End-of-Day report
Timeframe: Freitag 29-12-2023 18:00 - Dienstag 02-01-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information.
https://thehackernews.com/2023/12/cert-ua-uncovers-new-malware-wave.html
Neue Lücke in altem E-Mail-Protokoll: SMTP smuggling
Sicherheitsforscher haben eine Schwäche im Simple Mail Transfer Protocol (SMTP) entdeckt. Sie hebt das Fälschen des Absenders auf ein neues Niveau.
https://www.heise.de/-9584467
Ransomware: Fehler in Black-Basta-Programmierung ermöglicht Entschlüsselungstool
Unter bestimmten Bedingungen kann das kostenlose Entschlüsselungstool Black Basta Buster Opfern des Erpressungstrojaners Black Basta helfen.
https://www.heise.de/-9584846
New DLL Search Order Hijacking Technique Targets WinSxS Folder
Attackers can abuse a new DLL search order hijacking technique to execute code in applications within the WinSxS folder.
https://www.securityweek.com/new-dll-search-order-hijacking-technique-targets-winsxs-folder/
Domain (in)security: the state of DMARC
This blog discusses the state of DMARC, the role that DMARC plays in email authentication, and why it should be a key component of your email security solution.
https://www.bitsight.com/blog/domain-insecurity-state-dmarc
Vulnerabilities
Technical Advisory - Multiple Vulnerabilities in PandoraFMS Enterprise
In this post I describe the 18 vulnerabilities that I discovered in PandoraFMS Enterprise v7.0NG.767 available at https://pandorafms.com. PandoraFMS is an enterprise scale network monitoring and management application which provides systems administrators with a central -hub- to monitor and manipulate the state of computers (agents) deployed across the network.
https://research.nccgroup.com/2024/01/02/technical-advisory-multiple-vulnerabilities-in-pandorafms-enterprise/
Security updates for Monday
Security updates have been issued by Debian (ansible, asterisk, cjson, firefox-esr, kernel, libde265, libreoffice, libspreadsheet-parseexcel-perl, php-guzzlehttp-psr7, thunderbird, tinyxml, and xerces-c), Fedora (podman-tui, proftpd, python-asyncssh, squid, and xerces-c), Mageia (libssh and proftpd), and SUSE (deepin-compressor, gnutls, gstreamer, libreoffice, opera, proftpd, and python-pip).
https://lwn.net/Articles/956521/
Security updates for Tuesday
Security updates have been issued by Gentoo (Joblib), Red Hat (firefox and thunderbird), SUSE (gstreamer-plugins-bad, libssh2_org, and webkit2gtk3), and Ubuntu (firefox and thunderbird).
https://lwn.net/Articles/956568/
Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.
https://www.ibm.com/support/pages/node/7103673
Multiple vulnerabilities affect IBM Storage Scale Hadoop Connector
https://www.ibm.com/support/pages/node/7104389
IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857
https://www.ibm.com/support/pages/node/7104391
IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487
https://www.ibm.com/support/pages/node/7104390
Vulnerabilities in Apache Ant affect IBM Operations Analytics - Log Analysis (CVE-2020-11023, CVE-2020-23064, CVE-2020-11022)
https://www.ibm.com/support/pages/node/7104401
Multiple vulnerabilities in Golang Go affect Cloud Pak System
https://www.ibm.com/support/pages/node/7037900