End-of-Day report
Timeframe: Freitag 01-09-2023 18:00 - Montag 04-09-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
News
Chrome extensions can steal plaintext passwords from websites
A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a websites source code.
https://www.bleepingcomputer.com/news/security/chrome-extensions-can-steal-plaintext-passwords-from-websites/
New -YouPorn- sextortion scam threatens to leak your sex tape
A new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down.
https://www.bleepingcomputer.com/news/security/new-youporn-sextortion-scam-threatens-to-leak-your-sex-tape/
Yes, theres an npm package called @(-.-)/env and some others like it
Strangely named npm packages like -, @!-!/-, @(-.-)/env, and --hepl continue to exist on the internets largest software registry. While not all of these may necessarily pose an obvious security risk, some were named before npm enforced naming guidelines and could potentially break tooling.
https://www.bleepingcomputer.com/news/technology/yes-theres-an-npm-package-called-env-and-some-others-like-it/
PoC Exploit Released for Critical VMware Arias SSH Auth Bypass Vulnerability
Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.
https://thehackernews.com/2023/09/poc-exploit-released-for-critical.html
Webinar: Betrugsfallen im Internet erkennen
Wie schütze ich mich vor Internetkriminalität? Wie kann ich einen Fake Shop von einem seriösen Online-Shop unterscheiden? Wo lauern die dreistesten Abo-Fallen? Wie verschaffen sich Kriminelle Zugang zu meinen Daten? Das Webinar informiert über gängige Betrugsfallen im Internet und hilft, diese zu erkennen. Nehmen Sie kostenlos teil: Dienstag 12. September 2023, 18:30 - 20:00 Uhr via zoom
https://www.watchlist-internet.at/news/webinar-betrugsfallen-im-internet-erkennen/
Neue Phishing-Mails im Namen der ÖGK und des Finanzamtes unterwegs
Aktuell sind zwei neue Phishing-Mails im Umlauf. In der einen geben sich Kriminelle als Österreichische Gesundheitskasse (ÖGK) aus und behaupten, dass Sie eine Erstattung erhalten. Im anderen Mail wird Ihnen im Namen von FinanzOnline eine Erhöhung der Rente versprochen. Beide Mails fordern Sie auf, auf einen Link zu klicken. Ignorieren Sie diese Mails. Kriminelle stehlen damit Ihre Bankdaten.
https://www.watchlist-internet.at/news/neue-phishing-mails-im-namen-der-oegk-und-des-finanzamtes-unterwegs/
Decryptor für Key Group Ransomware verfügbar
Sicherheitsforscher von ElectricIQ haben in den Routinen der Key Group Ransomware eine Schwachstelle entdeckt, die es ermöglichte, Entschlüsselungs-Tools zur Wiederherstellung verschlüsselter Dateien zu entwickeln.
https://www.borncity.com/blog/2023/09/03/decryptor-fr-key-group-ransomware-verfgbar/
Firmware-Updates: Surface Laptop 4 und Surface Duo
Microsoft hat zum 31. August 2023 ein Firmware-Update für seinen Surface Laptop 4 veröffentlicht, welches Sicherheitsprobleme und ein Lade-Problem beheben soll. Zudem gibt es wohl das (vermutlich) letzte Firmware-Update für das Smartphone Surface Duo.
https://www.borncity.com/blog/2023/09/03/firmware-updates-surface-laptop-4-und-surface-duo/
Vulnerabilities
Tinycontrol LAN Controller v3 (LK3) Remote Admin Password Change
The application suffers from an insecure access control allowing an unauthenticated attacker to change accounts passwords and bypass authentication gaining panel control access.
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5787.php
Tinycontrol LAN Controller v3 (LK3) Remote Credentials Extraction PoC
An unauthenticated attacker can retrieve the controllers configuration backup file and extract sensitive information that can allow him/her/them to bypass security controls and penetrate the system in its entirety.
