Tageszusammenfassung - 23.06.2023

End-of-Day report

Timeframe: Donnerstag 22-06-2023 18:00 - Freitag 23-06-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer

News

Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version

Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign.

https://www.bleepingcomputer.com/news/security/microsoft-hackers-hijack-linux-systems-using-trojanized-openssh-version/

NSA shares tips on blocking BlackLotus UEFI malware attacks

The U.S. National Security Agency (NSA) released today guidance on how to defend against BlackLotus UEFI bootkit malware attacks.

https://www.bleepingcomputer.com/news/security/nsa-shares-tips-on-blocking-blacklotus-uefi-malware-attacks/

Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware

A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware.

https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html

Security: RepoJacking auf GitHub betrifft auch große Firmen wie Google

Durch die Übernahme von Repositories hinter umbenannten Organisationen auf GitHub können Angreifer Schadcode verbreiten.

https://heise.de/-9195575

Fake-Umfrage im Namen der ÖBB im Umlauf!

Sie gehören zu den -500 glücklichen Kunden-, die von der ÖBB kontaktiert wurden, um an einer Umfrage teilzunehmen? Für das Ausfüllen der Umfrage erhalten Sie 55 Euro? Das klingt zwar verlockend, es handelt sich aber um Betrug. Nachdem Sie die Umfrage ausgefüllt haben, sollen Sie Ihre Kreditkartendaten angeben und eine Zahlung freigeben! Ignorieren Sie diese E-Mail daher.

https://www.watchlist-internet.at/news/vorsicht-fake-umfrage-im-namen-der-oebb-im-umlauf/

Vulnerabilities

Microsoft Teams: Sicherheitslücke lässt Malware von externen Konten durch

Eine Sicherheitslücke in Microsoft Teams erlaubt es Angreifern, Malware direkt in den internen Posteingang zu senden.

https://www.golem.de/news/microsoft-teams-sicherheitsluecke-laesst-malware-von-externen-konten-durch-2306-175225.html

Fortinet fixes critical FortiNAC RCE, install updates asap

Fortinet addressed a critical remote command execution vulnerability, tracked as CVE-2023-33299, affecting FortiNAC solution. FortiNAC is a network access control (NAC) solution designed by Fortinet that is used by organizations to secure and control access to networks by enforcing security policies, monitoring devices, and managing their access privileges.

https://securityaffairs.com/147770/security/fortinet-fortinac-critical-flaw.html

Role-based Access Control and Privilege Management in OpenEdge Management (OEM) and in OpenEdge Explorer (OEE)

Using a local or remote admin service, a logged-in OpenEdge Management (OEM) or OpenEdge Explorer (OEE) user could perform a URL injection attack to change identity or role membership. Only users that are already authorized members of OEM or OEE user roles were able to perform this exploit. [..] We have addressed the issue and updated the product for customers to remediate it.

https://community.progress.com/s/article/Role-based-Access-Control-and-Privilege-Management-in-OEM

Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute (CVE-2023-0026)

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error.

https://supportportal.juniper.net/s/article/2023-06-Out-of-Cycle-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-BGP-session-will-flap-upon-receipt-of-a-specific-optional-transitive-attribute-CVE-2023-0026?language=en_US

Security updates for Friday

Security updates have been issued by Debian (asterisk, lua5.3, and trafficserver), Fedora (tang and trafficserver), Oracle (.NET 7.0, c-ares, firefox, openssl, postgresql, python3, texlive, and thunderbird), Red Hat (python27:2.7 and python39:3.9 and python39-devel:3.9), Scientific Linux (c-ares), Slackware (cups), SUSE (cups, dav1d, google-cloud-sap-agent, java-1_8_0-openjdk, libX11, openssl-1_0_0, openssl-1_1, openssl-3, openvswitch, and python-sqlparse), and Ubuntu (cups, dotnet6, dotnet7, and openssl).

https://lwn.net/Articles/936040/

High-severity vulnerabilities patched in popular domain name software BIND

With the recently discovered vulnerabilities remote attackers could launch denial-of-service attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory released Friday. BIND stands for Berkeley Internet Name Domain.

https://therecord.media/bind-9-patches-internet-dns-vulnerabilities

VMware schließt Schwachstellen in vCenter Server (22. Juni 2023)

Der Anbieter VMware hat Updates seiner vCenter-Server veröffentlicht, um gravierende (Einstufung als important) Schwachstellen (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895 und CVE-2023-20896) zu schließen.

https://www.borncity.com/blog/2023/06/23/vmware-schliet-schwachstellen-in-vcenter-server-22-juni-2023/

Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]

Rapid7 has uncovered four issues in Fortra Globalscape EFT, the worst of which can lead to remote code execution.

https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/