Tageszusammenfassung - 15.09.2023

End-of-Day report

Timeframe: Donnerstag 14-09-2023 18:00 - Freitag 15-09-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a


What is Secure Shell (SSH) & How to Use It: Security & Best Practices

In this blog post, we-re going to delve deeper into what Secure Shell (SSH) is, how it operates, and why it-s useful. We-ll cover everything from the basics of connecting with SSH to common commands and best practices for ensuring secure communications and file transfers.


A detailed analysis of the Money Message Ransomware

The threat actor group, Money Message ransomware, first appeared in March 2023, demanding million-dollar ransoms from its targets. Its configuration, which contains the services and processes to stop a ransomware attack, can be found at the end of the executable. The ransomware creates a mutex and deletes the Volume Shadow Copies using vssadmin.exe.


Mehr Sicherheit für (Open-)Sourcecode: OpenSSF veröffentlicht Leitfaden

Ein Leitfaden der Open Source Security Foundation zeigt Tools und Best Practices zum Absichern von Code auf Versionsverwaltungsplattformen auf.


Watch out, this LastPass email with "Important information about your account" is a phish

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email.


Threat Group Assessment: Turla (aka Pensive Ursa)

Pensive Ursa was chosen to be the main focus for the 2023 MITRE ATT&CK evaluation. MITRE has described Turla as being -known for their targeted intrusions and innovative stealth.- The results of this evaluation, including Palo Alto Networks scoring, will be published in late September 2023.


Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety

UNC3944 is a financially motivated threat cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smshing) to obtain credentials to gain and escalate access to victim organizations. At least some UNC3944 threat actors appear to operate in underground communities, such as Telegram and underground forums, which they may leverage to acquire tools, services, and/or other support to augment their operations.



Jetzt patchen! Sicherheitslösungen von Fortinet als Sicherheitsrisiko

Mehrere Produkte von Fortinet sind verwundbar. Sicherheitsupdates schaffen Abhilfe.


Management-Controller Lenovo XCC: Angreifer können Passwörter manipulieren

Der Computerhersteller Lenovo hat in XClarity Controller mehrere Sicherheitslücken geschlossen.


Security updates for Friday

Security updates have been issued by Debian (c-ares and samba), Fedora (borgbackup, firefox, and libwebp), Oracle (.NET 6.0 and kernel), Slackware (libwebp), SUSE (chromium and firefox), and Ubuntu (atftp, dbus, gawk, libssh2, libwebp, modsecurity-apache, and mutt).


QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities


Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to HTTP header injection due to Go CVE-2023-29406


Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to bypassing security restrictions due to multiple Node.js vulnerabilities


IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload (CVE-2023-24998)


Due to use of Golang Go, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities.


Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products


IBM Operational Decision Manager August 2023 - Multiple CVEs addressed


Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management


CVE-2023-24539, CVE-2023-29400, CVE-2023-29403, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to Go affect IBM CICS TX Standard 11.1


CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to Go affect IBM CICS TX Advanced 11.1


Vulnerabilities in Golang, openSSH and openJDK might affect IBM Spectrum Copy Data Management


Vulnerabilities in snappy-java might affect IBM Spectrum Copy Data Management


Vulnerabilities in cURL libcurl might affect IBM Spectrum Copy Data Management