End-of-Day report
Timeframe: Dienstag 04-07-2023 18:00 - Mittwoch 05-07-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
News
Email crypto phishing scams: stealing from hot and cold crypto wallets
Here is how email phishing scams targeting hot and cold crypto wallets, such as Trezor and Ledger, work.
https://securelist.com/hot-and-cold-cryptowallet-phishing/110136/
Jetzt patchen! Über 335.000 SSL-VPN-Interfaces von Fortinet attackierbar
Sicherheitsforscher warnen vor weiteren Attacken auf eine kritische Lücke in FortiOS. Patches zum Schließen der Schwachstelle sind seit Wochen verfügbar.
https://heise.de/-9206478
Verbaucherzentralen warnen vor personalisiertem Phishing
Seit Anfang der Woche landen viele Phishingmails mit persönlicher Anrede betreffend der ING in Postfächern von Internetnutzern, warnen die Verbraucherzentralen.
https://heise.de/-9207386
TEMU Shopping App und temu.com: Problematische Angebote aus China
Wer sich aktuell durch Social Media bewegt, kommt kaum an Werbeschaltungen für die Shopping App TEMU vorbei. Die Plattform mit Sitz in Dublin und ihrem Ursprung in China startet aktuell eine Offensive auf den österreichischen und deutschen Markt. Die Produkte bei TEMU sind teils unfassbar günstig und für viele verlockend. Möglich ist das aber vor allem durch fragwürdige Geschäftspraktiken, teils mangelhafte Produkte und Nicht-Einhaltung rechtlicher Vorgaben.
https://www.watchlist-internet.at/news/temu-shopping-app-und-temucom-problematische-angebote-aus-china/
Vulnerabilities
Path traversal bypass & Denial of service in Kyocera TASKalfa 4053ci printer
CVE Number: CVE-2023-34259, CVE-2023-34260, CVE-2023-34261
Kyocera TASKalfa 4053ci printers are vulnerable to multiple vulnerabilities. The path traversal vulnerability can be used to access arbitrary files on the filesystem, even files that require root privileges. Also, the path traversal vulnerability can be used to conduct a denial-of-service (DoS). Due the username enumeration vulnerability, it is possible to identify valid user accounts.
https://sec-consult.com/vulnerability-lab/advisory/path-traversal-bypass-denial-of-service-in-kyocera-printer/
Security updates for Wednesday
Security updates have been issued by Fedora (firefox and python-reportlab), Slackware (mozilla), SUSE (dnsdist, grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt, kernel, kubernetes1.18, libdwarf, python311, qt6-base, rmt-server, and virtualbox), and Ubuntu (containerd, firefox, and python-django).
https://lwn.net/Articles/937368/
The "StackRot" kernel vulnerability
Ruihan Li has discloseda significant vulnerability introduced into the 6.1 kernel: A flaw was found in the handling of stack expansion in the Linux kernel 6.1 through 6.4, aka "Stack Rot". The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues. An unprivileged local user could use this flaw to compromise the kernel and escalate their privileges.
https://lwn.net/Articles/937377/
Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability
https://cert.vde.com/de/advisories/VDE-2023-011/
IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker and denial of service due to Guava (CVE-2020-8908, CVE-2018-10237).
https://www.ibm.com/support/pages/node/7009535
A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-35890)
https://www.ibm.com/support/pages/node/7009537
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to xml2js abitrary code execution vulnerability(CVE-2023-0842)
https://www.ibm.com/support/pages/node/7009049
A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool\/OMNIbus WebGUI (CVE-2023-35890)
https://www.ibm.com/support/pages/node/7009625
Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool\/OMNIbus WebGUI - April 2023 CPU
https://www.ibm.com/support/pages/node/7009627
A security vulnerability has been identified in WebSphere Application Server traditional shipped with IBM Intelligent Operations Center(CVE-2023-35890)
https://www.ibm.com/support/pages/node/7009635
IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker and denial of service due to Guava (CVE-2020-8908, CVE-2018-10237).
https://www.ibm.com/support/pages/node/7009535
IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890)
https://www.ibm.com/support/pages/node/7007857