End-of-Day report
Timeframe: Montag 21-08-2023 18:00 - Dienstag 22-08-2023 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Sneaky Amazon Google ad leads to Microsoft support scam
A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser.
https://www.bleepingcomputer.com/news/security/sneaky-amazon-google-ad-leads-to-microsoft-support-scam/
Akira ransomware targets Cisco VPNs to breach organizations
Theres mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
https://www.bleepingcomputer.com/news/security/akira-ransomware-targets-cisco-vpns-to-breach-organizations/
Security review for Microsoft Edge version 116
We are pleased to announce the security review for Microsoft Edge, version 116! We have reviewed the new settings in Microsoft Edge version 116 and determined that there are no additional security settings that require enforcement. The Microsoft Edge version 114 security baseline continues to be our recommended configuration which can be downloaded from the Microsoft Security Compliance Toolkit.
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-review-for-microsoft-edge-version-116/ba-p/3905425
New Variant of XLoader macOS Malware Disguised as OfficeNote Productivity App
A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote.""The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis.
https://thehackernews.com/2023/08/new-variant-of-xloader-macos-malware.html
CISA, NSA, and NIST Publish Factsheet on Quantum Readiness
Today, [CISA, NSA, NIST] released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations-especially those that support Critical Infrastructure-of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap.
https://www.cisa.gov/news-events/alerts/2023/08/21/cisa-nsa-and-nist-publish-factsheet-quantum-readiness
Exploitation of Openfire CVE-2023-32315
This vulnerability has flown under the radar on the defensive side of the industry. CVE-2023-32315 has been exploited in the wild, but you won-t find it in the CISA KEV catalog. There has also been minimal discussion about indicators of compromise and very few detections (although to their credit, Ignite Realtime put out patches and a great mitigation guide back in May).
https://vulncheck.com/blog/openfire-cve-2023-32315
Kritische Sicherheitslücke in Ivanti Sentry wird bereits missbraucht
Ivanti schließt in Sentry, vormals MobileIron Sentry, eine kritische Sicherheitslücke. Sie wird bereits angegriffen.
https://heise.de/-9278280
Facebook: Vorsicht vor Fake-Gewinnspielen von Kronehit und Radio Arabella
Kriminelle erstellen auf Facebook Fake-Profile von österreichischen Radiomoderator:innen. Betroffen sind aktuell Melanie See von Radio Arabella und Christian Mederitsch von Kronehit. Auf den Fake-Profilen werden betrügerische Gewinnspiele verbreitet. -Gewinner:innen- werden per Kommentar benachrichtigt und müssen dann einen Link aufrufen oder dem Fake-Profil eine Privatnachricht schreiben. Melden Sie das Fake-Gewinnspiel und antworten Sie nicht!
https://www.watchlist-internet.at/news/facebook-vorsicht-vor-fake-gewinnspielen-von-kronehit-und-radio-arabella/
This AI-generated crypto invoice scam almost got me, and Im a security pro
Even a tech pro can fall for a well-laid phishing trap. Heres what happened to me - and how you can avoid a similar fate, too.
https://www.zdnet.com/article/this-ai-generated-crypto-invoice-scam-almost-got-me-and-im-a-security-pro/#ftag=RSSbaffb68
Verbraucherzentrale warnt vor Fake-Paypal-Betrugsanrufen
Ich nehme mal die Warnung vor einer Betrugsmasche hier mit im Blog auf, vor der die Verbraucherzentrale Baden-Württemberg aktuell warnt. Betrüger versuchen wohl über Call Center Opfer in Deutschland mit Schockanrufen über den Tisch zu ziehen.
https://www.borncity.com/blog/2023/08/22/verbraucherzentrale-warnt-vor-fake-paypal-betrugsanrufen/
Vulnerabilities
TP-Link smart bulbs can let hackers steal your WiFi password
Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Links Tapo app, which could allow attackers to steal their targets WiFi password.
https://www.bleepingcomputer.com/news/security/tp-link-smart-bulbs-can-let-hackers-steal-your-wifi-password/
McAfee Security Bulletin - McAfee Safe Connect update fixes Privilege Escalation vulnerability (CVE-2023-40352)
This Security Bulletin describes a vulnerability in a McAfee program, and provides ways to remediate (fix) the issue or mitigate (minimize) its impact.
https://www.mcafee.com/support/?articleId=TS103462&page=shell&shell=article-view
Hitachi Energy AFF66x
CVSS v3 9.6
Successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted devices.
