End-of-Day report
Timeframe: Mittwoch 31-05-2023 18:00 - Donnerstag 01-06-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Terminator antivirus killer is a vulnerable Windows driver in disguise
A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" [...]
https://www.bleepingcomputer.com/news/security/terminator-antivirus-killer-is-a-vulnerable-windows-driver-in-disguise/
Exploit released for RCE flaw in popular ReportLab PDF library
A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab, a popular Python library used by numerous projects to generate PDF files from HTML input.
https://www.bleepingcomputer.com/news/security/exploit-released-for-rce-flaw-in-popular-reportlab-pdf-library/
Polizei warnt vor neuer Betrugsmasche mit NFC-Smartphone-Bezahlung
Kriminellen ist es gelungen, Bankkarten der Opfer auf ihre Handys zu laden. Anschließend wurde kräftig eingekauft und Konten leergeräumt.
https://futurezone.at/digital-life/betrug-phishing-mobile-payment-nfc-smartphone-bezahlung-fake-website/402470321
Serious Security: That KeePass -master password crack-, and what we can learn from it
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Dont panic.)
https://nakedsecurity.sophos.com/2023/05/31/serious-security-that-keepass-master-password-crack-and-what-we-can-learn-from-it/
XSS vulnerability in the ASP.NET application: examining CVE-2023-24322 in mojoPortal CMS
In this article, we will thoroughly examine the XSS vulnerability in a CMS written in C#. Lets recall the theory, figure out how the security defect looks from a users perspective and in code, and also practice writing exploits.
https://pvs-studio.com/en/blog/posts/csharp/1054/
Angriff auf iPhones: Kaspersky macht ausgeklügelte Attacke publik
Kaspersky hat nach eigenen Angaben in iPhone-Backups Spuren eines komplexen Angriffs entdeckt. Gegenwehr sei nur mit rabiaten Mitteln möglich.
https://heise.de/-9159301
STARFACE: Authentication with Password Hash Possible
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an applications database generally has become best practice to protect users passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.
https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-004/
Malware Spotlight: Camaro Dragon-s TinyNote Backdoor
In this report, we analyze another previously undisclosed backdoor associated with this cluster of activity which shares with it not only a common infrastructure but also the same high-level intelligence-gathering goal.
https://research.checkpoint.com/2023/malware-spotlight-camaro-dragons-tinynote-backdoor/
Vulnerabilities
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software-s MOVEit Transfer solution across multiple customer environments.
https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/
Unified Automation: New UaGateway V1.5.14 Service Release
This version contains security bug fixes including improvements in KeyUsage check.
https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt
(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write/Pointer Remote Code Execution Vulnerability
Published: 2023-05-31
Affected Vendor: Fatek Automation
ZDI ID: ZDI-23-760 bis ZDI-23-771
https://www.zerodayinitiative.com/advisories/published/
(0Day) VIPRE Antivirus Plus
Published: 2023-05-31
Affected Vendor:
VIPRE
ZDI ID: ZDI-23-755 bis ZDI-23-759
https://www.zerodayinitiative.com/advisories/published/
IBM Security Bulletins
IBM App Connect, IBM Business Automation Manager Open Editions, IBM Business Automation Workflow, IBM Control Desk, IBM Maximo, IBM Edge Application Manager, IBM MQ, IBM Spectrum Protect Plus, IBM Control Desk, IBM Data Risk Manager, Tivoli, Hardware Management Console, IBM Cloud Pak, IBM Power Systems, IBM Security Directory Server, WebSphere Application Server, Rational Developer for i, IBM Security Guardium
https://www.ibm.com/support/pages/bulletin/
Security updates for Thursday
Security updates have been issued by Debian (libwebp, openssl, sssd, and texlive-bin), Fedora (bitcoin-core, editorconfig, edk2, mod_auth_openidc, pypy, pypy3.9, python3.10, and python3.8), Red Hat (kernel, openssl, pcs, pki-core:10.6, and qatzip), SUSE (chromium, ImageMagick, openssl-1_1, and tiff), and Ubuntu (cups, libvirt, and linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi).
https://lwn.net/Articles/933465/
AddToAny Share Buttons - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-019
https://www.drupal.org/sa-contrib-2023-019
AddToAny Share Buttons - Moderately critical - Access bypass - SA-CONTRIB-2023-018
https://www.drupal.org/sa-contrib-2023-018
Consent Popup - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-017
https://www.drupal.org/sa-contrib-2023-017
Iubenda Integration - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-016
https://www.drupal.org/sa-contrib-2023-016
Advantech WebAccess/SCADA
https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01
HID Global SAFE
https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02