End-of-Day report
Timeframe: Donnerstag 13-07-2023 18:00 - Freitag 14-07-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
AVrecon malware infects 70,000 Linux routers to build botnet
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.
https://www.bleepingcomputer.com/news/security/avrecon-malware-infects-70-000-linux-routers-to-build-botnet/
WormGPT Cybercrime Tool Heralds an Era of AI Malware vs. AI Defenses
A black-hat alternative to GPT models specifically designed for malicious activities like BEC, malware, and phishing attacks is here, and will push organizations to level up with generative AI themselves.
https://www.darkreading.com/attacks-breaches/wormgpt-heralds-an-era-of-using-ai-defenses-to-battle-ai-malware
Security: Schwachstellen-Scanner für Google Go geht an den Start
Das Tool Govulncheck untersucht Go-Projekte auf bekannte Schwachstellen in den Dependencies. Eine Extension integriert die Überprüfung in Visual Studio Code.
https://heise.de/-9216187
Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability
Several instances of the Reddit alternative Lemmy were hacked in recent days by attackers who had exploited a zero-day vulnerability.
https://www.securityweek.com/hackers-target-reddit-alternative-lemmy-via-zero-day-vulnerability/
Meta-Werbekonto gehackt? So handeln Sie richtig!
Ob Fake-Shop, betrügerische Trading-Plattform oder unseriöse Coaching-Angebote: Kriminelle nutzen Social Media, um unterschiedliche Betrugsmaschen zu bewerben. Häufig werden solche Anzeigen von Unternehmensseiten geschaltet, die mit dem beworbenen Produkt nichts zu tun haben. Manchmal sind es auch private Profile, von denen aus betrügerische Anzeigen verbreitet werden.
https://www.watchlist-internet.at/news/meta-werbekonto-gehackt-so-handeln-sie-richtig/
The danger within: 5 steps you can take to combat insider threats
Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar?
https://www.welivesecurity.com/2023/07/13/danger-within-5-steps-combat-insider-threats/
What is session hijacking and how do you prevent it?
Attackers use session hijacking to take control of your sessions and impersonate you online. Discover how session hijacking works and how to protect yourself.
https://www.emsisoft.com/en/blog/44071/what-is-session-hijacking-and-how-do-you-prevent-it/
Attack Surface Management (ASM) - What You Need to Know
This is the third post in our series on technologies to test your organization-s resilience to cyberattacks. In this installment, we dive into attack surface management (ASM).
https://www.safebreach.com/blog/attack-surface-management-asm-what-you-need-to-know/
Old Blackmoon Trojan, NEW Monetization Approach
Rapid7 is tracking a new, more sophisticated and staged campaign using the Blackmoon trojan, which appears to have originated in November 2022.
https://www.rapid7.com/blog/post/2023/07/13/old-blackmoon-trojan-new-monetization-approach/
PenTales: Old Vulns, New Tricks
At Rapid7 we love a good pentest story. So often they show the cleverness, skill, resilience, and dedication to our customer-s security that can only come from actively trying to break it! In this series, we-re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization-s security.
https://www.rapid7.com/blog/post/2023/07/13/pentales-old-vulns-new-tricks/
Vulnerabilities
Groupware Zimbra: Zero-Day-Lücke macht manuelles Patchen nötig
Zimbra hat einen manuell anzuwendenden Patch veröffentlicht, der eine Zero-Day-Sicherheitslücke in der Groupware schließt.
https://heise.de/-9216179
ZDI-23-970: (0Day) Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
https://www.zerodayinitiative.com/advisories/ZDI-23-970/
Security Advisory for Multiple Vulnerabilities on the ProSAFE® Network Management System, PSV-2023-0024 & PSV-2023-0025
NETGEAR is aware of multiple security vulnerabilities on the NMS300. NETGEAR strongly recommends that you download the latest version as soon as possible.
https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025
Security updates for Friday
Security updates have been issued by Debian (lemonldap-ng and php-dompdf), Red Hat (.NET 6.0, .NET 7.0, firefox, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (ghostscript, installation-images, kernel, php7, python, and python-Django), and Ubuntu (linux-azure, linux-gcp, linux-ibm, linux-oracle, mozjs102, postgresql-9.5, and tiff).
https://lwn.net/Articles/938233/
CVE-2023-24936 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
In the Security Updates table, added all supported versions of all supported versions of .NET Framework, Visual Studio 2022 version 17.0, Visual Studio 2022 version 17.2, and Visual Studio 2022 version 17.4 because these products are also affected by this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936
CVE-2023-36883 Microsoft Edge for iOS Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883
CVE-2023-36887 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36887
CVE-2023-36888 Microsoft Edge for Android (Chromium-based) Tampering Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36888
There is a vulnerability in Apache Commons Net used by IBM Maximo Asset Management (CVE-2021-37533)
https://www.ibm.com/support/pages/node/7009539
IBM InfoSphere Information Server is affected by multiple vulnerabilities in Progress DataDirect Connect for ODBC
https://www.ibm.com/support/pages/node/7010743
Multiple vulnerabilities in IBM Java SDK (April 2023) affect IBM InfoSphere Information Server
https://www.ibm.com/support/pages/node/7007675
Enterprise Content Management System Monitor is affected by a vulnerability in Oracle Java SE
https://www.ibm.com/support/pages/node/7011963
IBM Security SOAR is using a component with multiple known vulnerabilities
https://www.ibm.com/support/pages/node/7011965
CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced
https://www.ibm.com/support/pages/node/7011975
CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard
https://www.ibm.com/support/pages/node/7011979
Timing Oracle in RSA Decryption vulnerability might affect GSKit supplied with IBM TXSeries for Multiplatforms.
https://www.ibm.com/support/pages/node/7010369
CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms
https://www.ibm.com/support/pages/node/7011977
Vulnerability of Apache Thrift (libthrift-0.12.0.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent
https://www.ibm.com/support/pages/node/7003479
Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent
https://www.ibm.com/support/pages/node/7003477
TADDM affected by multiple vulnerabilities due to IBM Java and its runtime
https://www.ibm.com/support/pages/node/7009499
InfoSphere Identity Insight is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)
https://www.ibm.com/support/pages/node/7012011