Tageszusammenfassung - 24.05.2023

End-of-Day report

Timeframe: Dienstag 23-05-2023 18:00 - Mittwoch 24-05-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a


Barracuda warns of email gateways breached via zero-day flaw

Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security Gateway (ESG) appliances were breached last week by targeting a now-patched zero-day vulnerability.


Legion Malware Upgraded to Target SSH Servers and AWS Credentials

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch.


Malvertising via brand impersonation is back again

In recent months, numerous incidents have shown that malvertising is on the rise again and affecting the user experience and trust in their favorite search engine. Indeed, Search Engine Results Pages (SERPs) include paid Google ads that in some cases lead to scams or malware.


Von legitim zu bösartig: Die Verwandlung einer Android-App innerhalb eines Jahres

ESET-Forscher entdecken AhRat - ein neuer Android-RAT auf der Basis von AhMyth - der Dateien exfiltriert und Audio aufzeichnet.


Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own

MikroTik patches a major security defect in its RouterOS product a full five months after it was exploited at Pwn2Own Toronto.


Zahlreiche World4You Phishing-Mails im Umlauf!

Website-Betreiber:innen aufgepasst: Kriminelle versenden aktuell vermehrt E-Mails im Namen des österreichischen Hosting-Providers World4You. Darin wird meist fälschlicherweise behauptet, dass Rechnungen nicht beglichen oder Webadressen gesperrt wurden.


CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF)

Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020.




NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.


Security updates for Wednesday

Security updates have been issued by Debian (libssh and sofia-sip), Fedora (cups-filters, dokuwiki, qt5-qtbase, and vim), Oracle (git, python-pip, and python3-setuptools), Red Hat (git, kernel, kpatch-patch, rh-git227-git, and sudo), SUSE (openvswitch, rmt-server, and texlive), and Ubuntu (binutils, cinder, cloud-init, firefox, golang-1.13, Jhead, liblouis, ncurses, node-json-schema, node-xmldom, nova, python-glance-store, python-os-brick, and runc).


Nextcloud: user_oidc app is missing bruteforce protection


Nextcloud: User session not correctly destroyed on logout


Nextcloud: Basic auth header on WebDAV requests is not brute-force protected


Apple security updates: iTunes 12.12.9 for Windows


F5: K000134744 : Intel BIOS vulnerability CVE-2022-38087


F5: K000134747 : PHP vulnerability CVE-2023-0568


Bosch: Unrestricted SSH port forwarding in BVMS


Bosch: Vulnerability in Wiegand card data interpretation


Bosch: .NET Remote Code Execution Vulnerability in BVMS, BIS and AMS


IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js (CVE-2023-0842)


IBM App Connect Enterprise is vulnerable to a denial of service due to cURL libcurl and Google protobuf-java. (CVE-2022-42915, CVE-2021-22569, CVE-2022-3509, CVE-2022-3171, CVE-2022-3510)


IBM InfoSphere Information Server is affected by a remote code execution vulnerability (CVE-2023-32336)


This Power System update is being released to address CVE 2023-30438


TADDM affected by multiple vulnerabilities due to IBM Java and its runtime


Vulnerability in IBM\u00ae Runtime Environment Java\u2122 Version 8 \u00a0affect Cloud Pak System. [CVE-2023-30441]


A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-27554)


A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2022-39161)


A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2022-39161)


A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-24966)


Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)