End-of-Day report
Timeframe: Montag 31-07-2023 18:00 - Dienstag 01-08-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Hackers steal Signal, WhatsApp user data with fake Android chat app
Hackers are using a fake Android app named SafeChat to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.
https://www.bleepingcomputer.com/news/security/hackers-steal-signal-whatsapp-user-data-with-fake-android-chat-app/
European Bank Customers Targeted in SpyNote Android Trojan Campaign
Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023."The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan (RAT) capabilities and vishing attack," [..]
https://thehackernews.com/2023/08/european-bank-customers-targeted-in.html
BSI-Magazin: Neue Ausgabe erschienen
In der neuen Ausgabe seines Magazins -Mit Sicherheit- beleuchtet das Bundesamt für Sicherheit in der Informationstechnik (BSI) aktuelle Themen der Cybersicherheit. Im Fokus steht der digitale Verbraucherschutz.
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2023/230731_BSI-Magazin_2023_01.html
Kaufen Sie nicht in diesen betrügerischen Online-Apotheken ein!
Ob Schlaftabletten, Schmerz- oder Potzenmittel: Betrügerische Online-Apotheken setzen auf eine breite Produktpalette und bieten verschreibungspflichtige Medikamente ohne Rezept an. Aktuell stoßen wir auf zahlreiche solcher betrügerischen Versandapotheken. Die bestellten Waren werden oftmals gar nicht geliefert und wenn doch, müssen Konsument:innen mit wirkungslosen oder sogar mit gesundheitsschädigenden Fälschungen rechnen.
https://www.watchlist-internet.at/news/kaufen-sie-nicht-in-diesen-betruegerischen-online-apotheken-ein/
Tuesday August 8th 2023 Security Releases
The Node.js project will release new versions of the 16.x, 18.x and 20.x releases lines on or shortly after, Tuesday August 8th 2023 in order to address:
* 3 high severity issues.
* 2 medium severity issues.
* 2 low severity issues.
https://nodejs-9c1r4fxv8-openjs.vercel.app/en/blog/vulnerability/august-2023-security-releases
Vulnerabilities
TacJS - Moderately critical - Cross site scripting - SA-CONTRIB-2023-029
Security risk: Moderately critical
This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that an attacker needs additional permissions.
https://www.drupal.org/sa-contrib-2023-029
Expandable Formatter - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-028
Security risk: Moderately critical
This module enables you to render a field in an expandable/collapsible region. The module doesn't sufficiently sanitize the field content when displaying it to an end user. This vulnerability is mitigated by the fact that an attacker must have a role capable of creating content that uses the field formatter.
https://www.drupal.org/sa-contrib-2023-028
Libraries UI - Moderately critical - Access bypass - SA-CONTRIB-2023-027
Security risk: Moderately critical
This module enables a UI to display all libraries provided by modules and themes on the Drupal site. The module doesn't sufficiently protect the libraries reporting page. It curently is using the 'access content' permission and not a proper administrative/access permission.
https://www.drupal.org/sa-contrib-2023-027
OpenSSL version 3.1.2 released
Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [1 Aug 2023]
- Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
- Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
- Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
https://www.openssl.org/news/openssl-3.1-notes.html
OpenSSL version 3.0.10 released
Major changes between OpenSSL 3.0.9 and OpenSSL 3.0.10 [1 Aug 2023]
- Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
- Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
- Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
https://www.openssl.org/news/openssl-3.0-notes.html
OpenSSL version 1.1.1v released
Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023]
- Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
- Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
https://www.openssl.org/news/openssl-1.1.1-notes.html
Xen Security Advisory 436 v1 (CVE-2023-34320) - arm: Guests can trigger a deadlock on Cortex-A77
Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. [..] A (malicious) guest that doesnt include the workaround for erratum 1508412 could deadlock the core. This will ultimately result to a deadlock of the system.
https://lists.xenproject.org/archives/html/xen-announce/2023-08/msg00000.html
SVD-2023-0702: Unauthenticated Log Injection In Splunk SOAR
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user-s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user-s action.
