End-of-Day report
Timeframe: Montag 25-09-2023 18:00 - Dienstag 26-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
A new spin on the ZeroFont phishing technique, (Tue, Sep 26th)
Last week, I came across an interesting phishing e-mail, in which a text written in a font with zero-pixel size was used in quite a novel way.
https://isc.sans.edu/diary/rss/30248
Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR
A remote code execution when the user attempts to view a benign file within a ZIP archive. The issue occurs because a) ZIP archive may include a benign file such as an ordinary .JPG file and also a folder that has the same name as the benign file, and the contents of the folder which may include executable content are processed during an attempt to access only the benign file.
https://blog.securelayer7.net/analysis-of-cve-2023-38831-zero-day-vulnerability-in-winrar/
Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted
>From what was observed in previous cases, we were able to clearly identify a distribution campaign, using phishing webpages to trick victims into installing malicious APKs, which feature a larger list of targets compared to its previous versions.
https://www.threatfabric.com/blogs/xenomorph
PGP-verschlüsselte E-Mails mit macOS 14: GPGTools warnt vor schnellem Upgrade
macOS 14 sägt Mail-Plug-ins ab, bewährte Tools wie GPG funktionieren deshalb nicht mehr. GPGTools stellt aber eine neue Extension für Apple Mail in Aussicht.
https://www.heise.de/-9318030
Vorsicht, wenn PCM Marketing anruft
Unternehmen werden im Moment häufig von der Marketing-Agentur -PCM Marketing- angerufen und an eine Kündigung eines Abos erinnert. Bei Nichtkündigung kommt es angeblich zu hohen Kosten. Nach dem Telefonat erhalten Sie ein E-Mail mit einer ausgefüllten Vorlage, die Sie unterschreiben und zurückschicken sollen. Achtung: Unterschreiben Sie nicht, Sie werden in ein teures Abo gelockt!
https://www.watchlist-internet.at/news/vorsicht-wenn-pcm-marketing-anruft/
Fortifying your wireless network: A comprehensive guide to defend against wireless attacks
In this in-depth blog, we will delve into the technical intricacies of safeguarding your network against wireless threats. Armed with this knowledge, you can confidently defend your wireless infrastructure against potential attackers.
https://cybersecurity.att.com/blogs/security-essentials/fortifying-your-wireless-network-a-comprehensive-guide-to-defend-against-wireless-attacks
Vulnerabilities
Xen Security Advisory CVE-2023-20588 / XSA-439
Version 1 accidentally linked to the wrong AMD bulletin. This has been corrected in v2. All other information in v1 is believed to be correct. | Impact: An attacker might be able to infer data from a different execution context on the same CPU core.
https://xenbits.xen.org/xsa/advisory-439.html
Security updates for Tuesday
Security updates have been issued by Debian (exempi, glib2.0, lldpd, and netatalk), Fedora (curl, libppd, and linux-firmware), Oracle (kernel), and SUSE (Cadence, frr, modsecurity, python-CairoSVG, python-GitPython, and tcpreplay).
https://lwn.net/Articles/945559/
Firefox 118 und 115.3 ESR freigegeben
Zum 26. September 2023 haben die Mozilla-Entwickler den neuen Firefox 118 sowie das Wartungsupdate des Firefox 115.3 ESR veröffentlicht. Mit den Updates wurden einige Schwachstellen geschlossen.
https://www.borncity.com/blog/2023/09/26/firefox-118-115-3-freigegeben/
Suprema BioStar 2
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-01
Advantech EKI-1524-CE series
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-04
Hitachi Energy Asset Suite 9
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-02
Baker Hughes Bently Nevada 3500
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05
Mitsubishi Electric FA Engineering Software
https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-03
IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-29400, CVE-2023-24540, CVE-2023-24539, X-Force 250518)
https://www.ibm.com/support/pages/node/7038772
Vulnerability with kernel , OpenJDK jna-platform affect IBM Cloud Object Storage Systems (Sept2023)
https://www.ibm.com/support/pages/node/7038968
Vulnerability with bcprov-jdk affect IBM Cloud Object Storage Systems (Sept2023)
https://www.ibm.com/support/pages/node/7038966
Vulnerability with Python affect IBM Cloud Object Storage Systems (Sept2023v2)
https://www.ibm.com/support/pages/node/7038969
IBM InfoSphere Information Server is vulnerable to OS command injection (CVE-2022-35717)
https://www.ibm.com/support/pages/node/7038982
IBM Sterling Global Mailbox is vulnerable to privilege escalation attack due to Apache Cassandra
https://www.ibm.com/support/pages/node/7039222
Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor
https://www.ibm.com/support/pages/node/7039262
Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
https://www.ibm.com/support/pages/node/7039367