Tageszusammenfassung - 13.07.2023

End-of-Day report

Timeframe: Mittwoch 12-07-2023 18:00 - Donnerstag 13-07-2023 18:00 Handler: Stephan Richter Co-Handler: Michael Schlagenhaufer

News

Update fürs Update: Apple überholt letzte "Rapid Security Response"

Eigentlich sollte ein schneller Fix für den Safari-Browser für mehr Sicherheit sorgen. Aufgrund eines Fehlers musste Apple diesen nun neu auflegen.

https://heise.de/-9214819

Source code for BlackLotus Windows UEFI malware leaked on GitHub

The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused great concern among the enterprise, governments, and the cybersecurity community.

https://www.bleepingcomputer.com/news/security/source-code-for-blacklotus-windows-uefi-malware-leaked-on-github/

Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware

In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method.

https://thehackernews.com/2023/07/blog-post.html

An introduction to the benefits and risks of Packet Sniffing

Packet sniffing is both a very beneficial and, sadly, a malicious technique used to capture and analyze data packets. It serves as a useful tool for network administrators to identify network issues and fix them. Meanwhile, threat actors use it for malicious purposes such as data theft and to distribute malware. Organizations need to be aware of the benefits and uses of packet sniffing while also implementing security controls to prevent malicious sniffing activity.

https://www.tripwire.com/state-of-security/introduction-benefits-and-risks-packet-sniffing

Popular WordPress Security Plugin Caught Logging Plaintext Passwords

The All-In-One Security (AIOS) WordPress plugin was found to be writing plaintext passwords to log files.

https://www.securityweek.com/popular-wordpress-security-plugin-caught-logging-plaintext-passwords/

CISA warns of dangerous Rockwell industrial bug being exploited by gov-t group

The Cybersecurity and Infrastructure Security Agency (CISA) warned on Wednesday of a vulnerability affecting industrial technology from Rockwell Automation that is being exploited by government hackers.

https://therecord.media/cisa-warns-of-bug-affecting-rockwell

Detecting BPFDoor Backdoor Variants Abusing BPF Filters

An analysis of advanced persistent threat (APT) group Red Menshen-s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021.

https://www.trendmicro.com/en_us/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.html

A Deep Dive into Penetration Testing of macOS Applications (Part 1)

We created this blog to share our experience and provide a valuable resource for other security researchers and penetration testers facing similar challenges when testing macOS applications. This blog is the first part of an -A Deep Dive into Penetration Testing of macOS Applications- series. Part 1 is intended for penetration testers who may not have prior experience working with macOS.

https://www.cyberark.com/resources/threat-research-blog/a-deep-dive-into-penetration-testing-of-macos-applications-part-1

TeamTNT Reemerged with New Aggressive Cloud Campaign

In part one of this two-part blog series, titled "The Anatomy of Silentbobs Cloud Attack," we provided an overview of the preliminary stages of an aggressive botnet campaign that aimed at cloud native environments. This post will dive into the full extent of the campaign and provide a more comprehensive exploration of an extensive botnet infestation campaign.

https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign

Vulnerabilities

Ghostscript: Sicherheitslücke plagt Libreoffice, Gimp, Inkscape und Linux

Durch eine kritische Sicherheitslücke in Ghostscript können Angreifer auf unzähligen Rechnern schadhaften Code ausführen.

https://www.golem.de/news/ghostscript-sicherheitsluecke-plagt-libreoffice-gimp-inkscape-und-linux-2307-175840.html

Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA

Urgent Security Notice: SonicWall GMS/Analytics Impacted by suite of vulnerabilities

GMS/Analytics is remediating a suite of 15 security vulnerabilities, disclosed in a Coordinated Vulnerability Disclosure (CVD) report in conjunction with NCCGroup. This suite of vulnerabililtes, which was responsibility disclosed, includes four (4) vulnerabilities with a CVSSv3 rating of CRITICAL, that allows an attacker to bypass authentication and could potentially result in exposure of sensitive information to an unauthorized actor. SonicWall PSIRT is not aware of active exploitation [...]

https://www.sonicwall.com/support/knowledge-base/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

Webkonferenzen: Zoom schließt mehrere Sicherheitslücken

Vor allem in Zoom Rooms und im Zoom Desktop-Client für Windows schlummern hochriskante Sicherheitslücken. Updates stehen bereit.

https://heise.de/-9214929

Security updates for Thursday

Security updates have been issued by Debian (ruby-doorkeeper), Fedora (mingw-nsis and thunderbird), Red Hat (bind9.16, nodejs, nodejs:16, nodejs:18, python38:3.8 and python38-devel:3.8, and rh-nodejs14-nodejs), Slackware (krb5), SUSE (geoipupdate, installation-images, libqt5-qtbase, python-Django1, and skopeo), and Ubuntu (knot-resolver, lib3mf, linux, linux-aws, linux-kvm, linux-lowlatency, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-gcp, linux-ibm, linux-oracle, linux-azure-fde, linux-xilinx-zynqmp, and scipy).

https://lwn.net/Articles/938108/

Juniper Networks Patches High-Severity Vulnerabilities in Junos OS

Juniper Networks has patched multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space.

https://www.securityweek.com/juniper-networks-patches-high-severity-vulnerabilities-in-junos-os/

Microsoft Office Updates (11. Juli 2023)

Am 11. Juli 2023 (zweiter Dienstag im Monat, Microsoft Patchday) hat Microsoft mehrere sicherheitsrelevante Updates für noch unterstützte Microsoft Office Versionen und andere Produkte veröffentlicht. Mit dem April 2023-Patchday endete der Support für Office 2013 - aber es wurden auch im Juli noch Schwachstellen geschlossen. Nachfolgend finden Sie eine Übersicht über die verfügbaren Updates.

https://www.borncity.com/blog/2023/07/13/microsoft-office-updates-11-juli-2023/

IBM Security Bulletins

IBM SDK, IBM Db2, IBM Match 360, IBM Wattson, IBM Jazz Technology, IBM, Storage Protect, IBM WebSphere, IBM Storage Protect, IBM App Connect Enterprise, IBM Integration Bus, IBM i, IBM Event Streams and IBM Security Directory Integrator.

https://www.ibm.com/support/pages/bulletin/