End-of-Day report
Timeframe: Dienstag 19-09-2023 18:00 - Mittwoch 20-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Gitlab warnt vor kritischer Sicherheitslücke
Eine kritische Sicherheitslücke bedroht die Enterprise-Anwender des Repository-Diensts Gitlab. Kunden sollten unverzüglich ein Update einspielen.
https://www.heise.de/-9311249.html
Atlassian stopft Sicherheitslecks in Bitbucket, Confluence und Jira
Atlassian warnt vor Sicherheitslücken in Bitbucket, Confluence und Jira. Aktualisierte Fassungen dichten sie ab.
https://www.heise.de/-9311520.html
Trend Micro: Update schließt ausgenutzte, kritische Schwachstelle CVE-2023-41179
Kurzer Hinweis für Nutzer und Administratoren von Trend Micro die Sicherheitsprodukte Apex One und Worry-Free Business Security unter Windows einsetzen. In den Produkten gibt es eine kritische Sicherheitslücke (CVE-2023-41179), die bereits in freier Wildbahn ausgenutzt wird. Der Hersteller bietet aber [...]
https://www.borncity.com/blog/2023/09/20/trend-micro-notfall-update-schliet-ausgenutzte-kritische-schwachstelle-cve-2023-41179/
Analyzing a Modern In-the-wild Android Exploit
In December 2022, Google-s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG-s blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the [...]
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far: [...]
https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html
The mystery of the CVEs that are not vulnerabilities
Researchers have raised the alarm about a large set of CVE for older bugs that never were vulnerabilities.
https://www.malwarebytes.com/blog/news/2023/09/the-mystery-of-the-cves-that-are-not-vulnerabilities
Shodan Verified Vulns 2023-09-01
Mit Stand 2023-09-01 sieht Shodan in Österreich die folgenden Schwachstellen: [...] In diesem Monat folgen die Schwachstellen in den unteren zwei Dritteln wieder dem Abwärtstrend und nähern sich der Nullmarke oder haben diese bereits erreicht. Im oberen Drittel ist im Gegensatz zu den Vormonaten ein leichter Anstieg bei FREAK (CVE-2015-0204) (+131) und Logjam (CVE-2015-4000) (+63) zu verzeichnen.
https://cert.at/de/aktuelles/2023/9/shodan-verified-vulns-2023-09-01
#StopRansomware: Snatch Ransomware
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more [...]
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a
Attacker Unleashes Stealthy Crypto Mining via Malicious Python Package
Recently, our team came across a Python package named -culturestreak-. A closer look reveals a darker purpose: unauthorized cryptocurrency mining. Let-s break down how -culturestreak- operates, its potential impact, and the broader implications for user security and ethical [...]
https://checkmarx.com/blog/attacker-unleashes-stealthy-crypto-mining-via-malicious-python-package/
Protect CNC Machines in Networked IT/OT Environments
Networking IT/OT environments is a bit like walking a tightrope, balancing the pursuit of intelligence and efficiency against the risks of exposing OT systems to the wider world. Trend Micro recently teamed up with global machine tool company Celada to identify specific risks associated with industrial CNC machines-and how to mitigate them.
https://www.trendmicro.com/en_us/ciso/23/i/cnc-machine-security.html
Vulnerabilities
Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, [...]
https://thehackernews.com/2023/09/critical-security-flaws-exposed-in.html
Xen Security Advisory CVE-2023-34322 / XSA-438
top-level shadow reference dropped too early for 64-bit PV guests | Impact: Privilege escalation, Denial of Service (DoS) affecting the entire host, and information leaks all cannot be ruled out.
https://xenbits.xen.org/xsa/advisory-438.html
IBM Security Guardium is affected by several vulnerabilities
https://www.ibm.com/support/pages/node/7007815
IBM Security Guardium is affected by an SQL Injection vulnerability (CVE-2023-33852)
https://www.ibm.com/support/pages/node/7028514
IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)
https://www.ibm.com/support/pages/node/6981101
IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-30435, CVE-2023-30436, CVE-2023-30437)
https://www.ibm.com/support/pages/node/7028506
IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/support/pages/node/7028511
IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2022-43904)
https://www.ibm.com/support/pages/node/7028509
IBM Security Guardium is affected by an Hazardous Input Validation vulnerability (CVE-2022-43903)
https://www.ibm.com/support/pages/node/7030110
IBM Storage Protect is vulnerable to a remote attack due to Java ( CVE-2023-21967 )
https://www.ibm.com/support/pages/node/7034474
IBM Storage Protect is vulnerable to deserialization issues due to Java ( CVE-2022-40609 )
https://www.ibm.com/support/pages/node/7034467
Vulnerability in moment-timezone affects IBM VM Recovery Manager DR GUI
https://www.ibm.com/support/pages/node/7035336
IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to IBM MQ (CVE-2023-28513).
https://www.ibm.com/support/pages/node/7035334
The IBM Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476)
https://www.ibm.com/support/pages/node/7035367
A vulnerability in python-request affects IBM Robotic Process Automation for Cloud Pak and may result in an attacker obtaining sensitive information (CVE-2023-32681)
https://www.ibm.com/support/pages/node/7034002
A vulnerability in gRPC may affect IBM Robotic Process Automation and result in an attacker obtaining sensitive information. (CVE-2023-32731)
https://www.ibm.com/support/pages/node/7034007
A vulnerability in Apache Johnzon may affect IBM Robotic Process Automation and result in a denial of service (CVE-2023-33008)
https://www.ibm.com/support/pages/node/7034006
A vulnerability in Microsoft ASP.NET Core may affect IBM Robotic Process Automation and result in an exposure of sensitive information (CVE-2023-35391).
https://www.ibm.com/support/pages/node/7034005
IBM Security Guardium is affected by a Command injection in CLI vulnerability [CVE-2023-35893]
https://www.ibm.com/support/pages/node/7027853