End-of-Day report
Timeframe: Freitag 11-08-2023 18:00 - Montag 14-08-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
MaginotDNS attacks exploit weak checks for DNS cache poisoning
A team of researchers from UC Irvine and Tsinghua University has developed a new powerful cache poisoning attack named MaginotDNS, that targets Conditional DNS (CDNS) resolvers and can compromise entire TLDs top-level domains.
https://www.bleepingcomputer.com/news/security/maginotdns-attacks-exploit-weak-checks-for-dns-cache-poisoning/
Phishing with hacked sites
Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site.
https://securelist.com/phishing-with-hacked-sites/110334/
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping
Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zooms Zero Touch Provisioning (ZTP) that could be potentially exploited by a malicious attacker to conduct remote attacks. "An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.'s desk phones and Zoom's Zero Touch Provisioning feature can gain full remote control of the devices," SySS security researcher Moritz Abrell said in an analysis published Friday.
https://thehackernews.com/2023/08/zoom-ztp-audiocodes-phones-flaws.html
Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability
E-commerce sites using Adobes Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.
https://thehackernews.com/2023/08/ongoing-xurum-attacks-on-e-commerce.html
HAK5 BashBunny USB Gadget IoC Removal
StealthBunny is a tool designed to modify HAK5s BashBunny USB gadget kernel driver to remove possible indicators of compromise.
https://github.com/emptynebuli/StealthBunny
Microsofts Cloud-Hack: Überprüfung durch US Cyber Safety Review Board
Die Cybervorfälle der letzten Monate haben die US-Sicherheitsbehörden aufgeschreckt. Nun will sich das US Cyber Safety Review Board (CSRB) den Hack der Microsoft Cloud durch die mutmaßlich chinesische Hackergruppe Storm-0558 genauer ansehen. Der Fall war im Juli 2023 bekannt geworden und hatte wegen der Umstände Wellen geschlagen.
https://www.borncity.com/blog/2023/08/12/microsofts-cloud-hack-berprfung-durch-us-cyber-safety-review-board/
Whats New in CVSS v4
The standard has been improved over time with the release of v1 in Feb. 2005, v2 in June 2007, and v3 in June 2015. The current version (v3.1) debuted in June 2019. Version 4 is slated for release on October 1, 2023.
https://www.rapid7.com/blog/post/2023/08/14/whats-new-in-cvss-v4/
Vulnerabilities
VU#127587: Python Parsing Error Enabling Bypass CVE-2023-24329
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
https://kb.cert.org/vuls/id/127587
Schwachstelle in Sync 3: Infotainmentsystem von Ford ermöglicht Angriff via Wi-Fi
Das in vielen Ford-Modellen genutzte Infotainmentsystem Sync 3 hat eine Schwachstelle, durch die Angreifer böswilligen Code ausführen können.
https://www.golem.de/news/schwachstelle-in-sync-3-infotainmentsystem-von-ford-ermoeglicht-angriff-via-wi-fi-2308-176722.html
Security updates for Monday
Security updates have been issued by Debian (gst-plugins-ugly1.0, libreoffice, linux-5.10, netatalk, poppler, and sox), Fedora (chromium, ghostscript, java-1.8.0-openjdk-portable, java-11-openjdk, java-11-openjdk-portable, java-17-openjdk-portable, java-latest-openjdk-portable, kernel, linux-firmware, mingw-python-certifi, ntpsec, and php), Oracle (.NET 6.0, .NET 7.0, 15, 18, bind, bind9.16, buildah, cjose, curl, dbus, emacs, firefox, go-toolset and golang, go-toolset:ol8, grafana, iperf3, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libcap, libeconf, libssh, libtiff, libxml2, linux-firmware, mod_auth_openidc:2.3, nodejs, nodejs:16, nodejs:18, open-vm-tools, openssh, postgresql:12, postgresql:13, python-requests, python27:2.7, python3, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, ruby:2.7, samba, sqlite, systemd, thunderbird, virt:ol and virt-devel:rhel, and webkit2gtk3), SUSE (docker, java-1_8_0-openj9, kernel, kernel-firmware, libyajl, nodejs14, openssl-1_0_0, poppler, and webkit2gtk3), and Ubuntu (golang-yaml.v2, intel-microcode, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux-oem-6.1, pygments, and pypdf2).
https://lwn.net/Articles/941587/
F5: K000135795 : Downfall Attacks CVE-2022-40982
https://my.f5.com/manage/s/article/K000135795
F5: K000135831 : Node.js vulnerability CVE-2023-32067
https://my.f5.com/manage/s/article/K000135831
A vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Scale packaged in IBM Elastic Storage System (CVE-2023-24998)
https://www.ibm.com/support/pages/node/7025515
Multiple Linux Kernel vulnerabilities may affect IBM Elastic Storage System
https://www.ibm.com/support/pages/node/7025507
IBM Elastic Storage System is affected by a vulnerability in OpenSSL (CVE-2022-4450)
https://www.ibm.com/support/pages/node/7025510
Postgresql JDBC drivers shipped with IBM Security Verify Access have a vulnerability (CVE-2022-41946)
https://www.ibm.com/support/pages/node/7014261
IBM GSKit as shipped with IBM Security Verify Access has fixed a reported vulnerability (CVE-2023-32342)
https://www.ibm.com/support/pages/node/7014259
Security Vulnerabilities fixed in IBM Security Verify Access (CVE-2022-40303)
https://www.ibm.com/support/pages/node/7009741
Apache Log4j Vulnerability affects Cloud Pak for Data (CVE-2021-44228)
https://www.ibm.com/support/pages/node/6529302
IBM PowerVM Novalink is vulnerable because flaw was found in IBM SDK, Java Technology Edition, which could allow a remote attacker to execute arbitrary code on the system caused by an unsafe deserialization flaw. (CVE-2022-40609)
https://www.ibm.com/support/pages/node/7026380
Kafka nodes in IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to snappy-java (CVE-2023-34453, CVE-2023-34455, CVE-2023-34454).
https://www.ibm.com/support/pages/node/7026403
IBM ELM affected as Java deserialization filters (JEP 290) ignored during IBM ORB deserialization (CVE-2022-40609)
https://www.ibm.com/support/pages/node/7026536
Vulnerability in IBM Java SDK affects WebSphere Service Registry and Repository (CVE-2022-40609)
https://www.ibm.com/support/pages/node/7026489
Security Vulnerabilities in JRE and Java packages affect IBM Voice Gateway
https://www.ibm.com/support/pages/node/7026553