End-of-Day report
Timeframe: Montag 07-08-2023 18:00 - Dienstag 08-08-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft GitHub. Authentication is required to exploit this vulnerability. [..] The vendor states this is by-design, and they do not consider it to be a security risk.
https://www.zerodayinitiative.com/advisories/ZDI-23-1044/
Understanding Active Directory Attack Paths to Improve Security
Active Directory, Actively Problematic. But as central as it is, Active Directory security posture is often woefully lacking. Lets take a quick peek at how Active Directory assigns users, which will shed some light on why this tool has some shall we say, issues, associated with it.
https://thehackernews.com/2023/08/understanding-active-directory-attack.html
Fake-Shop presssi.shop kopiert österreichisches Unternehmen
Der Online-Shop presssi.shop ist besonders schwer als Fake-Shop zu erkennen, da er ein echtes Unternehmen kopiert. Die Kriminellen stehlen Firmendaten und das Logo der -niceshops GmbH-, einer E-Commerce-Dienstleistung aus Österreich. Außerdem sind herkömmliche Tipps zum Erkennen von Fake-Shops in diesem Fall nicht anwendbar. Wir zeigen Ihnen, wie wir den Shop als Fake entlarvt haben.
https://www.watchlist-internet.at/news/fake-shop-presssishop-kopiert-oesterreichisches-unternehmen/
Abmahnung im Namen von Dr. Matthias Losert ist betrügerisch
Kriminelle versenden im Namen vom Berliner Anwalt Dr. Matthias Losert Abmahnungen wegen einer Urheberrechtsverletzung. Sie werden beschuldigt, illegal einen Film heruntergeladen zu haben. Für diesen Verstoß fordert man von Ihnen nun 450 Euro. Ignorieren Sie dieses E-Mail und antworten Sie nicht, es handelt sich um Betrug.
https://www.watchlist-internet.at/news/abmahnung-im-namen-von-dr-matthias-losert-ist-betruegerisch/
Vulnerabilities
Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables Affecting Cisco AnyConnect Secure Mobility Client and Cisco Secure Client
On August 8, 2023, the paper Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables was made public. The paper discusses two attacks that can cause VPN clients to leak traffic outside the protected VPN tunnel. In both instances, an attacker can manipulate routing exceptions that are maintained by the client to redirect traffic to a device that they control without the benefit of the VPN tunnel encryption.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-leak-Sew6g2kd
Siemens: Multiple Vulnerabilities
JT Open, JT Utilities, Parasolid, Parasolid Installer, Solid Edge, JT2Go, Teamcenter Visualization, APOGEE/TALON Field Panels, Siemens Software Center, SIMATIC Products, RUGGEDCOM CROSSBOW, RUGGEDCOM ROS Devices, SICAM TOOLBOX II
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications
Multiple Vulnerabilities in Inductive Automation Ignition
* Deserialization of Untrusted Data Remote Code Execution (CVE-2023-39473, CVE-2023-39476, CVE-2023-39475)
* XML External Entity Processing Information Disclosure (CVE-2023-39472)
* Remote Code Execution (CVE-2023-39477)
https://www.zerodayinitiative.com/advisories/published/
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-38157)
CVSS:3.1 6.5 / 5.7
This vulnerability requires a user to open a Web Archive file with spoofed origin of the web content in the affected version of Microsoft Edge (Chromium-based).
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38157
Security updates for Tuesday
Security updates have been issued by Debian (libhtmlcleaner-java and thunderbird), Red Hat (dbus, kernel, kernel-rt, kpatch-patch, and thunderbird), Scientific Linux (thunderbird), SUSE (chromium, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, kernel-firmware, libqt5-qtbase, libqt5-qtsvg, librsvg, pcre2, perl-Net-Netmask, qt6-base, and thunderbird), and Ubuntu (firefox).
https://lwn.net/Articles/940755/
Android: August-Patchday bringt Fixes für 53 Schwachstellen
Vier Lücken stuft Google als kritisch ein. Sie erlauben unter anderem das Ausführen von Schadcode ohne Interaktion mit einem Nutzer.
https://www.zdnet.de/88411017/android-august-patchday-bringt-fixes-fuer-53-schwachstellen/
PHOENIX CONTACT: PLCnext Engineer Vulnerabilities in LibGit2Sharp/LibGit2
https://cert.vde.com/de/advisories/VDE-2023-016/
PHOENIX CONTACT: Multiple vulnerabilities in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices
https://cert.vde.com/de/advisories/VDE-2023-017/
PHOENIX CONTACT: Multiple vulnerabilities in WP 6xxx Web panels
https://cert.vde.com/de/advisories/VDE-2023-018/
Vulnerability in IBM Java SDK affects IBM WebSphere Application Server due to CVE-2022-40609
https://www.ibm.com/support/pages/node/7022475
IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/support/pages/node/6999317
A remote code execution vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2022-40609)
https://www.ibm.com/support/pages/node/7022836
IBM Jazz Team Server is vulnerable to server-side request forgery. (CVE-2022-43879)
https://www.ibm.com/support/pages/node/7023193
OpenSSL publicly disclosed vulnerabilities affect IBM MobileFirst Platform
https://www.ibm.com/support/pages/node/7023206
Multiple vulnerabilities found on thirdparty libraries used by IBM MobileFirst Platform
https://www.ibm.com/support/pages/node/7023204
IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attack due to IBM SDK Java (CVE-2022-40609)
https://www.ibm.com/support/pages/node/7023275
-Schneider Electric IGSS
https://www.cisa.gov/news-events/ics-advisories/icsa-23-220-01
-Hitachi Energy RTU500 series
https://www.cisa.gov/news-events/ics-advisories/icsa-23-220-02