Tageszusammenfassung - 08.03.2023
End-of-Day report
Timeframe: Dienstag 07-03-2023 18:00 - Mittwoch 08-03-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert WaldnerNews
What is a Website Defacement?
Defacement is easily one the most obvious signs of a hacked website. In these attacks, bad actors gain unauthorized access to an environment and leave their mark through digital vandalism, altering its visual appearance or content in the process. https://blog.sucuri.net/2023/03/what-is-website-defacement.htmlPersistence - Event Log Online Help
Event viewer is a component of Microsoft Windows that displays information related to application, security, system and setup events. Even though that Event Viewer is used mainly for troubleshooting windows errors by administrators could be also used as a form a persistence during red team operations. https://pentestlab.blog/2023/03/07/persistence-event-log-online-help/-Lidl Frauentagsgeschenk-: Fake-Gewinnspiel zum Frauentag
Derzeit verbreiten WhatsApp-, Messenger- oder Viber-Nutzer:innen unwissentlich einen Link mit einem betrügerischen Gewinnspiel unter ihren Kontakten. Angeblich verlost die Supermarktkette -Lidl- anlässlich des Frauentags am 8.März -viele Geldgeschenke-, wie es in der Nachricht heißt. Klicken Sie nicht auf den Link. Kriminelle versuchen Schadsoftware auf Ihrem Gerät zu installieren! https://www.watchlist-internet.at/news/lidl-frauentagsgeschenk-fake-gewinnspiel-zum-frauentag/GlobeImposter Ransomware Being Distributed with MedusaLocker via RDP
ASEC (AhnLab Security Emergency response Center) has recently discovered the active distribution of the GlobeImposter ransomware. This attack is being carried out by the threat actors behind MedusaLocker. While the specific route could not be ascertained, it is assumed that the ransomware is being distributed through RDP due to the various pieces of evidence gathered from the infection logs. https://asec.ahnlab.com/en/48940/Vulnerabilities
Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002)
Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an unauthenticated attacker to login as any Site Member or System User. https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.htmlABB Substation management unit COM600 IEC-104 protocol stack vulnerability
Hitachi Energy disclosed a vulnerability (CVE-2022-29492) that affects certain HE products. This vulnerability also affects the IEC 68070-5-104 (IEC-104) protocol stack of ABB Substation Management Unit COM600. Subsequently, a successful exploit could allow attackers to cause a denial-of-service attack against the COM600 product. https://web.apsis.one/wve/68c20aba-1b85-416f-bf3f-ce8b1779c260CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE
Aqua Nautilus researchers have discovered a chain of vulnerabilities, dubbed CorePlague, in the widely used Jenkins Server and Update Center (CVE-2023-27898, CVE-2023-27905). Exploiting these vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on the victims Jenkins server, potentially leading to a complete compromise of the Jenkins server. https://blog.aquasec.com/jenkins-server-vulnerabilitiesProblematische Sicherheitslücke in Apples GarageBand
Die kostenlose Musikproduktionssoftware von Apple lässt sich offenbar angreifen. Nutzer unter macOS sollten schnell aktualisieren. https://heise.de/-7538801Patchday: Fortinet dichtet 15 Schwachstellen ab, davon eine kritische
Der Patchday bei Fortinet bringt IT-Verantwortlichen Updates zum Schließen von 15 Sicherheitslücken. Eine davon ist kritisch und erlaubt Einschleusen von Code. https://heise.de/-7538910Security updates for Wednesday
Security updates have been issued by Debian (apr), Fedora (c-ares), Oracle (curl, kernel, pesign, samba, and zlib), Red Hat (curl, gnutls, kernel, kernel-rt, and pesign), Scientific Linux (kernel, pesign, samba, and zlib), SUSE (libX11, python-rsa, python3, python36, qemu, rubygem-rack, xorg-x11-server, and xwayland), and Ubuntu (libtpms, linux-ibm, linux-raspi, linux-raspi, python3.7, python3.8, and sofia-sip). https://lwn.net/Articles/925606/IBM Security Bulletins 2023-03-08 IBM Robotic Process Automation, IBM WebSphere, IBM MQ, Financial Transaction Manager, IBM VM Recovery Manager, IBM Aspera faspio Gateway, IBM Security Verify Bridge, IBM Spectrum Scale, IBM Security Guardium. https://www.ibm.com/support/pages/bulletin/