Tageszusammenfassung - 04.05.2023

End-of-Day report

Timeframe: Mittwoch 03-05-2023 18:00 - Donnerstag 04-05-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer


Windows admins can now sign up for -known issue- email alerts

Microsoft announced today that Windows admins can now choose to be emailed when new known issues are added to the Windows release health section of the Microsoft 365 admin center.


Infostealer Embedded in a Word Document, (Thu, May 4th)

hen attackers design malicious documents, one of their challenges is to make the potential victim confident to perform dangerous actions: click on a link, disable a security feature, etc. The best example is probably VBA macros in Microsoft Office documents. Disabled by default, the attacker must make the user confident to enable them by clicking on the -yellow ribbon- on top of the document. Yesterday I found a malicious document that implements another approach.


How to Analyze Java Malware - A Case Study of STRRAT

STRRAT is a Java-based malware that executes multiple commands transmitted by the C2 server. The JAR file was obfuscated using the Allatori obfuscator. It establishes persistence on the host by copying to the Startup folder and creating a scheduled task and a Run registry entry. The functionalities of the implemented commands include: reboot the machine, uninstall the malware and delete all its traces, download and execute files [..]



S3 File System - Moderately critical - Access bypass - SA-CONTRIB-2023-014

S3 File System (s3fs) provides an additional file system to your Drupal site, which stores files in Amazon's Simple Storage Service (S3) or any other S3-compatible storage service. This module may fail to validate that a file being requested to be moved to storage was uploaded during the same web request, possibly allowing an attacker to move files that should normally be inaccessible to them.


Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function.


Patchday Fortinet: Angreifer könnten eigene Befehle ausführen

Es gibt wichtige Sicherheitsupdates für verschiedene Produkte von Fortinet. Keine Lücke gilt als kritisch.


Security updates for Thursday

Security updates have been issued by Fedora (python-sentry-sdk) and Ubuntu (python-django and ruby2.3, ruby2.5, ruby2.7).


Malicious IKEv1 packet by unauthenticated peer can cause libreswan to restart

The Libreswan Project was notified by github user "XU-huai" of an issue with receiving a malformed IKEv1 Aggressive Mode packet that would cause a crash and restart of the libreswan pluto daemon. When sent continuously, this could lead to a denial of service attack.


Apple: Beats Firmware Update 5B66


Apple: AirPods Firmware Update 5E133


IBM ECM Content Management Interoperability Services (CMIS) spring-expression security vulnerability CVE-2023-20861


IBM ECM Content Management Interoperability Services (CMIS) cfx-core security vulnerabilities CVE-2022-46363, CVE-2022-46364


IBM ECM Content Management Interoperability Services (CMIS) woodstox\/XStream security vulnerability CVE-2022-40152


IBM InfoSphere Information Server is affected but not classified as vulnerable to a denial of service vulnerability in NumPy (CVE-2021-34141)


A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2023-25690)


A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-26283)


IBM Virtualization Engine TS7700 is vulnerable to a privilege escalation threat (CVE-2023-24958)


IBM ECM Content Management Interoperability Services (CMIS) spring-expression\/spring-core security vulnerability [CVE-2023-20863]


IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities