Tageszusammenfassung - 09.05.2023

End-of-Day report

Timeframe: Montag 08-05-2023 18:00 - Dienstag 09-05-2023 18:00 Handler: Robert Waldner Co-Handler: n/a


A new, stealthier type of Typosquatting attack spotted targeting NPM

Attackers have been using lowercase letters in package names on the Node Package Manager (NPM) registry for potential malicious package impersonation. This deceptive tactic presents a dangerous twist on a well-known attack method -- "Typosquatting."


AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability

Owners of Ruckus access points (APs) have been warned that a DDoS botnet named AndoryuBot has been exploiting a recently patched vulnerability to hack devices. The vulnerability in question is tracked as CVE-2023-25717 and it was patched by Ruckus in February in many of its wireless APs.


Building Automation System Exploit Brings KNX Security Back in Spotlight

A public exploit targeting building automation systems has brought KNX security back into the spotlight, with industrial giant Schneider Electric releasing a security bulletin to warn customers about the potential risks.


Buchen Sie Ihre Unterkunft nicht über booked.net oder hotel-mix.de

Sie suchen eine Unterkunft? Buchen Sie lieber nicht auf booked.net oder hotel-mix.de, denn die beiden Buchungsplattformen listen Unterkünfte, die keinen Vertrag mit der Plattform haben. In der gebuchten Unterkunft angekommen, kann es Ihnen passieren, dass die Betreiber:innen gar nichts von Ihrer Buchung wissen und Sie kurzfristig eine neue Schlafmöglichkeit suchen müssen.


New phishing-as-a-service tool -Greatness- already seen in the wild

A previously unreported phishing-as-a-service (PaaS) offering named -Greatness- has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots.



WordPress Plugin "Newsletter" vulnerable to cross-site scripting

WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability (CWE-79). An arbitrary script may be executed on the web browser of the user who is logging in to the WordPress using the plugin.


WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting

* An arbitrary script may be executed on the web browser of the user who is logging in to the product - CVE-2023-27923, CVE-2023-28367 * An arbitrary script may be executed on the web browser of the user who is accessing the site using the product - CVE-2023-27925, CVE-2023-27926


Security updates for Tuesday

Security updates have been issued by Fedora (java-11-openjdk-portable and rubygem-redcarpet), Red Hat (autotrace, bind, buildah, butane, conmon, containernetworking-plugins, curl, device-mapper-multipath, dhcp, edk2, emacs, fence-agents, freeradius, freerdp, frr, fwupd, gdk-pixbuf2, git, git-lfs, golang-github-cpuguy83-md2man, grafana, grafana-pcp, gstreamer1-plugins-good, Image Builder, jackson, kernel, kernel-rt, krb5, libarchive, libguestfs-winsupport, libreswan, libtiff, libtpms, lua, mysql, net-snmp, openssh, openssl, pcs, php:8.1, pki-core, podman, poppler, postgresql-jdbc, python-mako, qemu-kvm, samba, skopeo, sysstat, tigervnc, toolbox, unbound, webkit2gtk3, wireshark, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (cfengine, cfengine-masterfiles, go1.19, go1.20, libfastjson, python-cryptography, and python-ujson), and Ubuntu (mysql-5.7).


Citrix ADC and Citrix Gateway Security Bulletin

* CVE-2023-24488, Cross site scripting, CVSS 6.1 * CVE-2023-24487, Arbitrary file read, CVSS 6.3


SSA-932528 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge


SSA-892048 V1.0: Third-Party Component Vulnerabilities in SINEC NMS before V1.0.3.1


SSA-789345 V1.0: Code Execution Vulnerabilities in Siveillance Video Event and Management Servers


SSA-555292 V1.0: Security Vulnerabilities Fixed in SIMATIC Cloud Connect 7 V2.1


SSA-516174 V1.0: Wi-Fi Encryption Bypass Vulnerabilities in SCALANCE W1750D


SSA-325383 V1.0: Multiple Vulnerabilities in SCALANCE LPE9403 before V2.1


F5: K000133759 : Python vulnerability CVE-2020-26116


F5: K000134496 : Jettison vulnerability CVE-2022-45685


Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.


Tensorflow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component


IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)


TensorFlow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component


Ansi-html is vulnerable to CVE-2021-23424 used in IBM Maximo Application Suite


Node-forge is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component


Apache Log4j is vulnerable to CVE-2021-45105 and CVE-2021-45046 used in IBM Maximo Application Suite - Monitor Component


Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter


IBM Cloud Pak for Network Automation 2.4.6 fixes multiple security vulnerabilities


CVE-2023-24536, CVE-2023-24537 and CVE-2023-24534 may affect IBM CICS TX Standard


CVE-2023-24536, CVE-2023-24537, CVE-2023-24534 may affect IBM CICS TX Advanced


A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2022-39161)


WebSphere Application Server Liberty is vulnerable to CVE-2022-3509 and CVE-2022-3171 used in IBM Maximo Application Suite - Monitor Component


IBM WebSphere Application Server Liberty and Open Liberty is vulnerable to CVE-2022-22475 used in IBM Maximo Application Suite - Monitor Component


IBM WebSphere Application Server Liberty is vulnerable to CVE-2022-22393 used in IBM Maximo Application Suite - Monitor Component


A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2022-39161)