CISA Releases Fifteen Industrial Control Systems Advisories
* Siemens Solid Edge * Siemens SCALANCE X-200 IRT * Siemens Brownfield Connectivity Client * Siemens Brownfield Connectivity Gateway * Siemens SiPass integrated AC5102/ACC-G2 and ACC-AP * Siemens Simcenter Femap * Siemens TIA Project Server * Siemens RUGGEDCOM APE1808 * Siemens SIMATIC Industrial Products * Siemens COMOS * Siemens Mendix * Siemens JT Open, JT Utilities, and Parasolid * Sub-IoT DASH 7 Alliance Protocol * Delta Electronic DIAEnergie (Update B) * BD Alaris Infusion Central
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/16/cisa-releases-fifteen-industrial-control-systems-advisories
Security updates for Friday
Security updates have been issued by Debian (webkit2gtk and wpewebkit), Fedora (firefox, phpMyAdmin, tpm2-tools, and tpm2-tss), Slackware (mozilla), SUSE (mozilla-nss, rubygem-actionpack-4_2, rubygem-actionpack-5_1, and tar), and Ubuntu (linux-azure and linux-hwe-5.19).
https://lwn.net/Articles/923644/
Vulnerability in IP Quorum affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
* IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to jsonwebtoken CVEs * IBM FlashSystem 9100 family and IBM Storwize V7000 2076-724 (Gen3) systems are NOT affected by security vulnerabilities CVE-2018-12037 and CVE-2018-12038 * IBM MQ Operator and Queue Manager container images are vulnerable to vulnerabilities from libksba and sqlite (CVE-2022-47629 and CVE-2022-35737) * IBM Security Guardium Data Encryption is using Components with Known Vulnerabilities (CVE-2022-31129, CVE-2022-24785) * IBM Security Guardium is affected by a redshift-jdbc42-2.0.0.3.jar vulnerability (CVE-2022-41828) * IBM Security Guardium is affected by the following vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889] * Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * LDAP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Multiple Vulnerabilities in Multicloud Management Security Services * Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform * Multiple vulnerabilities in Golang Go affect IBM Decision Optimization in IBM Cloud Pak for Data * Multiple vulnerabilities in IBM Java SDK affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Network Security (NSS) vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * OpenSLP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerabilities in IBM Java and Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products * Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products* Vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-11776) * Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products * Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2018-11784) * Vulnerability in DHCP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5732) * Vulnerability in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2019-2602) * Vulnerability in IP Quorum affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerability in OpenSLP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2017-17833) * Vulnerability in OpenSSL affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products * Vulnerability in SSH protocols affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2008-5161) * Vulnerability in Service Assistant affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-1775) * Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products * Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391) * Vulnerability in zlib affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
https://www.ibm.com/support/pages/bulletin/
Atrocore 1.5.25 Shell Upload
https://cxsecurity.com/issue/WLB-2023020029