Tageszusammenfassung - 16.03.2023

End-of-Day report

Timeframe: Mittwoch 15-03-2023 18:00 - Donnerstag 16-03-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter


CVE-2023-23397 - der (interessante) Teufel steckt im Detail

Im Regelfall veröffentlichen wir zu Sicherheitslücken, die durch den Hersteller im Rahmen eines regulären Patchzyklus behoben werden, keine Warnung. Die Motivation dahinter ist, dass wir unsere Warnungen als Werkzeug betrachten, Informationen über kritische Schwachstellen mit entsprechender Urgenz an die jeweiligen Adressat:innen bringen wollen. Dementsprechend entscheiden wir relativ konservativ, wovor oder worüber wir warnen, um die Wirkung selbiger nicht zu verwässern. Aber, wie so oft, bestätigen Ausnahmen die Regel [...]


CISA warns of Adobe ColdFusion bug exploited as a zero-day

CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild.


Winter Vivern APT hackers use fake antivirus scans to install malware

An advanced hacking group named Winter Vivern targets European government organizations and telecommunication service providers to conduct espionage.


BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion

The ransomware group has already claimed 116 victim organizations so far on its site, and it continues to mature as a thriving cybercriminal business, researchers said.


Simple Shellcode Dissection, (Thu, Mar 16th)

Most people will never execute a suspicious program or -executable-. Also, most of them cannot be delivered directly via email. Most antispam and antivirus solutions block them. But, then, how could people be so easily infected? I-ll explain with the help of a file I found in a phishing campaign.


Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency

Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).


SSRF Cross Protocol Redirect Bypass

Server Side Request Forgery (SSRF) is a fairly known vulnerability with established prevention methods. So imagine my surprise when I bypassed an SSRF mitigation during a routine retest. Even worse, I have bypassed a filter that we have recommended ourselves!


Falsche WhatsApp und Telegram Apps auf der Jagd nach Krypto-Wallets

ESET-Forscher analysierten Android- und Windows-Clipper, die Sofortnachrichten manipulieren und OCR verwenden können, um Kryptowährungen zu stehlen.


Bee-Ware of Trigona, An Emerging Ransomware Strain

Trigona ransomware is a relatively new strain that security researchers first discovered in late October 2022. By analyzing Trigona ransomware binaries and ransom notes obtained from VirusTotal, as well as information from Unit 42 incident response, we determined that Trigona was very active during December 2022, with at least 15 potential victims being compromised. Affected organizations are in the manufacturing, finance, construction, agriculture, marketing and high technology industries.


DotRunpeX - demystifying new virtualized .NET injector used in the wild

ImplMap2x64dbgInvoke-DotRunpeXextractThe post DotRunpeX - demystifying new virtualized .NET injector used in the wild appeared first on Check Point Research.



Webkonferenzen: Hochriskante Lücken in Zoom

In der Online-Konferenzsoftware Zoom haben die Entwickler mehrere Schwachstellen geschlossen. Einige gelten als hochriskant und könnten Codeschmuggel erlauben.


Kritisches Leck in SSL-VPN-Gateway von Array Networks

Die SSL-VPN-Gateways von Array Networks haben eine kritische Sicherheitslücke. Angreifer könnten aus dem Netz ohne Authentifizierung Code einschleusen.


Security updates for Thursday

Security updates have been issued by Debian (firefox-esr and pcre2), Oracle (nss), Red Hat (kpatch-patch and nss), SUSE (java-11-openjdk, kernel, and python310), and Ubuntu (emacs24, ffmpeg, firefox, imagemagick, libphp-phpmailer, librecad, and openjpeg2).


Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004


Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003


Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002


Responsive media Image Formatter - Critical - Unsupported - SA-CONTRIB-2023-011


Media Responsive Thumbnail - Moderately critical - Information disclosure - SA-CONTRIB-2023-010


Multiple vulnerabilities within OpenSSL and Node.js affect IBM App Connect Enterprise and IBM Integration Bus


EBICs client of IBM Sterling B2B Integrator vulnerable to multiple issues due to Dojo Toolkit


IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)


IBM Watson Assistant for Cloud pak for Data is affected by vulnerabilities in Pallets Werkzeug .


IBM Aspera Faspex can be vulnerable to improperly authorized password changes


Security Vulnerabilities in moment, ansi-regex, Node.js, and minimatch may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-31129, CVE-2022-24785, CVE-2021-3807, CVE-2022-29244, CVE-2022-3517)


Vulnerability in PyPI cryptography and Python may affect IBM Spectrum Protect Plus File Systems Agent (CVE-2023-23931, CVE-2023-0286, CVE-2023-24329)


Vulnerabilities in Linux Kernel may affect IBM Spectrum Protect Plus


Multiple Vulnerabilities in Intel Firmware affect Cloud Pak System


CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced


CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Standard


Vulnerabilities in Golang Go and Java SE might affect IBM Spectrum Copy Data Management (CVE-2022-41717, CVE-2023-21830, CVE-2023-21835, CVE-2023-21843)


Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management (CVE-2022-2964, CVE-2022-2601, CVE-2020-36557)


IBM Sterling B2B Integrator vulnerable to sensitive information exposure due to IBM MQ (CVE-2022-42436)


IBM Sterling Global Mailbox is vulnerable to denial of service due to WebSphere Liberty Server ( CVE-2022-3509, CVE-2022-3171)


IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501)


IBM Sterling Global Mailbox is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)


IBM Sterling Global Mailbox is vulnerable to sensitive data exposure due to Apache CXF (CVE-2022-46363)