Tageszusammenfassung - 02.06.2023

End-of-Day report

Timeframe: Donnerstag 01-06-2023 18:00 - Freitag 02-06-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

Attackers use Python compiled bytecode to evade detection

Attackers who are targeting open-source package repositories like PyPI (Python Package Index) have devised a new technique for hiding their malicious code from security scanners, manual reviews, and other forms of security analysis. In one incident, researchers have found malware code hidden inside a Python bytecode (PYC) file that can be directly executed as opposed to source code files that get interpreted by the Python runtime.

https://www.csoonline.com/article/3698472/attackers-use-python-compiled-bytecode-to-evade-detection.html


Cybercriminals use legitimate websites to obfuscate malicious payloads

According to Egress, the evolving attack methodologies currently used by cybercriminals are designed to get through traditional perimeter security. -The evolution of phishing emails continues to pose a major threat to organizations, emphasizing the need to enhance defenses to prevent attacks,- said Jack Chapman, VP of Threat Intelligence, Egress.

https://www.helpnetsecurity.com/2023/06/02/evolving-attack-methodologies/


Authority Scam: Angebliche E-Mails der FCA sind Fake!

Kriminelle geben sich als Mitarbeiter:innen der britischen Finanzaufsichtsbehörde FCA aus und behaupten per E-Mail, dass eine -Online-Investitionsplattform- geschlossen wurde. Nun gehe es darum die -rechtmäßigen Eigentümer der im Blockchain-Netzwerk eingefrorenen Vermögenswerte zu identifizieren-, so heißt es in der E-Mail.

https://www.watchlist-internet.at/news/authority-scam-angebliche-e-mails-der-fca-sind-fake/


Zyxel-s guidance for the recent attacks on the ZyWALL devices

Zyxel recently became aware of a cyberattack targeting our ZyWALL devices. These vulnerabilities already have patches - we took immediate action as soon as we become aware of them, and have released patches, as well as security advisories for CVE-2023-28771, CVE-2023-33009, and CVE-2023-33010.

https://www.zyxel.com/global/en/support/security-advisories/zyxels-guidance-for-the-recent-attacks-on-the-zywall-devices

Vulnerabilities

Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Published: 2023-06-01 Affected Vendor: Delta Electronics ZDI ID: ZDI-23-781 bis ZDI-23-817

https://www.zerodayinitiative.com/advisories/published/


Sicherheitsupdates: Schwachstellen machen Schutzsoftware von Symantec angreifbar

Symantecs Entwickler haben in Advanced Secure Gateway und Content Analysis mehrere Sicherheitslücken geschlossen.

https://heise.de/-9162943


Security updates for Friday

Security updates have been issued by Debian (cups and netatalk), SUSE (cups, ImageMagick, installation-images, libvirt, openvswitch, and qemu), and Ubuntu (avahi, cups, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, linux, linux-aws, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-aws-5.4, linux-bluefield, linux-intel-iotg, and linux-intel-iotg-5.15).

https://lwn.net/Articles/933576/


High-Severity Vulnerabilities Patched in Splunk Enterprise

Splunk has resolved multiple high-severity vulnerabilities in Splunk Enterprise, including bugs in third-party packages used by the product.The post High-Severity Vulnerabilities Patched in Splunk Enterprise appeared first on SecurityWeek.

https://www.securityweek.com/high-severity-vulnerabilities-patched-in-splunk-enterprise/


Kritische Sicherheitslücke in MOVEit Transfer - Updates verfügbar

In MOVEit Transfer existiert eine kritische Sicherheitslücke, die eine Rechteausweitung und potentiell unautorisierten Zugriff ermöglicht. Bis jetzt wurde die Lücke für Datendiebstahl ausgenutzt. Das volle Potential der Lücke ist jedoch noch nicht bekannt.

https://cert.at/de/warnungen/2023/6/kritische-sicherheitslucke-in-moveit-transfer-patches-verfugbar


IBM Edge Application Manager has a vulnerability listed in CVE 2023-28154. IBM has addressed this vulnerability.

https://www.ibm.com/support/pages/node/7000057


Multiple vulnerabilities in IBM DB2 affect IBM Operations Analytics Predictive Insights

https://www.ibm.com/support/pages/node/7000903


A vulnerability exists in the IBM\u00ae SDK, Java\u2122 Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2022-3676).

https://www.ibm.com/support/pages/node/7000941


A security vulnerability has been identified in embedded IBM WebSphere Application Server which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2023-23477)

https://www.ibm.com/support/pages/node/7000959


A vulnerability exists in the IBM\u00ae SDK, Java\u2122 Technology Edition affecting IBM Tivoli Network Configuration Manager (CVE-2023-30441).

https://www.ibm.com/support/pages/node/7000969


Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843)

https://www.ibm.com/support/pages/node/7000991


Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843)

https://www.ibm.com/support/pages/node/7000989


A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-32342)

https://www.ibm.com/support/pages/node/7000993


Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter

https://www.ibm.com/support/pages/node/888295


Multiple vulnerabilities in IBM Java XML affect IBM Tivoli System Automation Application Manager deferred from Oracle Apr 2022 CPU (CVE-2022-21426)

https://www.ibm.com/support/pages/node/7000997


Apache commons fileupload vulnerability affect embedded Case Forms in IBM Business Automation Workflow and IBM Case Manager - CVE-2023-24998

https://www.ibm.com/support/pages/node/7001009