Tageszusammenfassung - 24.05.2023

End-of-Day report

Timeframe: Dienstag 23-05-2023 18:00 - Mittwoch 24-05-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

Barracuda warns of email gateways breached via zero-day flaw

Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security Gateway (ESG) appliances were breached last week by targeting a now-patched zero-day vulnerability.

https://www.bleepingcomputer.com/news/security/barracuda-warns-of-email-gateways-breached-via-zero-day-flaw/


Legion Malware Upgraded to Target SSH Servers and AWS Credentials

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch.

https://thehackernews.com/2023/05/legion-malware-upgraded-to-target-ssh.html


Malvertising via brand impersonation is back again

In recent months, numerous incidents have shown that malvertising is on the rise again and affecting the user experience and trust in their favorite search engine. Indeed, Search Engine Results Pages (SERPs) include paid Google ads that in some cases lead to scams or malware.

https://www.malwarebytes.com/blog/threat-intelligence/2023/05/malvertising-its-a-jungle-out-there


Von legitim zu bösartig: Die Verwandlung einer Android-App innerhalb eines Jahres

ESET-Forscher entdecken AhRat - ein neuer Android-RAT auf der Basis von AhMyth - der Dateien exfiltriert und Audio aufzeichnet.

https://www.welivesecurity.com/deutsch/2023/05/23/von-legitim-zu-bosartig-ahrat/


Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own

MikroTik patches a major security defect in its RouterOS product a full five months after it was exploited at Pwn2Own Toronto.

https://www.securityweek.com/mikrotik-belatedly-patches-routeros-flaw-exploited-at-pwn2own/


Zahlreiche World4You Phishing-Mails im Umlauf!

Website-Betreiber:innen aufgepasst: Kriminelle versenden aktuell vermehrt E-Mails im Namen des österreichischen Hosting-Providers World4You. Darin wird meist fälschlicherweise behauptet, dass Rechnungen nicht beglichen oder Webadressen gesperrt wurden.

https://www.watchlist-internet.at/news/zahlreiche-world4you-phishing-mails-im-umlauf/


CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF)

Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020.

https://www.cisa.gov/news-events/alerts/2023/05/23/cisa-and-partners-update-stopransomware-guide-developed-through-joint-ransomware-task-force-jrtf

Vulnerabilities

VMSA-2023-0010

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.

https://www.vmware.com/security/advisories/VMSA-2023-0010.html


Security updates for Wednesday

Security updates have been issued by Debian (libssh and sofia-sip), Fedora (cups-filters, dokuwiki, qt5-qtbase, and vim), Oracle (git, python-pip, and python3-setuptools), Red Hat (git, kernel, kpatch-patch, rh-git227-git, and sudo), SUSE (openvswitch, rmt-server, and texlive), and Ubuntu (binutils, cinder, cloud-init, firefox, golang-1.13, Jhead, liblouis, ncurses, node-json-schema, node-xmldom, nova, python-glance-store, python-os-brick, and runc).

https://lwn.net/Articles/932827/


Nextcloud: user_oidc app is missing bruteforce protection

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x8mc-84wj-rf34


Nextcloud: User session not correctly destroyed on logout

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q8c4-chpj-6v38


Nextcloud: Basic auth header on WebDAV requests is not brute-force protected

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54


Apple security updates: iTunes 12.12.9 for Windows

https://support.apple.com/kb/HT213763


F5: K000134744 : Intel BIOS vulnerability CVE-2022-38087

https://my.f5.com/manage/s/article/K000134744


F5: K000134747 : PHP vulnerability CVE-2023-0568

https://my.f5.com/manage/s/article/K000134747


Bosch: Unrestricted SSH port forwarding in BVMS

https://psirt.bosch.com/security-advisories/bosch-sa-025794-bt.html


Bosch: Vulnerability in Wiegand card data interpretation

https://psirt.bosch.com/security-advisories/bosch-sa-391095-bt.html


Bosch: .NET Remote Code Execution Vulnerability in BVMS, BIS and AMS

https://psirt.bosch.com/security-advisories/bosch-sa-110112-bt.html


IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js (CVE-2023-0842)

https://www.ibm.com/support/pages/node/6997617


IBM App Connect Enterprise is vulnerable to a denial of service due to cURL libcurl and Google protobuf-java. (CVE-2022-42915, CVE-2021-22569, CVE-2022-3509, CVE-2022-3171, CVE-2022-3510)

https://www.ibm.com/support/pages/node/6997631


IBM InfoSphere Information Server is affected by a remote code execution vulnerability (CVE-2023-32336)

https://www.ibm.com/support/pages/node/6995879


This Power System update is being released to address CVE 2023-30438

https://www.ibm.com/support/pages/node/6993021


TADDM affected by multiple vulnerabilities due to IBM Java and its runtime

https://www.ibm.com/support/pages/node/6997919


Vulnerability in IBM\u00ae Runtime Environment Java\u2122 Version 8 \u00a0affect Cloud Pak System. [CVE-2023-30441]

https://www.ibm.com/support/pages/node/6997913


A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-27554)

https://www.ibm.com/support/pages/node/6997097


A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2022-39161)

https://www.ibm.com/support/pages/node/6997921


A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2022-39161)

https://www.ibm.com/support/pages/node/6997923


A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-24966)

https://www.ibm.com/support/pages/node/6997925


Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)

https://www.ibm.com/support/pages/node/6997115