End-of-Day report
Timeframe: Mittwoch 05-07-2023 18:00 - Donnerstag 06-07-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
News
Silentbob Campaign: Cloud-Native Environments Under Attack
The activity, dubbed Silentbob in reference to an AnonDNS domain set up by the attacker, is said to be linked to the infamous cryptojacking group tracked as TeamTNT, citing overlaps in tactics, techniques, and procedures (TTPs). Alternatively, it could be the work of an "advanced copycat."
https://thehackernews.com/2023/07/silentbob-campaign-cloud-native.html
Flutter Restrictions Bypass
This article investigates the Flutter framework -(Google, n.d.)- and the methods for bypassing its detections on iOS. CyberCX have also published the scripts used for this bypass for other mobile application security researchers to use in their workflow on our GitHub.
https://blog.cybercx.co.nz/flutter-restrictions-bypass
TeamsPhisher: Tool automatisiert Angriffe auf Teams-Schwachstelle
Über eine Schwachstelle in Teams können Angreifer Malware unterjubeln. Ein jetzt veröffentlichtes Tool macht diese Attacken noch einfacher.
https://heise.de/-9208677
Wie steht-s eigentlich um Emotet?
Eine kurze Zusammenfassung zur aktuellen Situation um Emotet seit dessen "Comeback".
https://www.welivesecurity.com/deutsch/2023/07/06/wie-stehts-eigentlich-um-emotet/
How to delete saved addresses and credit cards in Firefox for improved security and privacy
If youre looking to get the most out of Firefox security and privacy, you might consider not only deleting all saved addresses and credit cards but also disabling the autofill option.
https://www.zdnet.com/article/how-to-delete-saved-addresses-and-credit-cards-in-firefox-for-improved-security-and-privacy/
Vulnerabilities
MOVEit Transfer: Service Pack schließt weitere kritische Lücke
Mit dem Service Pack für MOVEit Transfer im Juli schließt Progress weitere Sicherheitslücken. Eine davon stuft der Hersteller als kritisch ein. (CVE-2023-36932, CVE-2023-36933, CVE-2023-36934)
https://heise.de/-9208451
MOVEit Transfer 2020.1 (12.1) Service Pack (July 2023)
CVE-2023-36934 (CRITICAL): SQL Injection CVE-2023-36932 (HIGH): multiple SQL injections CVE-2023-36933 (HIGH): unhandled exception
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023
Stackrot: Kernel-Schwachstelle ermöglicht Rechteausweitung unter Linux
Durch eine Sicherheitslücke im Speichermanagement-Subsystem des Linux-Kernels können Angreifer potenziell erweiterte Rechte erlangen.
https://www.golem.de/news/stackrot-kernel-schwachstelle-erlaubt-rechteausweitung-unter-linux-2307-175618.html
Patchday: Vielfältige Attacken auf Android 11, 12 und 13 möglich
Es gibt wichtige Sicherheitsupdates für verschiedene Android-Versionen. Im schlimmsten Fall könnte Schadcode auf Geräte gelangen.
https://heise.de/-9208524
Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain
In all, Cisco Talos is releasing 22 security advisories today, nine of which have a CVSS score greater than 8, associated with 69 CVEs.
https://blog.talosintelligence.com/talos-discovers-17-vulnerabilities-in-milesight/
Security updates for Thursday
Security updates have been issued by Debian (golang-yaml.v2, kernel, and mediawiki), Fedora (kernel and picocli), SUSE (bind and python-sqlparse), and Ubuntu (cpdb-libs).
https://lwn.net/Articles/937481/
IBM Security Bulletins
IBM i, IBM Rational Functional Tester, IBM Security Verify Access, IBM Cloud Pak, IBM Match 360, IBM Watson, IBM Integration Designer, IBM Sterling Connect:Direct File Agent, IBM Operations Analytics and TADDM.
https://www.ibm.com/support/pages/bulletin/
Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic
Cisco says a high-severity vulnerability in Nexus 9000 series switches could allow attackers to intercept and modify encrypted traffic. Tracked as CVE-2023-20185, the issue impacts the ACI multi-site CloudSec encryption feature of the Nexus 9000 switches that are configured in application centric infrastructure (ACI) mode - typically used in data centers for controlling physical and virtual networks.
https://www.securityweek.com/vulnerability-in-cisco-enterprise-switches-allows-attackers-to-modify-encrypted-traffic/
Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
Cisco Webex Meetings Web UI Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sxsscsrf-2L24bBx6
Cisco Duo Authentication Proxy Information Disclosure Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-auth-info-JgkSWBLz
Cisco BroadWorks Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW
ZDI-23-896: D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-23-896/
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)
https://www.wordfence.com/blog/2023/07/wordfence-intelligence-weekly-wordpress-vulnerability-report-june-26-2023-to-july-2-2023/