End-of-Day report
Timeframe: Donnerstag 14-09-2023 18:00 - Freitag 15-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
What is Secure Shell (SSH) & How to Use It: Security & Best Practices
In this blog post, we-re going to delve deeper into what Secure Shell (SSH) is, how it operates, and why it-s useful. We-ll cover everything from the basics of connecting with SSH to common commands and best practices for ensuring secure communications and file transfers.
https://blog.sucuri.net/2023/09/what-is-secure-shell-ssh-how-to-use-it-security-best-practices.html
A detailed analysis of the Money Message Ransomware
The threat actor group, Money Message ransomware, first appeared in March 2023, demanding million-dollar ransoms from its targets. Its configuration, which contains the services and processes to stop a ransomware attack, can be found at the end of the executable. The ransomware creates a mutex and deletes the Volume Shadow Copies using vssadmin.exe.
https://resources.securityscorecard.com/research/analysis-money-message-ransomware
Mehr Sicherheit für (Open-)Sourcecode: OpenSSF veröffentlicht Leitfaden
Ein Leitfaden der Open Source Security Foundation zeigt Tools und Best Practices zum Absichern von Code auf Versionsverwaltungsplattformen auf.
https://www.heise.de/-9306112.html
Watch out, this LastPass email with "Important information about your account" is a phish
The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email.
https://www.malwarebytes.com/blog/news/2023/09/nasty-lastpass-phish
Threat Group Assessment: Turla (aka Pensive Ursa)
Pensive Ursa was chosen to be the main focus for the 2023 MITRE ATT&CK evaluation. MITRE has described Turla as being -known for their targeted intrusions and innovative stealth.- The results of this evaluation, including Palo Alto Networks scoring, will be published in late September 2023.
https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/
Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety
UNC3944 is a financially motivated threat cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smshing) to obtain credentials to gain and escalate access to victim organizations. At least some UNC3944 threat actors appear to operate in underground communities, such as Telegram and underground forums, which they may leverage to acquire tools, services, and/or other support to augment their operations.
https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware
Vulnerabilities
Jetzt patchen! Sicherheitslösungen von Fortinet als Sicherheitsrisiko
Mehrere Produkte von Fortinet sind verwundbar. Sicherheitsupdates schaffen Abhilfe.
https://www.heise.de/-9306543.html
Management-Controller Lenovo XCC: Angreifer können Passwörter manipulieren
Der Computerhersteller Lenovo hat in XClarity Controller mehrere Sicherheitslücken geschlossen.
https://www.heise.de/-9304734.html
Security updates for Friday
Security updates have been issued by Debian (c-ares and samba), Fedora (borgbackup, firefox, and libwebp), Oracle (.NET 6.0 and kernel), Slackware (libwebp), SUSE (chromium and firefox), and Ubuntu (atftp, dbus, gawk, libssh2, libwebp, modsecurity-apache, and mutt).
https://lwn.net/Articles/944581/
QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
https://www.ibm.com/support/pages/node/7032220
Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to HTTP header injection due to Go CVE-2023-29406
https://www.ibm.com/support/pages/node/7032249
Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to bypassing security restrictions due to multiple Node.js vulnerabilities
https://www.ibm.com/support/pages/node/7032238
IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload (CVE-2023-24998)
https://www.ibm.com/support/pages/node/7031979
Due to use of Golang Go, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities.
https://www.ibm.com/support/pages/node/7032901
Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products
https://www.ibm.com/support/pages/node/7032899
IBM Operational Decision Manager August 2023 - Multiple CVEs addressed
https://www.ibm.com/support/pages/node/7032928
Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management
https://www.ibm.com/support/pages/node/7029387
CVE-2023-24539, CVE-2023-29400, CVE-2023-29403, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to Go affect IBM CICS TX Standard 11.1
https://www.ibm.com/support/pages/node/7033006
CVE-2023-24540, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405 related to Go affect IBM CICS TX Advanced 11.1
https://www.ibm.com/support/pages/node/7033004
Vulnerabilities in Golang, openSSH and openJDK might affect IBM Spectrum Copy Data Management
https://www.ibm.com/support/pages/node/7029389
Vulnerabilities in snappy-java might affect IBM Spectrum Copy Data Management
https://www.ibm.com/support/pages/node/7029381
Vulnerabilities in cURL libcurl might affect IBM Spectrum Copy Data Management
https://www.ibm.com/support/pages/node/7029380