End-of-Day report
Timeframe: Mittwoch 20-09-2023 18:00 - Donnerstag 21-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Free Download Manager releases script to check for Linux malware
The developers of Free Download Manager (FDM) have published a script to check if a Linux device was infected through a recently reported supply chain attack.
https://www.bleepingcomputer.com/news/security/free-download-manager-releases-script-to-check-for-linux-malware/
P2PInfect botnet activity surges 600x with stealthier malware variants
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023.
https://www.bleepingcomputer.com/news/security/p2pinfect-botnet-activity-surges-600x-with-stealthier-malware-variants/
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune 2000 companies across various sectors to include but not limited to Software, Retail, Hospitality, Manufacturing, and Telecoms.
https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud
Remote Code Execution in Tutanota Desktop due to Code Flaw
In this article, we explained how an innocent-looking mistake in the code could significantly impact the security of an application. We showed how we found a Cross-Site Scripting vulnerability in Tutanota, a popular end-to-end encrypted webmail service, and explained how an attacker could have exploited the flaw to execute arbitrary code on a victims system.
https://www.sonarsource.com/blog/remote-code-execution-in-tutanota-desktop-due-to-code-flaw/
Vulnerabilities
Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected.
https://www.drupal.org/sa-core-2023-006
MOVEit Transfer: Schwachstellen ermöglichen Angreifern Datenschmuggel
Neue MOVEit Transfer-Versionen schließen teils hochriskante Sicherheitslücken. IT-Verantwortliche sollten sie zügig installieren.
https://www.heise.de/-9312162
Sicherheitsupdate: Passwort-Lücke bedroht Nagios XI
Angreifer können die Server-Monitoring-Lösung Nagios XI attackieren. Eine dagegen abgesicherte Version ist verfügbar.
https://www.heise.de/-9312331
Sicherheitsupdate: Authentifizierung von HPE OneView umgehbar
Die IT-Infrastrukturmanagementlösung OneView von HPE ist verwundbar. Der Entwickler hat zwei kritische Sicherheitslücken geschlossen.
https://www.heise.de/-9312816
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerability Researchers that contributed to WordPress Security last week.
https://www.wordfence.com/blog/2023/09/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-11-2023-to-september-17-2023/
Security updates for Wednesday
Security updates have been issued by Debian (frr and libyang), Fedora (golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, golang-gopkg-alecthomas-kingpin-2, libpano13, and open-vm-tools), Oracle (firefox, frr, and thunderbird), Red Hat (dmidecode, kernel, kernel-rt, kpatch-patch, libwebp: critical, linux-firmware, mariadb:10.3, ncurses, postgresql:15, and virt:rhel and virt-devel:rhel), Scientific Linux (firefox, open-vm-tools, and thunderbird), SUSE (binutils, bluez, chromium, curl, gcc7, go1.20, go1.21, grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt, gstreamer-plugins-good, kernel, libcares2, libxml2, mdadm, mutt, and python-brotlipy), and Ubuntu (indent, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oem-6.0, linux-oem-6.1, and memcached).
https://lwn.net/Articles/945073/
Security updates for Thursday
Security updates have been issued by Debian (mutt, netatalk, and python2.7), Fedora (chromium, golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, and golang-gopkg-alecthomas-kingpin-2), Oracle (dmidecode, frr, libwebp, open-vm-tools, and thunderbird), Red Hat (libwebp and open-vm-tools), SUSE (cups, frr, mariadb, openvswitch3, python39, qemu, redis7, rubygem-rails-html-sanitizer, and skopeo), and Ubuntu (bind9, cups, and libppd).
https://lwn.net/Articles/945173/
Synology-SA-23:13 SRM
A vulnerability allow remote attackers to bypass security constraint via a susceptible version of Synology Router Manager (SRM).
https://www.synology.com/en-global/support/security/Synology_SA_23_13
ISC Releases Security Advisories for BIND 9
https://www.cisa.gov/news-events/alerts/2023/09/21/isc-releases-security-advisories-bind-9
Frauscher: Multiple Vulnerabilities in FDS101
https://cert.vde.com/de/advisories/VDE-2023-038/
Rockwell Automation FactoryTalk View Machine Edition
https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-06
Rockwell Automation Connected Components Workbench
https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-05
Rockwell Automation Select Logix Communication Modules
https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-04
Delta Electronics DIAScreen
https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-03
Real Time Automation 460 Series
https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-01
IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/support/pages/node/6963075
IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload (CVE-2023-24998)
https://www.ibm.com/support/pages/node/7031979
Vulnerabilities in CKEditor library affects IBM Engineering Test Management (ETM) (CVE-2021-32809, CVE-2021-37695)
https://www.ibm.com/support/pages/node/7037094
Multiple vulnerabilities in IBM Java SDK affects IBM Storage Scale
https://www.ibm.com/support/pages/node/7037135
IBM Events Operator is affected by a denial of service in OpenSSL (CVE-2023-0215).
https://www.ibm.com/support/pages/node/7037162
A vulnerability in Red Hat Enterprise Linux may affect IBM Robotic Process Automation for Cloud Pak and result in elevated privileges (CVE-2023-3899).
https://www.ibm.com/support/pages/node/7037164
IBM Events Operator is affected by a denial of service in OpenSSL (CVE-2022-4450).
https://www.ibm.com/support/pages/node/7037167
IBM Events Operator is vulnerable to a denial of service in OpenSSL (CVE-2023-0286)
https://www.ibm.com/support/pages/node/7037165
Vulnerability in node.js package may affect IBM Storage Scale GUI (CVE-2022-25883)
https://www.ibm.com/support/pages/node/7037185