End-of-Day report
Timeframe: Donnerstag 01-06-2023 18:00 - Freitag 02-06-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Attackers use Python compiled bytecode to evade detection
Attackers who are targeting open-source package repositories like PyPI (Python Package Index) have devised a new technique for hiding their malicious code from security scanners, manual reviews, and other forms of security analysis. In one incident, researchers have found malware code hidden inside a Python bytecode (PYC) file that can be directly executed as opposed to source code files that get interpreted by the Python runtime.
https://www.csoonline.com/article/3698472/attackers-use-python-compiled-bytecode-to-evade-detection.html
Cybercriminals use legitimate websites to obfuscate malicious payloads
According to Egress, the evolving attack methodologies currently used by cybercriminals are designed to get through traditional perimeter security. -The evolution of phishing emails continues to pose a major threat to organizations, emphasizing the need to enhance defenses to prevent attacks,- said Jack Chapman, VP of Threat Intelligence, Egress.
https://www.helpnetsecurity.com/2023/06/02/evolving-attack-methodologies/
Authority Scam: Angebliche E-Mails der FCA sind Fake!
Kriminelle geben sich als Mitarbeiter:innen der britischen Finanzaufsichtsbehörde FCA aus und behaupten per E-Mail, dass eine -Online-Investitionsplattform- geschlossen wurde. Nun gehe es darum die -rechtmäßigen Eigentümer der im Blockchain-Netzwerk eingefrorenen Vermögenswerte zu identifizieren-, so heißt es in der E-Mail.
https://www.watchlist-internet.at/news/authority-scam-angebliche-e-mails-der-fca-sind-fake/
Zyxel-s guidance for the recent attacks on the ZyWALL devices
Zyxel recently became aware of a cyberattack targeting our ZyWALL devices. These vulnerabilities already have patches - we took immediate action as soon as we become aware of them, and have released patches, as well as security advisories for CVE-2023-28771, CVE-2023-33009, and CVE-2023-33010.
https://www.zyxel.com/global/en/support/security-advisories/zyxels-guidance-for-the-recent-attacks-on-the-zywall-devices
Vulnerabilities
Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Published: 2023-06-01
Affected Vendor: Delta Electronics
ZDI ID: ZDI-23-781 bis ZDI-23-817
https://www.zerodayinitiative.com/advisories/published/
Sicherheitsupdates: Schwachstellen machen Schutzsoftware von Symantec angreifbar
Symantecs Entwickler haben in Advanced Secure Gateway und Content Analysis mehrere Sicherheitslücken geschlossen.
https://heise.de/-9162943
Security updates for Friday
Security updates have been issued by Debian (cups and netatalk), SUSE (cups, ImageMagick, installation-images, libvirt, openvswitch, and qemu), and Ubuntu (avahi, cups, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, linux, linux-aws, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-aws-5.4, linux-bluefield, linux-intel-iotg, and linux-intel-iotg-5.15).
https://lwn.net/Articles/933576/
High-Severity Vulnerabilities Patched in Splunk Enterprise
Splunk has resolved multiple high-severity vulnerabilities in Splunk Enterprise, including bugs in third-party packages used by the product.The post High-Severity Vulnerabilities Patched in Splunk Enterprise appeared first on SecurityWeek.
https://www.securityweek.com/high-severity-vulnerabilities-patched-in-splunk-enterprise/
Kritische Sicherheitslücke in MOVEit Transfer - Updates verfügbar
In MOVEit Transfer existiert eine kritische Sicherheitslücke, die eine Rechteausweitung und potentiell unautorisierten Zugriff ermöglicht. Bis jetzt wurde die Lücke für Datendiebstahl ausgenutzt. Das volle Potential der Lücke ist jedoch noch nicht bekannt.
https://cert.at/de/warnungen/2023/6/kritische-sicherheitslucke-in-moveit-transfer-patches-verfugbar
IBM Edge Application Manager has a vulnerability listed in CVE 2023-28154. IBM has addressed this vulnerability.
https://www.ibm.com/support/pages/node/7000057
Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights
https://www.ibm.com/support/pages/node/7000903
A vulnerability exists in the IBM\u00ae SDK, Java\u2122 Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2022-3676).
https://www.ibm.com/support/pages/node/7000941
A security vulnerability has been identified in embedded IBM WebSphere Application Server which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2023-23477)
https://www.ibm.com/support/pages/node/7000959
A vulnerability exists in the IBM\u00ae SDK, Java\u2122 Technology Edition affecting IBM Tivoli Network Configuration Manager (CVE-2023-30441).
https://www.ibm.com/support/pages/node/7000969
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843)
https://www.ibm.com/support/pages/node/7000991
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843)
https://www.ibm.com/support/pages/node/7000989
A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-32342)
https://www.ibm.com/support/pages/node/7000993
Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter
https://www.ibm.com/support/pages/node/888295
Multiple vulnerabilities in IBM Java XML affect IBM Tivoli System Automation Application Manager deferred from Oracle Apr 2022 CPU (CVE-2022-21426)
https://www.ibm.com/support/pages/node/7000997
Apache commons fileupload vulnerability affect embedded Case Forms in IBM Business Automation Workflow and IBM Case Manager - CVE-2023-24998
https://www.ibm.com/support/pages/node/7001009