End-of-Day report
Timeframe: Freitag 14-07-2023 18:00 - Montag 17-07-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
News
Meet NoEscape: Avaddon ransomware gangs likely successor
The new NoEscape ransomware operation is believed to be a rebrand of Avaddon, a ransomware gang that shut down and released its decryption keys in 2021.
https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/
Analysis of Storm-0558 techniques for unauthorized email access
Analysis of the techniques used by the threat actor tracked as Storm-0558 for obtaining unauthorized access to email data, tools, and unique infrastructure characteristics.
https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/
Xen Security Notice 1: winpvdrvbuild.xenproject.org potentially compromised
Software running on the Xen Project hosted subdomain winpvdrvbuild.xenproject.org is outdated and vulnerable to several CVEs. Some of the reported issues include remote code execution. [..] Since the list of CVEs reported include remote code execution we no longer have confidence that binaries previously available at https://xenbits.xen.org/pvdrivers/win/ are trustworthy. [..] A new set of drivers based on the current master branch and built on a trusted environment have been uploaded
https://seclists.org/oss-sec/2023/q3/37
Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw
Adobe patches critical code execution vulnerability in ColdFusion for which a proof-of-concept (PoC) blog exists.
https://www.securityweek.com/exploitation-of-coldfusion-vulnerability-reported-as-adobe-patches-another-critical-flaw/
Last Minute Bikini-Shopping: Nicht in diesen Shops
Sind Sie auf der Suche nach Bademode? Dann werden Ihnen möglicherweise auch auf Facebook und Instagram Werbeanzeigen angezeigt. Wir sehen aktuell viele Werbeanzeigen von unseriösen Shops, die auf der Webseite zwar schöne Bademode präsentieren, aber minderwertige Ware versenden. Wir zeigen Ihnen, wo Sie lieber nicht bestellen sollen.
https://www.watchlist-internet.at/news/last-minute-bikini-shopping-nicht-in-diesen-shops/
Vulnerabilities
AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plaintext
All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users passwords being added to the database in plaintext format."A malicious site administrator (i.e. a user already logged into the site as an admin) could then have read them,"
https://thehackernews.com/2023/07/aios-wordpress-plugin-faces-backlash.html
Wireshark 4.0.7 Released, (Sat, Jul 15th)
Wireshark version 4.0.7 was released with 2 vulnerabilities and 22 bugs fixed.
https://isc.sans.edu/diary/rss/30030
PoC-Exploit verfügbar: Adobe legt Patch für Coldfusion nach
Kurz nach dem Juli-Patchday legt Adobe weitere Updates nach, um eine kritische Schwachstelle in Coldfusion abzudichten. PoC-Exploitcode wurde entdeckt.
https://heise.de/-9217427
Security updates for Monday
Security updates have been issued by Debian (gpac, iperf3, kanboard, kernel, and pypdf2), Fedora (ghostscript), SUSE (bind, bouncycastle, ghostscript, go1.19, go1.20, installation-images, kernel, mariadb, MozillaFirefox, MozillaFirefox-branding-SLE, php74, poppler, and python-Django), and Ubuntu (cups, linux-oem-6.1, and ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.1).
https://lwn.net/Articles/938375/
IBM InfoSphere Information Server is affected but not vulnerable to multiple vulnerabilities in Undertow
https://www.ibm.com/support/pages/node/7007051
IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in snakeYAML
https://www.ibm.com/support/pages/node/6988677
IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework [CVE-2023-2861, CVE-2023-20860]
https://www.ibm.com/support/pages/node/6988683
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to RubyGems commonmarker gem denial of service vulnerabilitiy [IBM X-Force ID: 252809]
https://www.ibm.com/support/pages/node/7012231
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Framework denial of service vulnerabilitiy [CVE-2023-20863]
https://www.ibm.com/support/pages/node/7012235
IBM InfoSphere Information Server is affected by a denial of service vulnerability in netplex json-smart-v2 (CVE-2023-1370)
https://www.ibm.com/support/pages/node/6988679
IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Commons FileUpload and Tomcat (CVE-2023-24998)
https://www.ibm.com/support/pages/node/7008447
Watson CP4D Data Stores is vulnerable to SAP NetWeaver AS Java for Deploy Service information disclosure vulnerability ( CVE-2023-24527)
https://www.ibm.com/support/pages/node/7012297
IBM i is vulnerable to an attacker executing CL commands due to an exploitation of DDM architecture (CVE-2023-30990)
https://www.ibm.com/support/pages/node/7008573
IBM InfoSphere Information Server is affected but not vulnerable to a vulnerability in jose.4j
https://www.ibm.com/support/pages/node/7007055
IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Boot
https://www.ibm.com/support/pages/node/7008437
IBM InfoSphere Information Server is affected by a vulnerability in Apache Cassandra (CVE-2023-30601)
https://www.ibm.com/support/pages/node/7003915
IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Tomcat (CVE-2023-28708, CVE-2023-24998)
https://www.ibm.com/support/pages/node/7007057
IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2023-33857)
https://www.ibm.com/support/pages/node/7007059
IBM InfoSphere Information Server is affected by a vulnerability in Google Guava (CVE-2023-2976)
https://www.ibm.com/support/pages/node/7012025
IBM InfoSphere Information Server is affected by multiple vulnerabilities in snappy-java
https://www.ibm.com/support/pages/node/7011483
IBM Robotic Process Automation is vulnerable to client side validation bypass (CVE-2023-35901)
https://www.ibm.com/support/pages/node/7012317
IBM Performance Tools for i is vulnerable to local privilege escalation (CVE-2023-30989)
https://www.ibm.com/support/pages/node/7012353
IBM Facsimile Support for i is vulnerable to local privilege escalation (CVE-2023-30988)
https://www.ibm.com/support/pages/node/7012355
IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2023-35898)
https://www.ibm.com/support/pages/node/7009205
IBM InfoSphere Information Server is affected by a vulnerability in Eclipse Jetty (CVE-2023-26048)
https://www.ibm.com/support/pages/node/7008445
Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent
https://www.ibm.com/support/pages/node/7012397
Multiple Vulnerabilities in IBM Sterling Connect:Direct Browser User Interface due to Java and Eclipse
https://www.ibm.com/support/pages/node/7012395
Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.
https://www.ibm.com/support/pages/node/7012409
A vulnerability in OpenStack Swift affects IBM Storage Scale environments with the S3 capability of Object protocol enabled (CVE-2022-47950)
https://www.ibm.com/support/pages/node/7012419
Mulitple vulnerabilities in Dojo dojox repo may affect IBM Storage Scale
https://www.ibm.com/support/pages/node/7012427
Vulnerability in bottle-0.12.16 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2020-28473]
https://www.ibm.com/support/pages/node/7012387
Vulnerability in paramiko-2.4.2-py2.py3 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2022-24302]
https://www.ibm.com/support/pages/node/7012433
IBM i Modernization Engine for Lifecycle Integration is vulnerable to execution of arbitrary code on the system (CVE-2022-1471)
https://www.ibm.com/support/pages/node/7012437
IBM Performance Tools for i is vulnerable to local privilege escalation (CVE-2023-30989)
https://www.ibm.com/support/pages/node/7012353
IBM Facsimile Support for i is vulnerable to local privilege escalation (CVE-2023-30988)
https://www.ibm.com/support/pages/node/7012355