Tageszusammenfassung - 19.09.2023

End-of-Day report

Timeframe: Montag 18-09-2023 18:00 - Dienstag 19-09-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter

News

Jetzt patchen! Tausende Juniper-Firewalls immer noch ohne Sicherheitsupdate

Aufgrund eines neuen Exploits sind Attacken auf Juniper-Firewalls jetzt noch einfacher. Sicherheitspatches sind verfügbar.

https://www.heise.de/news/Jetzt-patchen-Tausende-Juniper-Firewalls-immer-noch-ohne-Sicherheitsupdate-9309664.html


Bumblebee malware returns in new attacks abusing WebDAV folders

The malware loader Bumblebee has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.

https://www.bleepingcomputer.com/news/security/bumblebee-malware-returns-in-new-attacks-abusing-webdav-folders/


Security baseline for Microsoft Edge version 117

Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode (Added)

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-117/ba-p/3930862


Härtung des Dateitransfers: Microsoft sichert das SMB-Protokoll ab

Mit zwei Maßnahmen sichert Microsoft sowohl die SMB Client- als auch die Serverseite besser ab. Wir zeigen, worauf Administratoren achten müssen.

https://www.heise.de/news/Haertung-des-Dateitransfers-Microsoft-sichert-das-SMB-Protokoll-ab-9309870.html


CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks

The US cybersecurity agency CISA says four vulnerabilities found last year in Owl Labs video conferencing devices - flaws that require the attacker to be in close range of the target - have been exploited in attacks.

https://www.securityweek.com/cisa-says-owl-labs-vulnerabilities-requiring-close-physical-range-exploited-in-attacks/


Fake-Shop-Trends im Herbst und Winter

Warme Jacken, Skianzüge und Regenstiefel haben wieder Saison. Auch die Nachfrage nach Pellets und Holz steigt langsam wieder. Das wissen auch Kriminelle und stellen ihre Fake-Shops auf Herbst- und Winterangebote um. Wir zeigen Ihnen, welche Fake-Shop-Trends es gerade gibt und wie Sie sich vor betrügerischen Angeboten schützen.

https://www.watchlist-internet.at/news/fake-shop-trends-im-herbst-und-winter/


Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

Researchers should be aware of threat actors repurposing older proof of concept (PoC) code to quickly craft a fake PoC for a newly released vulnerability. On Aug. 17, 2023, the Zero Day Initiative publicly reported a remote code execution (RCE) vulnerability in WinRAR tracked as CVE-2023-40477. They had disclosed it to the vendor on June 8, 2023. Four days after the public reporting of CVE-2023-40477, an actor using an alias of whalersplonk committed a fake PoC script to their GitHub repository.

https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/

Vulnerabilities

Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346)

VxWorks is a real-time operating system used in many embedded devices in high-availability environments with high safety and security requirements. This includes important industrial, medical, airospace, networking and automotive devices. For example, NASAs Curiosity rover currently deployed on planet Mars is using Wind Rivers VxWorks operating system.

https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/


SolarWinds Platform 2023.3.1 Release Notes

SolarWinds Platform 2023.3.1 is a service release providing bug and security fixes for release 2023.3. For information about the 2023.3 release, including EOL notices and upgrade information, see SolarWinds Platform 2023.3 Release Notes.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm


Security updates for Tuesday

Security updates have been issued by Debian (chromium, flac, gnome-shell, libwebp, openjdk-11, and xrdp), Fedora (giflib), Oracle (kernel), Red Hat (busybox, dbus, firefox, frr, kpatch-patch, libwebp, open-vm-tools, and thunderbird), Slackware (netatalk), SUSE (flac, gcc12, kernel, libeconf, libwebp, libxml2, and thunderbird), and Ubuntu (binutils, c-ares, libraw, linux-intel-iotg, nodejs, python-django, and vsftpd).

https://lwn.net/Articles/944848/


Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products

Trend Micro on Tuesday released an advisory to warn customers that a critical vulnerability affecting Apex One and other endpoint security products has been exploited in the wild.

https://www.securityweek.com/trend-micro-patches-exploited-zero-day-vulnerability-in-endpoint-security-products/


Spring Security 5.8.7, 6.0.7, 6.1.4, 6.2.0-M1 Released, including fixes for CVE-2023-34042

https://spring.io/blog/2023/09/18/spring-security-5-8-7-6-0-7-6-1-4-6-2-0-m1-released-including-fixes-for-cve


Spring for GraphQL 1.0.5, 1.1.6, 1.2.3 released

https://spring.io/blog/2023/09/19/spring-for-graphql-1-0-5-1-1-6-1-2-3-released


Zyxel security advisory for command injection vulnerability in EMG2926-Q10A Ethernet CPE

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe


PHOENIX CONTACT: Multiple products affected by WIBU Codemeter Vulnerabilities

https://cert.vde.com/de/advisories/VDE-2023-030/


Omron CJ/CS/CP Series

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05


Omron Engineering Software

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04


Omron Engineering Software Zip-Slip

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-03


Vulnerabilities in Bash affect ProtecTIER (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

https://www.ibm.com/support/pages/node/690049


Multiple vulnerabilities in OpenSSL affect ProtecTIER

https://www.ibm.com/support/pages/node/691201


Multiple vulnerabilities in Samba - including Badlock - affect ProtecTIER

https://www.ibm.com/support/pages/node/691257


Vulnerability in Linux Kernel affects ProtecTIER: Dirty COW vulnerability (CVE-2016-5195)

https://www.ibm.com/support/pages/node/696401


Vulnerability in glibc library affects ProtecTIER(CVE-2014-5119)

https://www.ibm.com/support/pages/node/690187


Vulnerability in OpenSSL affects ProtecTIER (CVE-2016-2108)

https://www.ibm.com/support/pages/node/695443


IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041)

https://www.ibm.com/support/pages/node/7000021


IBM Storage Protect Operations Center is vulnerable to denial of service due to Websphere Application Server Liberty ( CVE-2023-28867 )

https://www.ibm.com/support/pages/node/7034039


IBM Storage Protect Server is vulnerable to denial of service and other attacks due to Db2

https://www.ibm.com/support/pages/node/7034037


Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI

https://www.ibm.com/support/pages/node/7034198


Vulnerabilities in Linux kernel and Python can affect IBM Spectrum Protect Plus

https://www.ibm.com/support/pages/node/7034265


IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules tough-cookie and semver (CVE-2023-26136, CVE-2022-25883).

https://www.ibm.com/support/pages/node/7031733


A vulnerability in the Administrative command line client affects IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2023-40368)

https://www.ibm.com/support/pages/node/7034288