Tageszusammenfassung - 01.06.2023

End-of-Day report

Timeframe: Mittwoch 31-05-2023 18:00 - Donnerstag 01-06-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

Terminator antivirus killer is a vulnerable Windows driver in disguise

A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" [...]

https://www.bleepingcomputer.com/news/security/terminator-antivirus-killer-is-a-vulnerable-windows-driver-in-disguise/


Exploit released for RCE flaw in popular ReportLab PDF library

A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab, a popular Python library used by numerous projects to generate PDF files from HTML input.

https://www.bleepingcomputer.com/news/security/exploit-released-for-rce-flaw-in-popular-reportlab-pdf-library/


Polizei warnt vor neuer Betrugsmasche mit NFC-Smartphone-Bezahlung

Kriminellen ist es gelungen, Bankkarten der Opfer auf ihre Handys zu laden. Anschließend wurde kräftig eingekauft und Konten leergeräumt.

https://futurezone.at/digital-life/betrug-phishing-mobile-payment-nfc-smartphone-bezahlung-fake-website/402470321


Serious Security: That KeePass -master password crack-, and what we can learn from it

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Dont panic.)

https://nakedsecurity.sophos.com/2023/05/31/serious-security-that-keepass-master-password-crack-and-what-we-can-learn-from-it/


XSS vulnerability in the ASP.NET application: examining CVE-2023-24322 in mojoPortal CMS

In this article, we will thoroughly examine the XSS vulnerability in a CMS written in C#. Lets recall the theory, figure out how the security defect looks from a users perspective and in code, and also practice writing exploits.

https://pvs-studio.com/en/blog/posts/csharp/1054/


Angriff auf iPhones: Kaspersky macht ausgeklügelte Attacke publik

Kaspersky hat nach eigenen Angaben in iPhone-Backups Spuren eines komplexen Angriffs entdeckt. Gegenwehr sei nur mit rabiaten Mitteln möglich.

https://heise.de/-9159301


STARFACE: Authentication with Password Hash Possible

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an applications database generally has become best practice to protect users passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.

https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-004/


Malware Spotlight: Camaro Dragon-s TinyNote Backdoor

In this report, we analyze another previously undisclosed backdoor associated with this cluster of activity which shares with it not only a common infrastructure but also the same high-level intelligence-gathering goal.

https://research.checkpoint.com/2023/malware-spotlight-camaro-dragons-tinynote-backdoor/

Vulnerabilities

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software-s MOVEit Transfer solution across multiple customer environments.

https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/


Unified Automation: New UaGateway V1.5.14 Service Release

This version contains security bug fixes including improvements in KeyUsage check.

https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt


(0Day) Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write/Pointer Remote Code Execution Vulnerability

Published: 2023-05-31 Affected Vendor: Fatek Automation ZDI ID: ZDI-23-760 bis ZDI-23-771

https://www.zerodayinitiative.com/advisories/published/


(0Day) VIPRE Antivirus Plus

Published: 2023-05-31 Affected Vendor: VIPRE ZDI ID: ZDI-23-755 bis ZDI-23-759

https://www.zerodayinitiative.com/advisories/published/


IBM Security Bulletins

IBM App Connect, IBM Business Automation Manager Open Editions, IBM Business Automation Workflow, IBM Control Desk, IBM Maximo, IBM Edge Application Manager, IBM MQ, IBM Spectrum Protect Plus, IBM Control Desk, IBM Data Risk Manager, Tivoli, Hardware Management Console, IBM Cloud Pak, IBM Power Systems, IBM Security Directory Server, WebSphere Application Server, Rational Developer for i, IBM Security Guardium

https://www.ibm.com/support/pages/bulletin/


Security updates for Thursday

Security updates have been issued by Debian (libwebp, openssl, sssd, and texlive-bin), Fedora (bitcoin-core, editorconfig, edk2, mod_auth_openidc, pypy, pypy3.9, python3.10, and python3.8), Red Hat (kernel, openssl, pcs, pki-core:10.6, and qatzip), SUSE (chromium, ImageMagick, openssl-1_1, and tiff), and Ubuntu (cups, libvirt, and linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi).

https://lwn.net/Articles/933465/


AddToAny Share Buttons - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-019

https://www.drupal.org/sa-contrib-2023-019


AddToAny Share Buttons - Moderately critical - Access bypass - SA-CONTRIB-2023-018

https://www.drupal.org/sa-contrib-2023-018


Consent Popup - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-017

https://www.drupal.org/sa-contrib-2023-017


Iubenda Integration - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-016

https://www.drupal.org/sa-contrib-2023-016


Advantech WebAccess/SCADA

https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01


HID Global SAFE

https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02