CVE-2021-43523, CVE-2020-13817, CVE-2020-11868, CVE-2019-11477, CVE-2022-3204, CVE-2018-18066
https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-01
Rockwell Automation ThinManager ThinServer
CVSS v3 9.8
Rockwell Automation reports this vulnerability affects the following versions of ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software
CVE-2023-2914, CVE-2023-2915, CVE-2023-2917
https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-03
Trane Thermostats
CVSS v3 6.8
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as root using a specially crafted filename.
CVE-2023-4212
https://www.cisa.gov/news-events/ics-advisories/icsa-23-234-02
Jetzt patchen! Angreifer schieben Schadcode durch Lücke in Adobe ColdFusion
Angreifer attackieren Adobes Middleware ColdFusion. Sicherheitsupdates sind verfügbar.
https://heise.de/-9278446
K000135921 : Python urllib.parse vulnerability CVE-2023-24329
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
https://my.f5.com/manage/s/article/K000135921?utm_source=f5support&utm_medium=RSS
Critical Privilege Escalation Vulnerability in Charitable WordPress Plugin Affects Over 10,000 sites
After providing full disclosure details, the developer released a patch on August 17, 2023. We would like to commend the WP Charitable Team for their prompt response and timely patch, which was released in just one day.
We urge users to update their sites with the latest patched version of Charitable, which is version 1.7.0.13 at the time of this writing, as soon as possible.
https://www.wordfence.com/blog/2023/08/critical-privilege-escalation-vulnerability-in-charitable-wordpress-plugin-affects-over-10000-sites/
Security updates for Tuesday
Security updates have been issued by Debian (intel-microcode, lxc, and zabbix), Fedora (clamav), SUSE (python-configobj), and Ubuntu (clamav).
https://lwn.net/Articles/942405/
IBM Robotic Process Automation is vulnerable to exposure of sensitive information in application logs (CVE-2023-38732)
https://www.ibm.com/support/pages/node/7028221
IBM Robotic Process Automation is vulnerable to information disclosure of script content (CVE-2023-40370)
https://www.ibm.com/support/pages/node/7028218
Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management
https://www.ibm.com/support/pages/node/7028226
IBM Robotic Process Automation is vulnerable to sensitive information disclosure in installation logs (CVE-2023-38733)
https://www.ibm.com/support/pages/node/7028223
A vulnerability in urlib3 affects IBM Robotic Process Automation for Cloud Pak which may result in CRLF injection (CVE-2020-26137).
https://www.ibm.com/support/pages/node/7028229
Multiple security vulnerabilities in .NET may affect IBM Robotic Process Automation for Cloud Pak (CVE-2023-24936, CVE-2023-29337, CVE-2023-33128)
https://www.ibm.com/support/pages/node/7028228
IBM Robotic Process Automation is vulnerable to incorrect privilege assignment when importing user from an LDAP directory (CVE-2023-38734).
https://www.ibm.com/support/pages/node/7028227
AWS SDK for Java as used by IBM QRadar SIEM is vulnerable to path traversal (CVE-2022-31159)
https://www.ibm.com/support/pages/node/7027598
IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)
https://www.ibm.com/support/pages/node/6551376
IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/support/pages/node/6551326
IBM Informix JDBC Driver Is Vulnerable to Remote Code Execution (CVE-2023-27866)
https://www.ibm.com/support/pages/node/7007615
Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2022-21282, CVE-2022-21296, CVE-2022-21299)
https://www.ibm.com/support/pages/node/6565069
A Unspecified Java Vulnerability is affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2021-35550)
https://www.ibm.com/support/pages/node/6594121
Vulnerabilities in Linux kernel, libssh, and Java can affect IBM Spectrum Protect Plus
https://www.ibm.com/support/pages/node/7028316
Vulnerabilities in Oracle Java and the IBM Java SDK (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968 and CVE-2023-21937 ) affect Power HMC
https://www.ibm.com/support/pages/node/7028209
Multiple Vulnerabilities in IBM\u00ae Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2023 CPU
https://www.ibm.com/support/pages/node/7028350