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5786.php
Security updates for Monday
Security updates have been issued by Debian (thunderbird), Fedora (firefox, kernel, kubernetes, and mediawiki), Mageia (openldap), SUSE (terraform), and Ubuntu (atftp, busybox, and thunderbird).
https://lwn.net/Articles/943492/
Mattermost security updates 8.1.1 (ESR) / 8.0.2 / 7.8.10 (ESR) released
We-re informing you about a Mattermost security update, which addresses low- to medium-level severity vulnerabilities. We highly recommend that you apply the update. The security update is available for Mattermost dot releases 8.1.1 (Extended Support Release), 8.0.2, and 7.8.10 (Extended Support Release), for both Team Edition and Enterprise Edition.
https://mattermost.com/blog/mattermost-security-updates-8-1-1-esr-8-0-2-7-8-10-esr-released/
Sicherheitslücken (CVE-2023-40481, CVE-2023-31102) in 7-ZIP; Fix in Version 23.00 (August 2023)
Kurzer Nachtrag vom Ende August 2023. Im Programm 7-Zip, welches zum Packen und Entpacken von ZIP-Archivdateien eingesetzt wird, haben Sicherheitsforscher gleich zwei Schwachstellen gefunden. Die Schwachstellen CVE-2023-40481 und CVE-2023-31102 werden vom Sicherheitsaspekt als hoch riskant eingestuft [..] Beide Schwachstellen wurden am 21. November 2022 an die 7-ZIP-Entwickler gemeldet und laut der Zero-Day-Initiative vom 23. August 2023 mit einem Update der Software auf die Version 23.00 (damals noch Beta) geschlossen.
https://www.borncity.com/blog/2023/09/03/sicherheitslcken-cve-2023-40481-cve-2023-31102-in-7-zip-fix-in-version-23-00-august-2023/
IBM MQ Explorer is affected by vulnerabilities in Eclipse Jetty (CVE-2023-26048, CVE-2023-26049)
https://www.ibm.com/support/pages/node/7027923
IBM MQ is affected by a denial of service vulnerability in OpenSSL (CVE-2023-2650)
https://www.ibm.com/support/pages/node/7027922
Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Maximo Application Suite
https://www.ibm.com/support/pages/node/7030429
IBM Security Verify Information Queue has multiple information exposure vulnerabilities (CVE-2023-33833, CVE-2023-33834, CVE-2023-33835)
https://www.ibm.com/support/pages/node/7029584
IBM Sterling Connect:Direct Browser User Interface vulnerable to remote code execution due to IBM Java (CVE-2022-40609)
https://www.ibm.com/support/pages/node/7030442
IBM Sterling Connect:Direct Web Services is vulnerable to remote code execution due to IBM Java (CVE-2022-40609)
https://www.ibm.com/support/pages/node/7030443
The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server traditional is vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)
https://www.ibm.com/support/pages/node/7030450
The IBM Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to denial of service (CVE-2023-38737)
https://www.ibm.com/support/pages/node/7030449
The IBM Engineering Lifecycle Engineering product using IBM\u00ae SDK, Java\u2122 Technology Edition is affected by multiple vulnerabilities (CVE-2023-22045, CVE-2023-22049)
https://www.ibm.com/support/pages/node/7030448
IBM Event Endpoint Management is vulnerable to a denial of service in Netty (CVE-2023-34462)
https://www.ibm.com/support/pages/node/7030456
A vulnerability has been identified in IBM WebSphere Application Server Liberty profile shipped with IBM Business Automation Workflow CVE-2023-38737)
https://www.ibm.com/support/pages/node/7030458
A vulnerability found in IBM WebSphere Application Server Liberty which is shipped with IBM\u00ae Intelligent Operations Center(CVE-2022-34165)
https://www.ibm.com/support/pages/node/7030460
IBM Cloud Pak for Network Automation 2.6 addresses multiple security vulnerabilities
https://www.ibm.com/support/pages/node/7030469
Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1
https://www.ibm.com/support/pages/node/7030462
Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1
https://www.ibm.com/support/pages/node/7030461
IBM Cloud Pak for Network Automation 2.6.1 fixes multiple security vulnerabilities
https://www.ibm.com/support/pages/node/7030470
Multiple vulnerabilities may affect IBM SDK, Java\u2122 Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint
https://www.ibm.com/support/pages/node/7030463
CVE-2022-40609 may affect Java Technology Edition used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint
https://www.ibm.com/support/pages/node/7030466
CVE-2023-34149 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint
https://www.ibm.com/support/pages/node/7030464
CVE-2023-34396 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint.
https://www.ibm.com/support/pages/node/7030465
IBM Java SDK update forJava deserialization filters (JEP 290) ignored during IBM ORB deserialization
https://www.ibm.com/support/pages/node/7030522
The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to Apache Johnzon (CVE-2023-33008)
https://www.ibm.com/support/pages/node/7030531