End-of-Day report
Timeframe: Freitag 02-06-2023 18:00 - Montag 05-06-2023 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
KeePass v2.54 fixes bug that leaked cleartext master password
KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the applications memory.
https://www.bleepingcomputer.com/news/security/keepass-v254-fixes-bug-that-leaked-cleartext-master-password/
Satacom delivers browser extension that steals cryptocurrency
A recent campaign by Satacom downloader is delivering a cryptocurrency-stealing extension for Chromium-based browsers, such as Chrome, Brave and Opera.
https://securelist.com/satacom-delivers-cryptocurrency-stealing-browser-extension/109807/
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack
Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign thats designed to steal personally identifiable information (PII) and credit card data from e-commerce websites. A noteworthy aspect that sets it apart from other Magecart campaigns is that the hijacked sites further serve as "makeshift" command-and-control (C2) servers, using the cover to facilitate the distribution of malicious code without the knowledge of the victim sites.
https://thehackernews.com/2023/06/magento-woocommerce-wordpress-and.html
Storing Passwords - A Journey of Common Pitfalls
[..] we recently discovered a vulnerability in the web interface of STARFACE PBX allowing login using the password hash rather than the cleartext password (see advisory). We want to use this as an opportunity to discuss how we analyse such login mechanisms and talk about the misconceptions in security concepts that result in such pitfalls along the way.
https://blog.redteam-pentesting.de/2023/storing-passwords/
Big-Data-Unternehmen Splunk schließt teils kritische Sicherheitslücken
Der Big-Data-Spezialist Splunk korrigiert in der gleichnamigen Software zahlreiche Sicherheitslücken, die teils als kritisches Risiko eingestuft werden.
https://heise.de/-9164194
Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.
https://www.securityweek.com/gigabyte-rolls-out-bios-updates-to-remove-backdoor-from-motherboards/
Kriminelle missbrauchen Spenden-Funktion von PayPal
Aktuell beobachten wir, dass Fake-Shops PayPal-Zahlungen mit der Funktion -Geld spenden- abwickeln. Brechen Sie die Zahlung sofort ab, wenn die PayPal-Zahlung nicht wie gewohnt abläuft, sondern als Spende bezeichnet wird! Wenn Sie mit der Funktion -Geld spenden- bezahlen, entfällt der Käuferschutz und eine Rückerstattung ist nicht möglich. Schauen Sie genau, wie Ihre PayPal-Zahlung erfolgt!
https://www.watchlist-internet.at/news/kriminelle-missbrauchen-spenden-funktion-von-paypal/
Vice Society mit eigener Ransomware unterwegs
Ransomware-Gruppe führt immer wieder gezielte Angriffe auf Bildungseinrichtungen und Krankenhäuser durch.
https://www.zdnet.de/88409649/vice-society-mit-eigener-ransomware-unterwegs/
Trojaner Pikabot treibt sein Unwesen
Neue Malware-Familie setzt Anti-Analyse-Techniken ein und bietet Backdoor-Funktionen zum Laden von Shellcode und Ausführen zweistufiger Binärdateien.
https://www.zdnet.de/88409646/trojaner-pikabot-treibt-sein-unwesen/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (chromium, cpio, mariadb-10.3, nbconvert, sofia-sip, and wireshark), Fedora (ImageMagick, mingw-python-requests, openssl, python3.6, texlive-base, and webkitgtk), Red Hat (apr-util, git, gnutls, kernel, kernel-rt, and kpatch-patch), Slackware (cups and ntp), and Ubuntu (linux-azure-fde, linux-azure-fde-5.15 and perl).
https://lwn.net/Articles/933904/
IBM Aspera Connect and IBM Aspera Cargo has addressed multiple vulnerabilities (CVE-2023-22862, CVE-2023-27285)
https://www.ibm.com/support/pages/node/7001053
Vulnerability in libexpat (CVE-2022-43680) affects Power HMC
https://www.ibm.com/support/pages/node/6985561
Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023
https://www.ibm.com/support/pages/node/6998727
Multiple vulnerabilities may affect IBM® Semeru Runtime
https://www.ibm.com/support/pages/node/7001271
There is a vulnerability in Apache SOAP used by IBM Maximo Asset Management (CVE-2022-40705)
https://www.ibm.com/support/pages/node/6959357
There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management (CVE-2022-28367, CVE-2022-29577)
https://www.ibm.com/support/pages/node/6966080
There is a vulnerability in Prism used by IBM Maximo Asset Management (CVE-2022-23647)
https://www.ibm.com/support/pages/node/6959695
IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041)
https://www.ibm.com/support/pages/node/7000021
Multiple vulnerabilities in IBM® Java SDK and WebSphere Application Server Liberty profile affect IBM Business Automation Workflow containers
https://www.ibm.com/support/pages/node/7001287
A vulnerability has been identified in IBM HTTP Server shipped with IBM Businses Automation Workflow (CVE-2023-32342)
https://www.ibm.com/support/pages/node/7001289
Cross-Site scripting vulnerability affect IBM Business Automation Workflow - CVE-2023-32339
https://www.ibm.com/support/pages/node/7001291
Vulnerability in spring-expressions may affect IBM Business Automation Workflow - CVE-2023-20863
https://www.ibm.com/support/pages/node/7001295
Multiple vulnerabilities in IBM Java XML affect IBM Tivoli System Automation for Multiplatforms deferred from Oracle Apr 2022 CPU (CVE-2022-21426)
https://www.ibm.com/support/pages/node/7000999
Multiple vulnerabilities in VMware Tanzu Spring Framework affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow
https://www.ibm.com/support/pages/node/7001309
There is a vulnerability in jQuery UI used by IBM Maximo Asset Management (CVE-2022-31160)
https://www.ibm.com/support/pages/node/6966428
There are several vulnerabilities with TinyMCE used by IBM Maximo Asset Management
https://www.ibm.com/support/pages/node/6966710
IBM Maximo Asset Management is vulnerable to stored cross-site scripting (CVE-2022-35645)
https://www.ibm.com/support/pages/node/6959353