End-of-Day report
Timeframe: Montag 11-09-2023 18:00 - Dienstag 12-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
New WiKI-Eve attack can steal numerical passwords over WiFi
A new attack dubbed WiKI-Eve can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen.
https://www.bleepingcomputer.com/news/security/new-wiki-eve-attack-can-steal-numerical-passwords-over-wifi/
Free Download Manager backdoored - a possible supply chain attack on Linux machines
Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.
https://securelist.com/backdoored-free-download-manager-linux-malware/110465/
Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper
"A phishing email delivers the Word document as an attachment, presenting a deliberately blurred image and a counterfeit reCAPTCHA to lure the recipient into clicking on it," Fortinet FortiGuard Labs researcher Cara Lin said.
https://thehackernews.com/2023/09/sophisticated-phishing-campaign.html
Gefälschte Post-, DHL und UPS-Benachrichtigungen im Umlauf
Sie warten gerade auf ein Paket? Nehmen Sie Benachrichtigungen über den Lieferstatus genau unter die Lupe. Momentan kursieren viele betrügerische Infos. Per E-Mail oder SMS werden Sie informiert, dass noch Zollgebühren oder Versandkosten bezahlt werden müssen. Klicken Sie nicht auf den Link. Sie landen auf einer betrügerischen Seite, die Kreditkartendaten abgreift.
https://www.watchlist-internet.at/news/gefaelschte-post-dhl-und-ups-benachrichtigungen-im-umlauf/
Das European Cyber Shield
Die EU will im Rahmen vom "Digital Europe Programme" mit Förderungen für die Vernetzung von SOCs die Sicherheit der EU stärken und das System über einen neuen "Cyber Solidarity Act" dauerhaft einrichten. Ich hab dazu im Rahmen des CSIRTs Network Meetings im Juni einen Vortrag gehalten, dessen Inhalt ich jetzt auf ein ausformuliertes Paper (auf Englisch) erweitert habe.
https://cert.at/de/blog/2023/9/european-cyber-shield
Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk
A new vulnerability has been discovered that could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations. This technique could be used to perform a Repojacking attack (hijacking popular repositories to distribute malicious code).
https://checkmarx.com/blog/persistent-threat-new-exploit-puts-thousands-of-github-repositories-and-millions-of-users-at-risk/
Deleting Your Way Into SYSTEM: Why Arbitrary File Deletion Vulnerabilities Matter
Windows arbitrary file deletion vulnerabilities should no longer be considered mere annoyances or tools for Denial-of-Service (DoS) attacks. Over the past couple of years, these vulnerabilities have matured into potent threats capable of unearthing a portal to full system compromise. This transformation is exemplified in CVE-2023-27470 (an arbitrary file deletion vulnerability in N-Able-s Take Control Agent with a CVSS Base Score of 8.8) demonstrating that what might initially seem innocuous can, in fact, expose unexpected weaknesses within your system.
https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities
Vulnerabilities
NSO-Exploit: Apple fixt auch ältere Versionen von macOS, iOS und iPadOS
Nach Notfall-Updates für aktuelle Betriebssysteme schiebt Apple nun auch Patches für ältere Versionen nach. Man sollte flott aktualisieren.
https://heise.de/-9301842
Patchday: SAP schließt kritische Datenleak-Lücke in BusinessObjects
Es sind wichtige Sicherheitsupdates für SAP-Software erschienen. Admins sollten zeitnah handeln.
https://heise.de/-9302399
Security updates for Tuesday
Security updates have been issued by Debian (node-cookiejar and orthanc), Oracle (firefox, kernel, and kernel-container), Red Hat (flac and httpd:2.4), Slackware (vim), SUSE (python-Django, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and Ubuntu (c-ares, curl, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-raspi, and linux-ibm, linux-ibm-5.4).
https://lwn.net/Articles/944263/
ICS Patch Tuesday: Critical CodeMeter Vulnerability Impacts Several Siemens Products
ICS Patch Tuesday: Siemens has released 7 new advisories and Schneider Electric has released 1 new advisory.
https://www.securityweek.com/ics-patch-tuesday-critical-codemeter-vulnerability-impacts-several-siemens-products/
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0008
CVE identifiers: CVE-2023-28198, CVE-2023-32370,CVE-2023-40397.
https://webkitgtk.org/security/WSA-2023-0008.html
Google Chrome 116.0.5845.187/.188 fixt kritische Schwachstelle
Google hat zum 11. September 2023 Updates des Google Chrome Browsers 116 im Stable und Extended Channel für Mac, Linux und Windows freigegeben. Es sind Sicherheitsupdates, die ausgerollt werden und eine Schwachstelle (Einstufung als "kritisch") beseitigen sollen.
https://www.borncity.com/blog/2023/09/11/google-chrome-116-0-5845-187-188-fixt-kritische-schwachstelle/
Fujitsu Software Infrastructure Manager
An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext.
https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-02
Sicherheitsupdates in Foxit PDF Reader 2023.2 und Foxit PDF Editor 2023.2 verfügbar
https://www.foxit.com/de/support/security-bulletins.html
Hitachi Energy Lumada APM Edge
https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01
Multiple vulnerabilities in OpenSSL affect AIX
https://www.ibm.com/support/pages/node/7031625
Control Access issues in PCOMM
https://www.ibm.com/support/pages/node/7031707
Multiple Security vulnerabilities in IBM Java in FileNet Content Manager
https://www.ibm.com/support/pages/node/7001699
A vulnerability in FasterXML Jackson Core may affect IBM Robotic Process Automation and result in an application crash (IBM X-Force ID: 256137).
https://www.ibm.com/support/pages/node/7031716
IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable could provide weaker than expected security.
https://www.ibm.com/support/pages/node/7031051
Vulnerability in Open JDK affecting Rational Functional Tester
https://www.ibm.com/support/pages/node/7031729
IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules tough-cookie and semver (CVE-2023-26136, CVE-2022-25883).
https://www.ibm.com/support/pages/node/7031733
IBM Cloud Pak for Security includes components with multiple known vulnerabilities
https://www.ibm.com/support/pages/node/7031754