End-of-Day report
Timeframe: Freitag 30-06-2023 18:00 - Montag 03-07-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
News
Beware: New RustBucket Malware Variant Targeting macOS Users
"This variant of RustBucket, a malware family that targets macOS systems, adds persistence capabilities not previously observed," Elastic Security Labs researchers said in a report published this week, adding it's "leveraging a dynamic network infrastructure methodology for command-and-control."
https://thehackernews.com/2023/07/beware-new-rustbucket-malware-variant.html
Entschlüsselungstool: Sicherheitsforscher knacken Akira-Ransomware
Stimmten die Voraussetzungen, können Opfer des Erpressungstrojaner Akira ohne Lösegeld zu zahlen auf ihre Daten zugreifen.
https://heise.de/-9204932
Vorsicht vor Malvertising: Fake-WinSCP-Tool verbreitet BackCat-Ransomware
Die Hintermänner des Verschlüsselungstrojaners BlackCat (aka ALPHV) setzen auf einen weiteren Verbreitungsweg.
https://heise.de/-9204958
Vorsicht vor gefälschten Polizei-Mails
Aktuell geben sich Kriminelle per E-Mail als Polizei aus. Im Mail steht, dass Sie in der Anlage Ihre Einberufung finden und innerhalb von 48 Stunden antworten müssen. Ansonsten droht Ihnen eine Festnahme. Ignorieren Sie dieses E-Mail, es handelt sich um Betrug!
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-polizei-mails/
CVE-2023-20864: Remote Code Execution in VMware Aria Operations for Logs
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Jonathan Lein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in VMware Aria Operations for Logs (formerly vRealize).
https://www.zerodayinitiative.com/blog/2023/6/29/cve-2023-20864-remote-code-execution-in-vmware-aria-operations-for-logs
Vulnerabilities
Sicherheitsupdates: Schadcode-Attacken auf HP-LaserJet-Pro-Drucker möglich
Mehrere LaserJet-Pro-Modelle von HP sind verwundbar. Sicherheitsupdates schaffen Abhilfe.
https://heise.de/-9205846
WP AutoComplete 1.0.4 - Unauthenticated SQLi
The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection.
https://www.exploit-db.com/exploits/51560
Sicherheitsupdate: Attacken auf WordPress-Plug-in Ultimate Member
Derzeit nutzen Angreifer eine kritische Lücke im WordPress-Plug-in Ultimate Member aus. Der Anbieter rät zu einem zügigen Update.
https://heise.de/-9204916
Security updates for Monday
Security updates have been issued by Debian (cups, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, python3.7, and yajl), Fedora (chromium, kubernetes, pcs, and webkitgtk), Scientific Linux (open-vm-tools), SUSE (iniparser, keepass, libvirt, prometheus-ha_cluster_exporter, prometheus-sap_host_exporter, rekor, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and Ubuntu (python-reportlab and vim).
https://lwn.net/Articles/937189/
Root-Zugang zu Smarthome-Server Loxone Miniserver Go Gen. 2 (SySS-2023-004/-012/-013)
Durch verschiedene Schwachstellen kann ein Administrator Betriebssystemzugriff auf dem Loxone Miniserver Go im Kontext des root-Benutzers erreichen.
https://www.syss.de/pentest-blog/root-zugang-zu-smarthome-server-loxone-miniserver-go-gen-2-syss-2023-004/-012/-013
Multiple Vulnerabilities including Unauthenticated Remote Code Execution in Siemens A8000
The vendor provides a patch which should be installed immediately. Customers should update to CPCI85 V05 or later version (https://support.industry.siemens.com/cs/ww/en/view/109804985/). - Unauthenticated Remote Code Execution (CVE-2023-28489) - Authenticated Command Injection (CVE-2023-33919) - Hard-coded Root Password (CVE-2023-33920) - Console Login via UART (CVE-2023-33921)
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-siemens-a8000/
Multiple vulnerabilities in SoftEther VPN and PacketiX VPN
https://jvn.jp/en/jp/JVN64316789/
ZDI-23-894: NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-894/
ZDI-23-893: NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-893/
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass
https://cxsecurity.com/issue/WLB-2023070002
Watson CP4D Data Stores is vulnerable to Golang Go to a denial of service (CVE-2022-1962)
https://www.ibm.com/support/pages/node/7009053
Watson CP4D Data Stores is vulnerable to Golang Go is vulnerable to HTTP request smuggling(CVE-2022-1705)
https://www.ibm.com/support/pages/node/7009055
Watson AI Gateway for Cloud Pak for Data is vulnerable to an Ajv (aka Another JSON Schema Validator) could allow a remote attacker to execute arbitrary code on the system (CVE-2020-15366)
https://www.ibm.com/support/pages/node/7009061
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to xml2js abitrary code execution vulnerability(CVE-2023-0842)
https://www.ibm.com/support/pages/node/7009049
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js http-cache-semantics module denial of service ( CVE-2022-25881)
https://www.ibm.com/support/pages/node/7009051
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Envoy security bypass ( CVE-2023-27488)
https://www.ibm.com/support/pages/node/7009057
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable ConfigObj denial of service ( CVE-2023-26112)
https://www.ibm.com/support/pages/node/7009059
IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-2455)
https://www.ibm.com/support/pages/node/7009293
IBM Connect:Direct Web Services vulnerable to sensitive information exposure due to PostgreSQL (CVE-2022-41862)
https://www.ibm.com/support/pages/node/7009295
IBM Security Key Lifecycle Manager is vulnerable to Incorrect Permission Assignment for Critical Resource (CVE-2018-1750)
https://www.ibm.com/support/pages/node/733311
Multiple Vulnerabilities in CloudPak for Watson AIOPs
https://www.ibm.com/support/pages/node/7007837
Multiple vulnerabilities of Apache Groovy (groovy-all-2.3.11.jar) have affected APM JBoss and APM WebLogic Agent [CVE-202-17521, CVE-2016-6814, CVE-2015-3253]
https://www.ibm.com/support/pages/node/7009323
Multiple vulnerabilities of Apache Ant (ant-1.7.0.jar, ant-1.8.4.jar) have affected APM JBoss, APM WebLogic and APM SAP NetWeaver Java Stack Agents.
https://www.ibm.com/support/pages/node/7009321
Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects APM Agents for Monitoring
https://www.ibm.com/support/pages/node/7009327
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operand is vulnerable to DOS/loss of integrity/confidentiality [CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968]
https://www.ibm.com/support/pages/node/7009333
Watson CP4D Data Stores is vulnerable to Golang Go to a denial of service (CVE-2022-1962)
https://www.ibm.com/support/pages/node/7009053
Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server April 2023 CPU that is bundled with IBM WebSphere Application Server Patterns
https://www.ibm.com/support/pages/node/7009353