Tageszusammenfassung - 19.09.2023

End-of-Day report

Timeframe: Montag 18-09-2023 18:00 - Dienstag 19-09-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter


Jetzt patchen! Tausende Juniper-Firewalls immer noch ohne Sicherheitsupdate

Aufgrund eines neuen Exploits sind Attacken auf Juniper-Firewalls jetzt noch einfacher. Sicherheitspatches sind verfügbar.


Bumblebee malware returns in new attacks abusing WebDAV folders

The malware loader Bumblebee has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.


Security baseline for Microsoft Edge version 117

Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode (Added)


Härtung des Dateitransfers: Microsoft sichert das SMB-Protokoll ab

Mit zwei Maßnahmen sichert Microsoft sowohl die SMB Client- als auch die Serverseite besser ab. Wir zeigen, worauf Administratoren achten müssen.


CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks

The US cybersecurity agency CISA says four vulnerabilities found last year in Owl Labs video conferencing devices - flaws that require the attacker to be in close range of the target - have been exploited in attacks.


Fake-Shop-Trends im Herbst und Winter

Warme Jacken, Skianzüge und Regenstiefel haben wieder Saison. Auch die Nachfrage nach Pellets und Holz steigt langsam wieder. Das wissen auch Kriminelle und stellen ihre Fake-Shops auf Herbst- und Winterangebote um. Wir zeigen Ihnen, welche Fake-Shop-Trends es gerade gibt und wie Sie sich vor betrügerischen Angeboten schützen.


Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

Researchers should be aware of threat actors repurposing older proof of concept (PoC) code to quickly craft a fake PoC for a newly released vulnerability. On Aug. 17, 2023, the Zero Day Initiative publicly reported a remote code execution (RCE) vulnerability in WinRAR tracked as CVE-2023-40477. They had disclosed it to the vendor on June 8, 2023. Four days after the public reporting of CVE-2023-40477, an actor using an alias of whalersplonk committed a fake PoC script to their GitHub repository.



Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346)

VxWorks is a real-time operating system used in many embedded devices in high-availability environments with high safety and security requirements. This includes important industrial, medical, airospace, networking and automotive devices. For example, NASAs Curiosity rover currently deployed on planet Mars is using Wind Rivers VxWorks operating system.


SolarWinds Platform 2023.3.1 Release Notes

SolarWinds Platform 2023.3.1 is a service release providing bug and security fixes for release 2023.3. For information about the 2023.3 release, including EOL notices and upgrade information, see SolarWinds Platform 2023.3 Release Notes.


Security updates for Tuesday

Security updates have been issued by Debian (chromium, flac, gnome-shell, libwebp, openjdk-11, and xrdp), Fedora (giflib), Oracle (kernel), Red Hat (busybox, dbus, firefox, frr, kpatch-patch, libwebp, open-vm-tools, and thunderbird), Slackware (netatalk), SUSE (flac, gcc12, kernel, libeconf, libwebp, libxml2, and thunderbird), and Ubuntu (binutils, c-ares, libraw, linux-intel-iotg, nodejs, python-django, and vsftpd).


Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products

Trend Micro on Tuesday released an advisory to warn customers that a critical vulnerability affecting Apex One and other endpoint security products has been exploited in the wild.


Spring Security 5.8.7, 6.0.7, 6.1.4, 6.2.0-M1 Released, including fixes for CVE-2023-34042


Spring for GraphQL 1.0.5, 1.1.6, 1.2.3 released


Zyxel security advisory for command injection vulnerability in EMG2926-Q10A Ethernet CPE


PHOENIX CONTACT: Multiple products affected by WIBU Codemeter Vulnerabilities


Omron CJ/CS/CP Series


Omron Engineering Software


Omron Engineering Software Zip-Slip


Vulnerabilities in Bash affect ProtecTIER (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)


Multiple vulnerabilities in OpenSSL affect ProtecTIER


Multiple vulnerabilities in Samba - including Badlock - affect ProtecTIER


Vulnerability in Linux Kernel affects ProtecTIER: Dirty COW vulnerability (CVE-2016-5195)


Vulnerability in glibc library affects ProtecTIER(CVE-2014-5119)


Vulnerability in OpenSSL affects ProtecTIER (CVE-2016-2108)


IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041)


IBM Storage Protect Operations Center is vulnerable to denial of service due to Websphere Application Server Liberty ( CVE-2023-28867 )


IBM Storage Protect Server is vulnerable to denial of service and other attacks due to Db2


Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI


Vulnerabilities in Linux kernel and Python can affect IBM Spectrum Protect Plus


IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules tough-cookie and semver (CVE-2023-26136, CVE-2022-25883).


A vulnerability in the Administrative command line client affects IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2023-40368)