End-of-Day report
Timeframe: Montag 18-09-2023 18:00 - Dienstag 19-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Jetzt patchen! Tausende Juniper-Firewalls immer noch ohne Sicherheitsupdate
Aufgrund eines neuen Exploits sind Attacken auf Juniper-Firewalls jetzt noch einfacher. Sicherheitspatches sind verfügbar.
https://www.heise.de/news/Jetzt-patchen-Tausende-Juniper-Firewalls-immer-noch-ohne-Sicherheitsupdate-9309664.html
Bumblebee malware returns in new attacks abusing WebDAV folders
The malware loader Bumblebee has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.
https://www.bleepingcomputer.com/news/security/bumblebee-malware-returns-in-new-attacks-abusing-webdav-folders/
Security baseline for Microsoft Edge version 117
Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode (Added)
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-117/ba-p/3930862
Härtung des Dateitransfers: Microsoft sichert das SMB-Protokoll ab
Mit zwei Maßnahmen sichert Microsoft sowohl die SMB Client- als auch die Serverseite besser ab. Wir zeigen, worauf Administratoren achten müssen.
https://www.heise.de/news/Haertung-des-Dateitransfers-Microsoft-sichert-das-SMB-Protokoll-ab-9309870.html
CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks
The US cybersecurity agency CISA says four vulnerabilities found last year in Owl Labs video conferencing devices - flaws that require the attacker to be in close range of the target - have been exploited in attacks.
https://www.securityweek.com/cisa-says-owl-labs-vulnerabilities-requiring-close-physical-range-exploited-in-attacks/
Fake-Shop-Trends im Herbst und Winter
Warme Jacken, Skianzüge und Regenstiefel haben wieder Saison. Auch die Nachfrage nach Pellets und Holz steigt langsam wieder. Das wissen auch Kriminelle und stellen ihre Fake-Shops auf Herbst- und Winterangebote um. Wir zeigen Ihnen, welche Fake-Shop-Trends es gerade gibt und wie Sie sich vor betrügerischen Angeboten schützen.
https://www.watchlist-internet.at/news/fake-shop-trends-im-herbst-und-winter/
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
Researchers should be aware of threat actors repurposing older proof of concept (PoC) code to quickly craft a fake PoC for a newly released vulnerability. On Aug. 17, 2023, the Zero Day Initiative publicly reported a remote code execution (RCE) vulnerability in WinRAR tracked as CVE-2023-40477. They had disclosed it to the vendor on June 8, 2023. Four days after the public reporting of CVE-2023-40477, an actor using an alias of whalersplonk committed a fake PoC script to their GitHub repository.
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
Vulnerabilities
Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346)
VxWorks is a real-time operating system used in many embedded devices in high-availability environments with high safety and security requirements. This includes important industrial, medical, airospace, networking and automotive devices. For example, NASAs Curiosity rover currently deployed on planet Mars is using Wind Rivers VxWorks operating system.
https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/
SolarWinds Platform 2023.3.1 Release Notes
SolarWinds Platform 2023.3.1 is a service release providing bug and security fixes for release 2023.3. For information about the 2023.3 release, including EOL notices and upgrade information, see SolarWinds Platform 2023.3 Release Notes.
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm
Security updates for Tuesday
Security updates have been issued by Debian (chromium, flac, gnome-shell, libwebp, openjdk-11, and xrdp), Fedora (giflib), Oracle (kernel), Red Hat (busybox, dbus, firefox, frr, kpatch-patch, libwebp, open-vm-tools, and thunderbird), Slackware (netatalk), SUSE (flac, gcc12, kernel, libeconf, libwebp, libxml2, and thunderbird), and Ubuntu (binutils, c-ares, libraw, linux-intel-iotg, nodejs, python-django, and vsftpd).
https://lwn.net/Articles/944848/
Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products
Trend Micro on Tuesday released an advisory to warn customers that a critical vulnerability affecting Apex One and other endpoint security products has been exploited in the wild.
https://www.securityweek.com/trend-micro-patches-exploited-zero-day-vulnerability-in-endpoint-security-products/
Spring Security 5.8.7, 6.0.7, 6.1.4, 6.2.0-M1 Released, including fixes for CVE-2023-34042
https://spring.io/blog/2023/09/18/spring-security-5-8-7-6-0-7-6-1-4-6-2-0-m1-released-including-fixes-for-cve
Spring for GraphQL 1.0.5, 1.1.6, 1.2.3 released
https://spring.io/blog/2023/09/19/spring-for-graphql-1-0-5-1-1-6-1-2-3-released
Zyxel security advisory for command injection vulnerability in EMG2926-Q10A Ethernet CPE
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe
PHOENIX CONTACT: Multiple products affected by WIBU Codemeter Vulnerabilities
https://cert.vde.com/de/advisories/VDE-2023-030/
Omron CJ/CS/CP Series
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05
Omron Engineering Software
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04
Omron Engineering Software Zip-Slip
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-03
Vulnerabilities in Bash affect ProtecTIER (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
https://www.ibm.com/support/pages/node/690049
Multiple vulnerabilities in OpenSSL affect ProtecTIER
https://www.ibm.com/support/pages/node/691201
Multiple vulnerabilities in Samba - including Badlock - affect ProtecTIER
https://www.ibm.com/support/pages/node/691257
Vulnerability in Linux Kernel affects ProtecTIER: Dirty COW vulnerability (CVE-2016-5195)
https://www.ibm.com/support/pages/node/696401
Vulnerability in glibc library affects ProtecTIER(CVE-2014-5119)
https://www.ibm.com/support/pages/node/690187
Vulnerability in OpenSSL affects ProtecTIER (CVE-2016-2108)
https://www.ibm.com/support/pages/node/695443
IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041)
https://www.ibm.com/support/pages/node/7000021
IBM Storage Protect Operations Center is vulnerable to denial of service due to Websphere Application Server Liberty ( CVE-2023-28867 )
https://www.ibm.com/support/pages/node/7034039
IBM Storage Protect Server is vulnerable to denial of service and other attacks due to Db2
https://www.ibm.com/support/pages/node/7034037
Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI
https://www.ibm.com/support/pages/node/7034198
Vulnerabilities in Linux kernel and Python can affect IBM Spectrum Protect Plus
https://www.ibm.com/support/pages/node/7034265
IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules tough-cookie and semver (CVE-2023-26136, CVE-2022-25883).
https://www.ibm.com/support/pages/node/7031733
A vulnerability in the Administrative command line client affects IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2023-40368)
https://www.ibm.com/support/pages/node/7034288