https://advisory.splunk.com//advisories/SVD-2023-0702
WebToffee Addresses Authentication Bypass Vulnerability in Stripe Payment Plugin for WooCommerce WordPress Plugin
Description: Stripe Payment Plugin for WooCommerce <= 3.7.7 - Authentication Bypass
Affected Plugin: Stripe Payment Plugin for WooCommerce
Plugin Slug: payment-gateway-stripe-and-woocommerce-integration
Affected Versions: <= 3.7.7
Fully Patched Version: 3.7.8
CVE ID: CVE-2023-3162
CVSS Score: 9.8 (Critical)
https://www.wordfence.com/blog/2023/08/webtoffee-addresses-authentication-bypass-vulnerability-in-stripe-payment-plugin-for-woocommerce-wordpress-plugin/
Security updates for Tuesday
Security updates have been issued by Debian (tiff), Fedora (curl), Red Hat (bind, ghostscript, iperf3, java-1.8.0-ibm, nodejs, nodejs:18, openssh, postgresql:15, and samba), Scientific Linux (iperf3), Slackware (mozilla and seamonkey), SUSE (compat-openssl098, gnuplot, guava, openssl-1_0_0, pipewire, python-requests, qemu, samba, and xmltooling), and Ubuntu (librsvg, openjdk-8, openjdk-lts, openjdk-17, openssh, rabbitmq-server, and webkit2gtk).
https://lwn.net/Articles/939917/
Security Vulnerabilities fixed in Firefox 116
Impact high: CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/
IBM Cloud Pak for Security includes components with multiple known vulnerabilities
https://www.ibm.com/support/pages/node/7015859
IBM Cloud Pak for Security includes components with multiple known vulnerabilities
https://www.ibm.com/support/pages/node/7015865
IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution due to [CVE-2023-29402]
https://www.ibm.com/support/pages/node/7015871
IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Google PubSub nodes are vulnerable to arbitrary code execution due to [CVE-2023-36665]
https://www.ibm.com/support/pages/node/7015873
IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-protocol attacks due to sendmail (CVE-2021-3618)
https://www.ibm.com/support/pages/node/7013521
Vulnerabilities in Node.js affects IBM Voice Gateway
https://www.ibm.com/support/pages/node/7013909
IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to use of IBM SDK Java Technology Edition, Version 8 (CVE-2023-21967, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937)
https://www.ibm.com/support/pages/node/7015879
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl-libs, libssh, libarchive, sqlite and go-toolset
https://www.ibm.com/support/pages/node/7016688
Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
https://www.ibm.com/support/pages/node/7016660
IBM PowerVM Novalink is vulnerable because RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the File. (CVE-2023-0482)
https://www.ibm.com/support/pages/node/7016690
IBM PowerVM Novalink is vulnerable because An unspecified vulnerability in Oracle Java SE. (CVE-2023-21930)
https://www.ibm.com/support/pages/node/7016696
IBM PowerVM Novalink is vulnerable because GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. (CVE-2023-28867)
https://www.ibm.com/support/pages/node/7016698
Multiple Vulnerabilities in Rational Synergy 7.2.2.5
https://www.ibm.com/support/pages/node/7014913
Vulnerability in Rational Change 5.3.2 Fix Pack 05 and earlier versions.
https://www.ibm.com/support/pages/node/7014915
Multiple Vulnerabilities in Rational Change 5.3.2 Fix Pack 05 and earlier versions.
https://www.ibm.com/support/pages/node/7014917
Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 05 and earlier versions.
https://www.ibm.com/support/pages/node/7014919
The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to spoofing - CVE-2022-39161
https://www.ibm.com/support/pages/node/7010669
The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server traditional is vulnerable to an XML External Entity (XXE) Injection vulnerability - CVE-2023-27554
https://www.ibm.com/support/pages/node/7016810
CVE-2022-40609 affects IBM SDK, Java Technology Edition
https://www.ibm.com/support/pages/node/7017032
The IBM Engineering Lifecycle Engineering products using IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks. (CVE-2023-30441)
https://www.ibm.com/support/pages/node/7015777
IBM Cloud Pak for Security includes components with multiple known vulnerabilities
https://www.ibm.com/support/pages/node/7015859
IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2023-24998 , CVE-2022-31129)
https://www.ibm.com/support/pages/node/7015061
IBM Robotic Process Automation is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes (CVE-2023-23476)
https://www.ibm.com/support/pages/node/7017490
Decision Optimization for Cloud Pak for Data is vulnerable to a server-side request forgery (CVE-2023-28155).
https://www.ibm.com/support/pages/node/7017586
IBM Event Streams is affected by a vulnerability in Node.js Request package (CVE-2023-28155)
https://www.ibm.com/support/pages/node/7017628
IBM Event Streams is affected by a vulnerability in Golang Go (CVE-2023-29406)
https://www.ibm.com/support/pages/node/7017634
-APSystems Altenergy Power Control
https://www.cisa.gov/news-events/ics-advisories/icsa-23-213-01