End-of-Day report
Timeframe: Mittwoch 13-09-2023 18:00 - Donnerstag 14-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Windows 11 -ThemeBleed- RCE bug gets proof-of-concept exploit
Security researcher Gabe Kirkpatrick has made a proof-of-concept (PoC) exploit available for CVE-2023-38146, aka "ThemeBleed," which enables attackers to trigger arbitrary remote code execution if the target opens a specially crafted .theme file.
https://www.bleepingcomputer.com/news/security/windows-11-themebleed-rce-bug-gets-proof-of-concept-exploit/
Top 10 Facts About MOVEit Breach
This breach exposed the vulnerabilities inherent in some of the world-s most trusted platforms and highlighted the audacity and capabilities of modern cybercriminals. Furthermore, becoming the primary attack vector for the Cl0p ransomware group, it has led to many other attacks.
https://socradar.io/top-10-facts-about-moveit-breach/
Column-Level Encryption 101: What is It, implementation & Benefits
By encrypting individual columns of data, organizations can limit access to the data, reduce the potential damage of a breach and help ensure the privacy of their customers information. In this post, we will explore the power of column-level encryption for data security. So let-s dive in.
https://www.piiano.com/blog/column-level-encryption
Uncursing the ncurses: Memory corruption vulnerabilities found in library
Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces (TUI). Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface (POSIX) operating systems, including Linux, macOS, and FreeBSD.
https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurses-memory-corruption-vulnerabilities-found-in-library/
PSA: Ongoing Webex malvertising campaign drops BatLoader
A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search.
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/ongoing-webex-malvertising-drops-batloader
QR-Code in E-Mails von vermeintlichen Lieferanten führt zu Phishing-Seite
Aktuell ist ein besonders perfides Phishing-Mail im Umlauf: Unternehmen werden von ihnen bekannten Lieferanten kontaktiert, die ein Angebot per QR-Code übermitteln. Zumindest wird das in der Nachricht behauptet. Tatsächlich führt das Scannen des QR-Codes auf eine Phishing-Seite. Kriminelle versuchen dabei, an die Zugangsdaten für das Microsoft-Konto der Mitarbeiter:innen zu kommen.
https://www.watchlist-internet.at/news/qr-code-in-e-mails-von-vermeintlichen-lieferanten-fuehrt-zu-phishing-seite/
Vorsicht vor Phishing-E-Mails von "oesterreich.gv.at" & "a-trust.at"
Momentan befinden sich zahlreiche Phishing-Nachrichten von vermeintlich vertrauenswürdigen Absendern in Umlauf. Die Nachrichten versprechen angebliche Rückerstattungen von Oesterreich.gv.at. Klicken Sie nicht auf die Links, Ihre Daten werden gestohlen!
https://www.watchlist-internet.at/news/vorsicht-vor-phishing-e-mails-von-oesterreichgvat-a-trustat/
Vulnerabilities
FortiGuard PSIRT Advisories
Fortiguard Labs have released 12 Advisories for FortiADC, FortiAPs, FortiAP-U, FortiClient-EMS, FortiManager & FortiAnalyzer, FortiOS & FortiProxy, FortiPresence, FortiSIEM, FortiTester and FortiWeb. (Severity: 3x High, 8x Medium, 1x Low)
https://fortiguard.fortinet.com/psirt?date=2023&product=FortiWeb,FortiSIEM,FortiClientEMS,FortiTester,FortiAP-S,FortiAP-U,FortiPresence,FortiManager,FortiOS-6K7K,FortiOS,FortiAnalyzer,FortiAnalyzer-BigData,FortiADC
Siemens hat mit 14.09.2023 weitere 2 Security Advisories veröffentlicht
SSA-646240: Sensitive Information Disclosure in SIMATIC PCS neo Administration Console (5.5), SSA-357182: Local Privilege Escalation Vulnerability in Spectrum Power 7 (8.2)
https://www.siemens.com/global/en/products/services/cert.html#SecurityPublications
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)
Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week.
https://www.wordfence.com/blog/2023/09/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-4-2023-to-september-10-2023/
Security updates for Thursday
Security updates have been issued by Debian (firefox-esr, libwebp, ruby-loofah, and ruby-rails-html-sanitizer), Fedora (open-vm-tools and salt), Oracle (.NET 7.0, dmidecode, flac, gcc, httpd:2.4, keylime, libcap, librsvg2, and qemu-kvm), Red Hat (.NET 6.0 and .NET 7.0), Slackware (libarchive and mozilla), SUSE (chromium and kernel), and Ubuntu (curl, firefox, ghostscript, open-vm-tools, postgresql-9.5, and thunderbird).
https://lwn.net/Articles/944481/
Drupal: Mail Login - Critical - Access bypass - SA-CONTRIB-2023-045
https://www.drupal.org/sa-contrib-2023-045
Rockwell Automation Pavilion8
https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-07
Palo Alto: CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2023-3280
Palo Alto: CVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2023-38802
: PostgreSQL Vulnerability Affects IBM Connect:Direct Web Service (CVE-2023-39417)
https://www.ibm.com/support/pages/node/7032120
CISA Adds Three Known Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2023/09/13/cisa-adds-three-known-vulnerabilities-catalog