Tageszusammenfassung - 14.07.2023

End-of-Day report

Timeframe: Donnerstag 13-07-2023 18:00 - Freitag 14-07-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter

News

AVrecon malware infects 70,000 Linux routers to build botnet

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

https://www.bleepingcomputer.com/news/security/avrecon-malware-infects-70-000-linux-routers-to-build-botnet/


WormGPT Cybercrime Tool Heralds an Era of AI Malware vs. AI Defenses

A black-hat alternative to GPT models specifically designed for malicious activities like BEC, malware, and phishing attacks is here, and will push organizations to level up with generative AI themselves.

https://www.darkreading.com/attacks-breaches/wormgpt-heralds-an-era-of-using-ai-defenses-to-battle-ai-malware


Security: Schwachstellen-Scanner für Google Go geht an den Start

Das Tool Govulncheck untersucht Go-Projekte auf bekannte Schwachstellen in den Dependencies. Eine Extension integriert die Überprüfung in Visual Studio Code.

https://heise.de/-9216187


Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability

Several instances of the Reddit alternative Lemmy were hacked in recent days by attackers who had exploited a zero-day vulnerability.

https://www.securityweek.com/hackers-target-reddit-alternative-lemmy-via-zero-day-vulnerability/


Meta-Werbekonto gehackt? So handeln Sie richtig!

Ob Fake-Shop, betrügerische Trading-Plattform oder unseriöse Coaching-Angebote: Kriminelle nutzen Social Media, um unterschiedliche Betrugsmaschen zu bewerben. Häufig werden solche Anzeigen von Unternehmensseiten geschaltet, die mit dem beworbenen Produkt nichts zu tun haben. Manchmal sind es auch private Profile, von denen aus betrügerische Anzeigen verbreitet werden.

https://www.watchlist-internet.at/news/meta-werbekonto-gehackt-so-handeln-sie-richtig/


The danger within: 5 steps you can take to combat insider threats

Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar?

https://www.welivesecurity.com/2023/07/13/danger-within-5-steps-combat-insider-threats/


What is session hijacking and how do you prevent it?

Attackers use session hijacking to take control of your sessions and impersonate you online. Discover how session hijacking works and how to protect yourself.

https://www.emsisoft.com/en/blog/44071/what-is-session-hijacking-and-how-do-you-prevent-it/


Attack Surface Management (ASM) - What You Need to Know

This is the third post in our series on technologies to test your organization-s resilience to cyberattacks. In this installment, we dive into attack surface management (ASM).

https://www.safebreach.com/blog/attack-surface-management-asm-what-you-need-to-know/


Old Blackmoon Trojan, NEW Monetization Approach

Rapid7 is tracking a new, more sophisticated and staged campaign using the Blackmoon trojan, which appears to have originated in November 2022.

https://www.rapid7.com/blog/post/2023/07/13/old-blackmoon-trojan-new-monetization-approach/


PenTales: Old Vulns, New Tricks

At Rapid7 we love a good pentest story. So often they show the cleverness, skill, resilience, and dedication to our customer-s security that can only come from actively trying to break it! In this series, we-re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization-s security.

https://www.rapid7.com/blog/post/2023/07/13/pentales-old-vulns-new-tricks/

Vulnerabilities

Groupware Zimbra: Zero-Day-Lücke macht manuelles Patchen nötig

Zimbra hat einen manuell anzuwendenden Patch veröffentlicht, der eine Zero-Day-Sicherheitslücke in der Groupware schließt.

https://heise.de/-9216179


ZDI-23-970: (0Day) Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

https://www.zerodayinitiative.com/advisories/ZDI-23-970/


Security Advisory for Multiple Vulnerabilities on the ProSAFE® Network Management System, PSV-2023-0024 & PSV-2023-0025

NETGEAR is aware of multiple security vulnerabilities on the NMS300. NETGEAR strongly recommends that you download the latest version as soon as possible.

https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025


Security updates for Friday

Security updates have been issued by Debian (lemonldap-ng and php-dompdf), Red Hat (.NET 6.0, .NET 7.0, firefox, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (ghostscript, installation-images, kernel, php7, python, and python-Django), and Ubuntu (linux-azure, linux-gcp, linux-ibm, linux-oracle, mozjs102, postgresql-9.5, and tiff).

https://lwn.net/Articles/938233/


CVE-2023-24936 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

In the Security Updates table, added all supported versions of all supported versions of .NET Framework, Visual Studio 2022 version 17.0, Visual Studio 2022 version 17.2, and Visual Studio 2022 version 17.4 because these products are also affected by this vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936


CVE-2023-36883 Microsoft Edge for iOS Spoofing Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883


CVE-2023-36887 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36887


CVE-2023-36888 Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36888


There is a vulnerability in Apache Commons Net used by IBM Maximo Asset Management (CVE-2021-37533)

https://www.ibm.com/support/pages/node/7009539


IBM InfoSphere Information Server is affected by multiple vulnerabilities in Progress DataDirect Connect for ODBC

https://www.ibm.com/support/pages/node/7010743


Multiple vulnerabilities in IBM Java SDK (April 2023) affect IBM InfoSphere Information Server

https://www.ibm.com/support/pages/node/7007675


Enterprise Content Management System Monitor is affected by a vulnerability in Oracle Java SE

https://www.ibm.com/support/pages/node/7011963


IBM Security SOAR is using a component with multiple known vulnerabilities

https://www.ibm.com/support/pages/node/7011965


CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced

https://www.ibm.com/support/pages/node/7011975


CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard

https://www.ibm.com/support/pages/node/7011979


Timing Oracle in RSA Decryption vulnerability might affect GSKit supplied with IBM TXSeries for Multiplatforms.

https://www.ibm.com/support/pages/node/7010369


CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms

https://www.ibm.com/support/pages/node/7011977


Vulnerability of Apache Thrift (libthrift-0.12.0.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent

https://www.ibm.com/support/pages/node/7003479


Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent

https://www.ibm.com/support/pages/node/7003477


TADDM affected by multiple vulnerabilities due to IBM Java and its runtime

https://www.ibm.com/support/pages/node/7009499


InfoSphere Identity Insight is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

https://www.ibm.com/support/pages/node/7012011