End-of-Day report
Timeframe: Montag 03-07-2023 18:00 - Dienstag 04-07-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down.The updated variant, written in Golang, "implements an additional security mechanism to conceal the list of targets, which is transmitted from the [command-and-control] to the users," cybersecurity company Sekoia said in a technical write-up.
https://thehackernews.com/2023/07/ddosia-attack-tool-evolves-with.html
Hunting for Bitwarden master passwords stored in memory
A blog post on how I was able to identify unknown master passwords stored in the memory of the Bitwarden web extension and desktop client, after a vault has been locked. I also cover the decisions made for developing a proof of concept to automate the process of extracting potential passwords.
https://redmaple.tech/blogs/2023/extract-bitwarden-vault-passwords/
Achtung Fake-Shop: sharkos.de
Sharkos - -Ihr Experte für Garten, Pools und Haushalt-. Das sehen wir anders. Der Online-Shop sieht zwar vielversprechend aus, wenn Sie dort bestellen, bekommen Sie aber trotz Zahlung keine Ware. Wir zeigen Ihnen, wie Sie Fake-Shops erkennen.
https://www.watchlist-internet.at/news/achtung-fake-shop-sharkosde/
Vulnerabilities
Geräteverwaltung: hochriskante Schwachstelle in Ivanti Endpoint Manager
Eine Sicherheitslücke in der Geräte- und Softwareverwaltung von Ivanti für ChromeOS, Linux, macOS und Windows ermöglicht Angreifern aus dem Netz Codeschmuggel.
https://heise.de/-9206574
Security updates for Tuesday
Security updates have been issued by Debian (ghostscript), Fedora (apache-ivy, chromium, golang-github-schollz-croc, golang-github-schollz-mnemonicode, and webkitgtk), SUSE (amazon-ecs-init, dnsdist, libcap, python-tornado, terraform, and xmltooling), and Ubuntu (imagemagick, openldap, php7.4, php8.1, and screen).
https://lwn.net/Articles/937292/
CISA issues warning for cardiac device system vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) warned of a severe vulnerability in a cardiac device from medical device company Medtronic. The issue - tracked as CVE-2023-31222 - carries a -critical- CVSS score of 9.8 out of 10 and affects the company-s Paceart Optima software that runs on a healthcare organization-s Windows server.
https://therecord.media/cisa-warning-for-cardiac-device-system-vulnerability
Zyxel security advisory for buffer overflow vulnerability in 4G LTE and 5G NR outdoor routers
A buffer overflow vulnerability in the CGI program of some Zyxel 4G LTE and 5G NR outdoor routers could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. (CVE: CVE-2023-27989)
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers
Security Vulnerabilities fixed in Thunderbird 102.13
https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/
Security Vulnerabilities fixed in Firefox ESR 102.13
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/
Security Vulnerabilities fixed in Firefox 115
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/
Vulnerability in the interface module SLC-0-GPNT00300
https://psirt.bosch.com/security-advisories/bosch-sa-894143.html
Security Advisory for the FL MGUARD family of devices
https://psirt.bosch.com/security-advisories/bosch-sa-833074.html
IBM Integration Bus is vulnerable to a remote attack due to Apache Jena (CVE-2021-39239, CVE-2022-28890, CVE-2023-22665).
https://www.ibm.com/support/pages/node/7009371
Vulnerability in Spring Framework affects IBM Process Mining [CVE-2016-1000027]
https://www.ibm.com/support/pages/node/7009383
IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998)
https://www.ibm.com/support/pages/node/7002807
Vulnerability in IBM SDK Java Technology affects IBM Cloud Pak System (CVE-2021-35561)
https://www.ibm.com/support/pages/node/7009441
Vulnerabilities in OpenSSL affect Cloud Pak System (CVE-2021-23840, CVE-2021-23841)
https://www.ibm.com/support/pages/node/7005857
Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.
https://www.ibm.com/support/pages/node/7009457
Vulnerability of Newtonsoft.Json-12.0.1.22727.dll has afftected to .NET Agent
https://www.ibm.com/support/pages/node/7009459
Multiple CVEs may affect IBM\u00ae SDK, Java\u2122 Technology Edition shipped with IBM CICS TX Standard
https://www.ibm.com/support/pages/node/7009483
Multiple CVEs may affect IBM\u00ae SDK, Java\u2122 Technology Edition shipped with IBM CICS TX Advanced
https://www.ibm.com/support/pages/node/7009485
Multiple CVEs may affect IBM\u00ae SDK, Java\u2122 Technology Edition shipped with IBM TXSeries for Multiplatforms
https://www.ibm.com/support/pages/node/7009487
Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager. (CVE-2023-34396, CVE-2023-34149)
https://www.ibm.com/support/pages/node/7009497
TADDM affected by multiple vulnerabilities due to IBM Java and its runtime
https://www.ibm.com/support/pages/node/7009499