End-of-Day report
Timeframe: Montag 12-06-2023 18:00 - Dienstag 13-06-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away
Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.
https://arstechnica.com/?p=1947319
Passwort-Manager Bitwarden: Master-Schlüssel war für alle lesbar
Der Passwort-Manager Bitwarden unterstützt die Authentifizierung mit Windows Hello. Bis vor Kurzem war darüber der Master-Schlüssel für alle auslesbar.
https://heise.de/-9184586
BSI veröffentlicht Version 1.0.1 des TLS-Testtools TaSK
Nach der Veröffentlichung einer Beta-Version im Januar hat das BSI in der neuen Version weitere Funktionalitäten eingefügt. Die Version ist funktionsfähig für TLS-Server, TLS-Clients sowie für weitere Fachanwendungen wie beispielsweise eID-Clients, eID-Server oder auch E-Mail-Server.
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/TLS-Testtool-TaSK_230613.html
Vorsicht vor zu günstigen -La Sportiva--Produkten
Der Berg und die Fake-Angebote im Internet rufen. Aktuell werden uns vermehrt Fake-Shops der Outdoor-Marke -La Sportiva- gemeldet. Aufmerksam auf die Schnäppchen werden Kund:innen vor allem durch Werbung auf Facebook, Instagram und Co. Ist der Preis zu schön, um wahr zu sein, handelt es sich um Fake.
https://www.watchlist-internet.at/news/vorsicht-vor-zu-guenstigen-la-sportiva-produkten/
Inside Win32k Exploitation: Background on Implementations of Win32k and Exploitation Methodologies
This is part one of a series that will cover Win32k internals and exploitation in general using these two vulnerabilities (CVE-2022-21882, CVE-2021-1732) and their related proof-of-concept (PoC) exploits as examples.
https://unit42.paloaltonetworks.com/win32k-analysis-part-1/
Are smartphone thermal cameras sensitive enough to uncover PIN codes?
I started out thinking that these cameras were gimmicks, but theyve become an important tool in the toolbox. Heres why - and a little test.
https://www.zdnet.com/home-and-office/are-smartphone-thermal-cameras-sensitive-enough-to-uncover-pin-codes/
Vulnerabilities
Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)
Product Name: System.Linq.Dynamic.Core
Affected versions 1.0.7.10 to 1.2.25
CVE: CVE-2023-32571
CVSSv3.1 base score 9.1
Users can execute arbitrary code and commands where user input is passed to Dynmic Linq methods such as .Where(...), .All(...), .Any(...) and .OrderBy(...).
https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/
TYPO3 Security Advisories
several vulnerabilities have been found in the following third party TYPO3
extensions:
"Faceted Search" (ke_search)
"ipandlanguageredirect" (ipandlanguageredirect)
"Canto Extension" (canto_extension)
For further information on the issues, please read the related advisories
TYPO3-EXT-SA-2023-004, TYPO3-EXT-SA-2023-005 and TYPO3-EXT-SA-2023-006
https://typo3.org/help/security-advisories
New Siemens Security Advisories
TIA Portal, SIMOTION, SIMATIC WinCC, Teamcenter Visualization and JT2Go, CPCI85 Firmware of SICAM A8000 Devices, SIMATIC S7-1500 TM MFP V1.0, SICAM Q200 Devices, SIMATIC WinCC V7, Integrated SCALANCE S615 of SINAMICS Medium Voltage Products, in SIMATIC STEP 7 V5.x and Derived Products, Solid Edge
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications
Security updates for Tuesday
Security updates have been issued by Debian (vim), Fedora (kernel), Oracle (emacs, firefox, python3, and qemu), SUSE (firefox, java-1_8_0-ibm, and libwebp), and Ubuntu (firefox, glusterfs, and sniproxy).
https://lwn.net/Articles/934492/
Synology-SA-23:08 SRM
A vulnerability allows remote attackers to obtain user credential via a susceptible version of Synology Router Manager (SRM).
https://www.synology.com/en-global/support/security/Synology_SA_23_08
Synology-SA-23:07 DSM
A vulnerability allows remote attackers to obtain user credential via a susceptible version of Synology DiskStation Manager (DSM).
https://www.synology.com/en-global/support/security/Synology_SA_23_07
Synology-SA-23:06 SRM
A vulnerability allows remote authenticated users to read arbitrary files via a susceptible version of Synology Router Manager (SRM).
