Tageszusammenfassung - 05.07.2023

End-of-Day report

Timeframe: Dienstag 04-07-2023 18:00 - Mittwoch 05-07-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner

News

Email crypto phishing scams: stealing from hot and cold crypto wallets

Here is how email phishing scams targeting hot and cold crypto wallets, such as Trezor and Ledger, work.

https://securelist.com/hot-and-cold-cryptowallet-phishing/110136/


Jetzt patchen! Über 335.000 SSL-VPN-Interfaces von Fortinet attackierbar

Sicherheitsforscher warnen vor weiteren Attacken auf eine kritische Lücke in FortiOS. Patches zum Schließen der Schwachstelle sind seit Wochen verfügbar.

https://heise.de/-9206478


Verbaucherzentralen warnen vor personalisiertem Phishing

Seit Anfang der Woche landen viele Phishingmails mit persönlicher Anrede betreffend der ING in Postfächern von Internetnutzern, warnen die Verbraucherzentralen.

https://heise.de/-9207386


TEMU Shopping App und temu.com: Problematische Angebote aus China

Wer sich aktuell durch Social Media bewegt, kommt kaum an Werbeschaltungen für die Shopping App TEMU vorbei. Die Plattform mit Sitz in Dublin und ihrem Ursprung in China startet aktuell eine Offensive auf den österreichischen und deutschen Markt. Die Produkte bei TEMU sind teils unfassbar günstig und für viele verlockend. Möglich ist das aber vor allem durch fragwürdige Geschäftspraktiken, teils mangelhafte Produkte und Nicht-Einhaltung rechtlicher Vorgaben.

https://www.watchlist-internet.at/news/temu-shopping-app-und-temucom-problematische-angebote-aus-china/

Vulnerabilities

Path traversal bypass & Denial of service in Kyocera TASKalfa 4053ci printer

CVE Number: CVE-2023-34259, CVE-2023-34260, CVE-2023-34261 Kyocera TASKalfa 4053ci printers are vulnerable to multiple vulnerabilities. The path traversal vulnerability can be used to access arbitrary files on the filesystem, even files that require root privileges. Also, the path traversal vulnerability can be used to conduct a denial-of-service (DoS). Due the username enumeration vulnerability, it is possible to identify valid user accounts.

https://sec-consult.com/vulnerability-lab/advisory/path-traversal-bypass-denial-of-service-in-kyocera-printer/


Security updates for Wednesday

Security updates have been issued by Fedora (firefox and python-reportlab), Slackware (mozilla), SUSE (dnsdist, grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt, kernel, kubernetes1.18, libdwarf, python311, qt6-base, rmt-server, and virtualbox), and Ubuntu (containerd, firefox, and python-django).

https://lwn.net/Articles/937368/


The "StackRot" kernel vulnerability

Ruihan Li has discloseda significant vulnerability introduced into the 6.1 kernel: A flaw was found in the handling of stack expansion in the Linux kernel 6.1 through 6.4, aka "Stack Rot". The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues. An unprivileged local user could use this flaw to compromise the kernel and escalate their privileges.

https://lwn.net/Articles/937377/


Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability

https://cert.vde.com/de/advisories/VDE-2023-011/


IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker and denial of service due to Guava (CVE-2020-8908, CVE-2018-10237).

https://www.ibm.com/support/pages/node/7009535


A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-35890)

https://www.ibm.com/support/pages/node/7009537


IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to xml2js abitrary code execution vulnerability(CVE-2023-0842)

https://www.ibm.com/support/pages/node/7009049


A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool\/OMNIbus WebGUI (CVE-2023-35890)

https://www.ibm.com/support/pages/node/7009625


Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool\/OMNIbus WebGUI - April 2023 CPU

https://www.ibm.com/support/pages/node/7009627


A security vulnerability has been identified in WebSphere Application Server traditional shipped with IBM Intelligent Operations Center(CVE-2023-35890)

https://www.ibm.com/support/pages/node/7009635


IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker and denial of service due to Guava (CVE-2020-8908, CVE-2018-10237).

https://www.ibm.com/support/pages/node/7009535


IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890)

https://www.ibm.com/support/pages/node/7007857