Tageszusammenfassung - 21.09.2023

End-of-Day report

Timeframe: Mittwoch 20-09-2023 18:00 - Donnerstag 21-09-2023 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a


Free Download Manager releases script to check for Linux malware

The developers of Free Download Manager (FDM) have published a script to check if a Linux device was infected through a recently reported supply chain attack.


P2PInfect botnet activity surges 600x with stealthier malware variants

The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023.


LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune 2000 companies across various sectors to include but not limited to Software, Retail, Hospitality, Manufacturing, and Telecoms.


Remote Code Execution in Tutanota Desktop due to Code Flaw

In this article, we explained how an innocent-looking mistake in the code could significantly impact the security of an application. We showed how we found a Cross-Site Scripting vulnerability in Tutanota, a popular end-to-end encrypted webmail service, and explained how an attacker could have exploited the flaw to execute arbitrary code on a victims system.



Drupal core - Critical - Cache poisoning - SA-CORE-2023-006

This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected.


MOVEit Transfer: Schwachstellen ermöglichen Angreifern Datenschmuggel

Neue MOVEit Transfer-Versionen schließen teils hochriskante Sicherheitslücken. IT-Verantwortliche sollten sie zügig installieren.


Sicherheitsupdate: Passwort-Lücke bedroht Nagios XI

Angreifer können die Server-Monitoring-Lösung Nagios XI attackieren. Eine dagegen abgesicherte Version ist verfügbar.


Sicherheitsupdate: Authentifizierung von HPE OneView umgehbar

Die IT-Infrastrukturmanagementlösung OneView von HPE ist verwundbar. Der Entwickler hat zwei kritische Sicherheitslücken geschlossen.


Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)

Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerability Researchers that contributed to WordPress Security last week.


Security updates for Wednesday

Security updates have been issued by Debian (frr and libyang), Fedora (golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, golang-gopkg-alecthomas-kingpin-2, libpano13, and open-vm-tools), Oracle (firefox, frr, and thunderbird), Red Hat (dmidecode, kernel, kernel-rt, kpatch-patch, libwebp: critical, linux-firmware, mariadb:10.3, ncurses, postgresql:15, and virt:rhel and virt-devel:rhel), Scientific Linux (firefox, open-vm-tools, and thunderbird), SUSE (binutils, bluez, chromium, curl, gcc7, go1.20, go1.21, grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt, gstreamer-plugins-good, kernel, libcares2, libxml2, mdadm, mutt, and python-brotlipy), and Ubuntu (indent, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oem-6.0, linux-oem-6.1, and memcached).


Security updates for Thursday

Security updates have been issued by Debian (mutt, netatalk, and python2.7), Fedora (chromium, golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, and golang-gopkg-alecthomas-kingpin-2), Oracle (dmidecode, frr, libwebp, open-vm-tools, and thunderbird), Red Hat (libwebp and open-vm-tools), SUSE (cups, frr, mariadb, openvswitch3, python39, qemu, redis7, rubygem-rails-html-sanitizer, and skopeo), and Ubuntu (bind9, cups, and libppd).


Synology-SA-23:13 SRM

A vulnerability allow remote attackers to bypass security constraint via a susceptible version of Synology Router Manager (SRM).


ISC Releases Security Advisories for BIND 9


Frauscher: Multiple Vulnerabilities in FDS101


Rockwell Automation FactoryTalk View Machine Edition


Rockwell Automation Connected Components Workbench


Rockwell Automation Select Logix Communication Modules


Delta Electronics DIAScreen


Real Time Automation 460 Series


IBM Security Guardium is affected by multiple vulnerabilities


IBM Virtualization Engine TS7700 is susceptible to a denial of service due to use of Apache Commons FileUpload (CVE-2023-24998)


Vulnerabilities in CKEditor library affects IBM Engineering Test Management (ETM) (CVE-2021-32809, CVE-2021-37695)


Multiple vulnerabilities in IBM Java SDK affects IBM Storage Scale


IBM Events Operator is affected by a denial of service in OpenSSL (CVE-2023-0215).


A vulnerability in Red Hat Enterprise Linux may affect IBM Robotic Process Automation for Cloud Pak and result in elevated privileges (CVE-2023-3899).


IBM Events Operator is affected by a denial of service in OpenSSL (CVE-2022-4450).


IBM Events Operator is vulnerable to a denial of service in OpenSSL (CVE-2023-0286)


Vulnerability in node.js package may affect IBM Storage Scale GUI (CVE-2022-25883)