Tageszusammenfassung - 13.09.2023

End-of-Day report

Timeframe: Dienstag 12-09-2023 18:00 - Mittwoch 13-09-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter

News

Patchday: Angriffe mittels präparierter PDF-Dateien auf Adobe Acrobat

Adobe hat in Acrobat und Reader, Connect und Experience Manager mehrere Sicherheitslücken geschlossen.

https://heise.de/-9303487

Notfallpatch sichert Firefox und Thunderbird gegen Attacken ab

Mozilla hat in seinen Webbrowsern und seinem Mailclient eine Sicherheitslücke geschlossen, die Angreifer bereits ausnutzen.

https://heise.de/-9303536

Microsoft Security Update Summary (12. September 2023)

Am 12. September 2023 hat Microsoft Sicherheitsupdates für Windows-Clients und -Server, für Office- sowie für weitere Produkte - veröffentlicht. Die Sicherheitsupdates beseitigen 61 CVE-Schwachstellen, zwei sind 0-day Schwachstellen. Nachfolgend findet sich ein kompakter Überblick über diese Updates [...]

https://www.borncity.com/blog/2023/09/13/microsoft-security-update-summary-12-september-2023/

Threat landscape for industrial automation systems. Statistics for H1 2023

In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%.

https://securelist.com/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2023/110605/

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool [...]

https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/

Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints

Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August 23, 2023, [...]

https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html

OpenSSL 1.1.1 reaches end of life for all but the well-heeled

$50k to breathe new life into its corpse. The rest of us must move on to OpenSSL 3.0 OpenSSL 1.1.1 has reached the end of its life, making a move to a later version essential for all, bar those with extremely deep pockets.

https://go.theregister.com/feed/www.theregister.com/2023/09/12/openssl_111_end_of_life/

macOS Info-Stealer Malware -MetaStealer- Targeting Businesses

The MetaStealer macOS information stealer has been targeting businesses to exfiltrate keychain and other valuable information.

https://www.securityweek.com/macos-info-stealer-malware-metastealer-targeting-businesses/

How Next-Gen Threats Are Taking a Page From APTs

Cybercriminals are increasingly trying to find ways to get around security, detection, intelligence and controls as APTs start to merge with conventional cybercrime.

https://www.securityweek.com/how-next-gen-threats-are-taking-a-page-from-apts/

How Three Letters Brought Down UK Air Traffic Control

The UK bank holiday weekend at the end of August is a national holiday in which it sometimes seems the entire country ups sticks and makes for somewhere with a beach. This year though, many of them couldn-t, because the country-s NATS air traffic system went down and stranded many to grumble in the heat of a crowded terminal. At the time it was blamed on faulty flight data, but news now emerges that the data which brought down an entire country-s air traffic control may have not been faulty at all.

https://hackaday.com/2023/09/13/how-three-letters-brought-down-uk-air-traffic-control/

3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack

Attackers resorted to new ransomware after deployment of LockBit was blocked on targeted network.

https://symantec-enterprise-blogs.security.com/threat-intelligence/3am-ransomware-lockbit

White House urging dozens of countries to publicly commit to not pay ransoms

The U.S. National Security Council (NSC) is urging the governments of all countries participating in the International Counter Ransomware Initiative (CRI) to issue a joint statement announcing they will not pay ransoms to cybercriminals, according to three sources with knowledge of the plans.

https://therecord.media/counter-ransomware-initiative-members-ransom-payments-statement

September 2023 release of new Exchange Server CVEs (resolved by August 2023 Security Updates)

You may have noticed there were several new Exchange Server CVEs that were released today (a part of September 2023 -Patch Tuesday-). If you haven-t yet, you can go to the Security Update Guide and filter on Exchange Server under Product Family to review CVE information. The CVEs released today were actually addressed in the August 2023 Exchange Server Security Update (SU). Due to the timing of validation of those fixes and release dates, we decided to release the CVEs as a part of September 2023 -Patch Tuesday- release cycle. We know that many customers are accustomed to checking for Microsoft security releases on the second Tuesday of every month, and we did not want these CVEs to go unnoticed.

https://techcommunity.microsoft.com/t5/exchange-team-blog/september-2023-release-of-new-exchange-server-cves-resolved-by/ba-p/3924063

Vulnerabilities

Security updates for Wednesday

Security updates have been issued by Debian (e2guardian), Fedora (libeconf), Red Hat (dmidecode, kernel, kernel-rt, keylime, kpatch-patch, libcap, librsvg2, linux-firmware, and qemu-kvm), Slackware (mozilla), SUSE (chromium and shadow), and Ubuntu (cups, dotnet6, dotnet7, file, flac, and ruby-redcloth).

https://lwn.net/Articles/944354/

BSRT-2023-001 Vulnerabilities in Management Console and Self Service Impact AtHoc Server

https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000112406

VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates

https://kb.cert.org/vuls/id/347067

Cisco IOS XR Software Model-Driven Programmability Behavior with AAA Authorization

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-info-GXp7nVcP

Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt

Cisco IOS XR Software Access Control List Bypass Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF

IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/

K000136157 : sssd vulnerability CVE-2022-4254

https://my.f5.com/manage/s/article/K000136157?utm_source=f5support&utm_medium=RSS

Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability

https://cert.vde.com/de/advisories/VDE-2023-031/

Elliptic Labs Virtual Lock Sensor Vulnerability

https://support.lenovo.com/product_security/PS500576-ELLIPTIC-LABS-VIRTUAL-LOCK-SENSOR-VULNERABILITY

Lenovo XClarity Controller (XCC) Vulnerabilities

https://support.lenovo.com/product_security/PS500578

Intel Dynamic Tuning Technology Advisory

https://support.lenovo.com/product_security/PS500577-INTEL-DYNAMIC-TUNING-TECHNOLOGY-ADVISORY