Tageszusammenfassung - 14.09.2023

End-of-Day report

Timeframe: Mittwoch 13-09-2023 18:00 - Donnerstag 14-09-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter


Windows 11 -ThemeBleed- RCE bug gets proof-of-concept exploit

Security researcher Gabe Kirkpatrick has made a proof-of-concept (PoC) exploit available for CVE-2023-38146, aka "ThemeBleed," which enables attackers to trigger arbitrary remote code execution if the target opens a specially crafted .theme file.


Top 10 Facts About MOVEit Breach

This breach exposed the vulnerabilities inherent in some of the world-s most trusted platforms and highlighted the audacity and capabilities of modern cybercriminals. Furthermore, becoming the primary attack vector for the Cl0p ransomware group, it has led to many other attacks.


Column-Level Encryption 101: What is It, implementation & Benefits

By encrypting individual columns of data, organizations can limit access to the data, reduce the potential damage of a breach and help ensure the privacy of their customers information. In this post, we will explore the power of column-level encryption for data security. So let-s dive in.


Uncursing the ncurses: Memory corruption vulnerabilities found in library

Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces (TUI). Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface (POSIX) operating systems, including Linux, macOS, and FreeBSD.


PSA: Ongoing Webex malvertising campaign drops BatLoader

A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco's brand and is displayed first when performing a Google search.


QR-Code in E-Mails von vermeintlichen Lieferanten führt zu Phishing-Seite

Aktuell ist ein besonders perfides Phishing-Mail im Umlauf: Unternehmen werden von ihnen bekannten Lieferanten kontaktiert, die ein Angebot per QR-Code übermitteln. Zumindest wird das in der Nachricht behauptet. Tatsächlich führt das Scannen des QR-Codes auf eine Phishing-Seite. Kriminelle versuchen dabei, an die Zugangsdaten für das Microsoft-Konto der Mitarbeiter:innen zu kommen.


Vorsicht vor Phishing-E-Mails von "oesterreich.gv.at" & "a-trust.at"

Momentan befinden sich zahlreiche Phishing-Nachrichten von vermeintlich vertrauenswürdigen Absendern in Umlauf. Die Nachrichten versprechen angebliche Rückerstattungen von Oesterreich.gv.at. Klicken Sie nicht auf die Links, Ihre Daten werden gestohlen!



FortiGuard PSIRT Advisories

Fortiguard Labs have released 12 Advisories for FortiADC, FortiAPs, FortiAP-U, FortiClient-EMS, FortiManager & FortiAnalyzer, FortiOS & FortiProxy, FortiPresence, FortiSIEM, FortiTester and FortiWeb. (Severity: 3x High, 8x Medium, 1x Low)


Siemens hat mit 14.09.2023 weitere 2 Security Advisories veröffentlicht

SSA-646240: Sensitive Information Disclosure in SIMATIC PCS neo Administration Console (5.5), SSA-357182: Local Privilege Escalation Vulnerability in Spectrum Power 7 (8.2)


Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)

Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week.


Security updates for Thursday

Security updates have been issued by Debian (firefox-esr, libwebp, ruby-loofah, and ruby-rails-html-sanitizer), Fedora (open-vm-tools and salt), Oracle (.NET 7.0, dmidecode, flac, gcc, httpd:2.4, keylime, libcap, librsvg2, and qemu-kvm), Red Hat (.NET 6.0 and .NET 7.0), Slackware (libarchive and mozilla), SUSE (chromium and kernel), and Ubuntu (curl, firefox, ghostscript, open-vm-tools, postgresql-9.5, and thunderbird).


Drupal: Mail Login - Critical - Access bypass - SA-CONTRIB-2023-045


Rockwell Automation Pavilion8


Palo Alto: CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent (Severity: MEDIUM)


Palo Alto: CVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software (Severity: HIGH)


: PostgreSQL Vulnerability Affects IBM Connect:Direct Web Service (CVE-2023-39417)


CISA Adds Three Known Vulnerabilities to Catalog