https://www.synology.com/en-global/support/security/Synology_SA_23_06
Synology-SA-23:05 DSM
A vulnerability allows remote authenticated users to read arbitrary files via a susceptible version of Synology DiskStation Manager (DSM).
https://www.synology.com/en-global/support/security/Synology_SA_23_05
ShareFile StorageZones Controller Security Update for CVE-2023-24489
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24. [..] All customer-managed ShareFile storage zones controllers versions prior to the latest version 5.11.24 have been blocked to protect our customers. Customers will be able to reinstate the storage zones controller once the update to 5.11.24 is applied.
https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489
Kritische Sicherheitslücke in Fortinet FortiOS und FortiProxy SSL-VPN Produkten - aktiv ausgenutzt, Updates verfügbar
13. Juni 2023 Beschreibung Fortinet hat eine Warnung herausgegeben, dass in den SSL-VPN - Komponenten der Produkte FortiOS und FortiProxy eine kritische Sicherheitslücke besteht, die auch bereits aktiv ausgenutzt wird, und stellt erste entsprechende Updates bereit. CVE-Nummer(n): CVE-2023-27997 CVSSv3 Score: 9.2 Auswirkungen Unauthentisierte Angreifer:innen können durch Ausnutzen der Lücke beliebigen Code auf betroffenen Geräten ausführen. Da diese Geräte
https://cert.at/de/warnungen/2023/6/kritische-sicherheitslucke-in-fortinet-fortios-und-fortiproxy-ssl-vpn-produkten-updates-verfugbar
CISA Releases Four Industrial Control Systems Advisories
- ICSA-23-164-01 Datalogics Library Third-Party
- ICSA-23-164-02 Rockwell Automation FactoryTalk Services Platform
- ICSA-23-164-03 Rockwell Automation FactoryTalk Edge Gateway
- ICSA-23-164-04 Rockwell Automation FactoryTalk Transaction Manager
https://www.cisa.gov/news-events/alerts/2023/06/13/cisa-releases-four-industrial-control-systems-advisories
Chatwork Desktop Application (Mac) vulnerable to code injection
https://jvn.jp/en/jp/JVN96828492/
PHOENIX CONTACT: FL MGUARD affected by two vulnerabilities
https://cert.vde.com/de/advisories/VDE-2023-010/
2023-06-12: Cyber Security Advisory - ABB Relion REX640 Cyber Security Improvements
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423&LanguageCode=en&DocumentPartId=&Action=Launch
VMSA-2023-0013
https://www.vmware.com/security/advisories/VMSA-2023-0013.html
System Management Module (SMM) v1 and v2 / Fan Power Controller (FPC) Vulnerabilities
http://support.lenovo.com/product_security/PS500565-SYSTEM-MANAGEMENT-MODULE-SMM-V1-AND-V2-FAN-POWER-CONTROLLER-FPC-VULNERABILITIES
Lenovo XClarity Administrator (LXCA) Vulnerabilities
http://support.lenovo.com/product_security/PS500564-LENOVO-XCLARITY-ADMINISTRATOR-LXCA-VULNERABILITIES
IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998)
https://www.ibm.com/support/pages/node/7002807
Multiple vulnerabilities in IBM Semeru Runtime affect z\/Transaction Processing Facility
https://www.ibm.com/support/pages/node/7003337
Vulnerability of Apache Thrift (libthrift-0.12.0.jar ) have affected APM WebSphere Application Server Agent and APM SAP NetWeaver Agent
https://www.ibm.com/support/pages/node/7003479
Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent and APM SAP NetWeaver Agent
https://www.ibm.com/support/pages/node/7003477
A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-26283)
https://www.ibm.com/support/pages/node/7003495
Multiple Vulnerabilities of Jackson-Mapper-asl have affected APM Linux KVM Agent
https://www.ibm.com/support/pages/node/7003497
IBM Workload Scheduler is potentially affected by multiple vulnerabilities in OpenSSL (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286)
https://www.ibm.com/support/pages/node/7003501
IBM Workload Scheduler is potentially affected by a vulnerability in OpenSSL causing system crash (CVE-2022-4450)
https://www.ibm.com/support/pages/node/7003511
IBM Workload Scheduler potentially affected by a vulnerability in SnakeYaml (CVE-2022-1471)
https://www.ibm.com/support/pages/node/7003513
OpenPages with Watson has addressed Node.js vulnerability (CVE-2022-32213)
https://www.ibm.com/support/pages/node/7003313