End-of-Day report
Timeframe: Dienstag 22-08-2023 18:00 - Mittwoch 23-08-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Schwachstellen im Web-Interface machen Aruba Orchestrator angreifbar
Angreifer können Arubas SD-WAN-Managementlösung EdgeConnect SD-WAN Orchestrator attackieren.
https://heise.de/-9282524
CISA warnt vor Angriffen auf Veeam-Backup-Sicherheitslücke
Die Cybersicherheitsbehörde CISA warnt vor aktuell laufenden Angriffen auf eine Veeam-Backup-Schwachstelle. Updates stehen bereit.
https://heise.de/-9282365
Die beliebteste WLAN-Glühbirne auf Amazon lässt Hacker in euer Netzwerk
Die TP-Link Tapo L530E hat Sicherheitslücken, mit denen sich Fremde Zugriff auf euer WLAN und damit auch auf die Geräte darin verschaffen können.
https://futurezone.at/produkte/wlan-lampe-gluehbrine-amazon-hacker-tp-link-tapo-l530e/402566333
Vorsicht: Gefälschte Versionen von Google Bard verbreiten Malware
Achtung vor Fake-Werbung mit Google Bard: Hinter den Links befindet sich Malware.
https://futurezone.at/digital-life/google-bard-malware-faelschungen-fake-software-warnung/402566711
More Exotic Excel Files Dropping AgentTesla, (Wed, Aug 23rd)
Excel is an excellent target for attackers. The Microsoft Office suite is installed on millions of computers, and people trust these files. If we have the classic xls, xls, xlsm file extensions, Excel supports many others! Just check your local registry: [...]
https://isc.sans.edu/diary/rss/30150
Lateral movement: A conceptual overview
I think it would help a lot of those people to look at lateral movement from a conceptual point of view, instead of trying to understand all the techniques and ways in which lateral movement is achieved. [...] The goal is to hopefully enable more people to learn about how they can restructure or design their environments to be more resilient against lateral movement.
https://diablohorn.com/2023/08/22/lateral-movement-a-conceptual-overview/
Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.
In large metropolitan areas, tourists are often easy to spot because theyre far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.
https://krebsonsecurity.com/2023/08/tourists-give-themselves-away-by-looking-up-so-do-most-network-intruders/
Hackergruppe CosmicBeetle verbreitet Ransomware in Europa
Gruppe verwendet das Toolset Spacecolon, um Ransomware unter ihren Opfern zu verbreiten und Lösegeld zu erpressen.
https://www.zdnet.de/88411341/hackergruppe-cosmicbeetle-verbreitet-ransomware-in-europa/
NVMe: New Vulnerabilities Made Easy
As vulnerability researchers, our primary mission is to find as many vulnerabilities as possible with the highest severity as possible. Finding vulnerabilities is usually challenging. But could there be a way, in some cases, to reach the same results with less effort?
https://www.cyberark.com/resources/threat-research-blog/nvme-new-vulnerabilities-made-easy
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Debian (mediawiki and qt4-x11), Fedora (java-17-openjdk, linux-firmware, and python-yfinance), Red Hat (kernel, kpatch-patch, and subscription-manager), SUSE (evolution, janino, kernel, nodejs16, nodejs18, postgresql15, qt6-base, and ucode-intel), and Ubuntu (inetutils).
https://lwn.net/Articles/942514/
Google Chrome 116.0.5845.110/.111 Sicherheitsupdates
Google hat zum 22. August 2023 Updates des Google Chrome Browsers 116 im Stable Channel für Mac, Linux und Windows freigegeben. Es sind Sicherheitsupdates, die in den kommenden Wochen ausgerollt werden und 5 Schwachstellen (Einstufung als "hoch") beseitigen soll.
https://www.borncity.com/blog/2023/08/23/google-chrome-116-0-5845-110-111-sicherheitsupdates/
CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Standard
https://www.ibm.com/support/pages/node/7028405
CVE-2022-40609 may affect IBM Java shipped with IBM CICS TX Advanced
https://www.ibm.com/support/pages/node/7028403
CVE-2022-40609 may affect IBM Java shipped with IBM TXSeries for Multiplatforms
https://www.ibm.com/support/pages/node/7028404
Multiple vulnerabilities may affect IBM Semeru Runtime
https://www.ibm.com/support/pages/node/7028407
AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408)
https://www.ibm.com/support/pages/node/7028420