End-of-Day report
Timeframe: Montag 08-05-2023 18:00 - Dienstag 09-05-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
A new, stealthier type of Typosquatting attack spotted targeting NPM
Attackers have been using lowercase letters in package names on the Node Package Manager (NPM) registry for potential malicious package impersonation. This deceptive tactic presents a dangerous twist on a well-known attack method -- "Typosquatting."
https://checkmarx.com/blog/a-new-stealthier-type-of-typosquatting-attack-spotted-targeting-npm/
AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability
Owners of Ruckus access points (APs) have been warned that a DDoS botnet named AndoryuBot has been exploiting a recently patched vulnerability to hack devices. The vulnerability in question is tracked as CVE-2023-25717 and it was patched by Ruckus in February in many of its wireless APs.
https://www.securityweek.com/andoryubot-ddos-botnet-exploiting-ruckus-ap-vulnerability/
Building Automation System Exploit Brings KNX Security Back in Spotlight
A public exploit targeting building automation systems has brought KNX security back into the spotlight, with industrial giant Schneider Electric releasing a security bulletin to warn customers about the potential risks.
https://www.securityweek.com/building-automation-system-exploit-brings-knx-security-back-in-spotlight/
Buchen Sie Ihre Unterkunft nicht über booked.net oder hotel-mix.de
Sie suchen eine Unterkunft? Buchen Sie lieber nicht auf booked.net oder hotel-mix.de, denn die beiden Buchungsplattformen listen Unterkünfte, die keinen Vertrag mit der Plattform haben. In der gebuchten Unterkunft angekommen, kann es Ihnen passieren, dass die Betreiber:innen gar nichts von Ihrer Buchung wissen und Sie kurzfristig eine neue Schlafmöglichkeit suchen müssen.
https://www.watchlist-internet.at/news/buchen-sie-ihre-unterkunft-nicht-ueber-bookednet-oder-hotel-mixde/
New phishing-as-a-service tool -Greatness- already seen in the wild
A previously unreported phishing-as-a-service (PaaS) offering named -Greatness- has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots.
https://blog.talosintelligence.com/new-phishing-as-a-service-tool-greatness-already-seen-in-the-wild/
Vulnerabilities
WordPress Plugin "Newsletter" vulnerable to cross-site scripting
WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability (CWE-79). An arbitrary script may be executed on the web browser of the user who is logging in to the WordPress using the plugin.
https://jvn.jp/en/jp/JVN59341308/
WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting
* An arbitrary script may be executed on the web browser of the user who is logging in to the product - CVE-2023-27923, CVE-2023-28367
* An arbitrary script may be executed on the web browser of the user who is accessing the site using the product - CVE-2023-27925, CVE-2023-27926
https://jvn.jp/en/jp/JVN95792402/
Security updates for Tuesday
Security updates have been issued by Fedora (java-11-openjdk-portable and rubygem-redcarpet), Red Hat (autotrace, bind, buildah, butane, conmon, containernetworking-plugins, curl, device-mapper-multipath, dhcp, edk2, emacs, fence-agents, freeradius, freerdp, frr, fwupd, gdk-pixbuf2, git, git-lfs, golang-github-cpuguy83-md2man, grafana, grafana-pcp, gstreamer1-plugins-good, Image Builder, jackson, kernel, kernel-rt, krb5, libarchive, libguestfs-winsupport, libreswan, libtiff, libtpms, lua, mysql, net-snmp, openssh, openssl, pcs, php:8.1, pki-core, podman, poppler, postgresql-jdbc, python-mako, qemu-kvm, samba, skopeo, sysstat, tigervnc, toolbox, unbound, webkit2gtk3, wireshark, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (cfengine, cfengine-masterfiles, go1.19, go1.20, libfastjson, python-cryptography, and python-ujson), and Ubuntu (mysql-5.7).
https://lwn.net/Articles/931384/
Citrix ADC and Citrix Gateway Security Bulletin
* CVE-2023-24488, Cross site scripting, CVSS 6.1
* CVE-2023-24487, Arbitrary file read, CVSS 6.3
https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488
SSA-932528 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge
https://cert-portal.siemens.com/productcert/html/ssa-932528.html
SSA-892048 V1.0: Third-Party Component Vulnerabilities in SINEC NMS before V1.0.3.1
https://cert-portal.siemens.com/productcert/html/ssa-892048.html
SSA-789345 V1.0: Code Execution Vulnerabilities in Siveillance Video Event and Management Servers
https://cert-portal.siemens.com/productcert/html/ssa-789345.html
SSA-555292 V1.0: Security Vulnerabilities Fixed in SIMATIC Cloud Connect 7 V2.1
https://cert-portal.siemens.com/productcert/html/ssa-555292.html
SSA-516174 V1.0: Wi-Fi Encryption Bypass Vulnerabilities in SCALANCE W1750D
https://cert-portal.siemens.com/productcert/html/ssa-516174.html
SSA-325383 V1.0: Multiple Vulnerabilities in SCALANCE LPE9403 before V2.1
https://cert-portal.siemens.com/productcert/html/ssa-325383.html
F5: K000133759 : Python vulnerability CVE-2020-26116
https://my.f5.com/manage/s/article/K000133759
F5: K000134496 : Jettison vulnerability CVE-2022-45685
https://my.f5.com/manage/s/article/K000134496
Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.
https://www.ibm.com/support/pages/node/6988953
Tensorflow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component
https://www.ibm.com/support/pages/node/6988959
IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)
https://www.ibm.com/support/pages/node/6986333
TensorFlow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component
https://www.ibm.com/support/pages/node/6988979
Ansi-html is vulnerable to CVE-2021-23424 used in IBM Maximo Application Suite
https://www.ibm.com/support/pages/node/6988981
Node-forge is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component
https://www.ibm.com/support/pages/node/6988969
Apache Log4j is vulnerable to CVE-2021-45105 and CVE-2021-45046 used in IBM Maximo Application Suite - Monitor Component
https://www.ibm.com/support/pages/node/6988975
Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter
https://www.ibm.com/support/pages/node/888295
IBM Cloud Pak for Network Automation 2.4.6 fixes multiple security vulnerabilities
https://www.ibm.com/support/pages/node/6989099
CVE-2023-24536, CVE-2023-24537 and CVE-2023-24534 may affect IBM CICS TX Standard
https://www.ibm.com/support/pages/node/6989115
CVE-2023-24536, CVE-2023-24537, CVE-2023-24534 may affect IBM CICS TX Advanced
https://www.ibm.com/support/pages/node/6989117
A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2022-39161)
https://www.ibm.com/support/pages/node/6989119
WebSphere Application Server Liberty is vulnerable to CVE-2022-3509 and CVE-2022-3171 used in IBM Maximo Application Suite - Monitor Component
https://www.ibm.com/support/pages/node/6989133
IBM WebSphere Application Server Liberty and Open Liberty is vulnerable to CVE-2022-22475 used in IBM Maximo Application Suite - Monitor Component
https://www.ibm.com/support/pages/node/6989131
IBM WebSphere Application Server Liberty is vulnerable to CVE-2022-22393 used in IBM Maximo Application Suite - Monitor Component
https://www.ibm.com/support/pages/node/6989127
A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2022-39161)
https://www.ibm.com/support/pages/node/6989145