Tageszusammenfassung - 02.01.2024

End-of-Day report

Timeframe: Freitag 29-12-2023 18:00 - Dienstag 02-01-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer

News

CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information.

https://thehackernews.com/2023/12/cert-ua-uncovers-new-malware-wave.html


Neue Lücke in altem E-Mail-Protokoll: SMTP smuggling

Sicherheitsforscher haben eine Schwäche im Simple Mail Transfer Protocol (SMTP) entdeckt. Sie hebt das Fälschen des Absenders auf ein neues Niveau.

https://www.heise.de/-9584467


Ransomware: Fehler in Black-Basta-Programmierung ermöglicht Entschlüsselungstool

Unter bestimmten Bedingungen kann das kostenlose Entschlüsselungstool Black Basta Buster Opfern des Erpressungstrojaners Black Basta helfen.

https://www.heise.de/-9584846


New DLL Search Order Hijacking Technique Targets WinSxS Folder

Attackers can abuse a new DLL search order hijacking technique to execute code in applications within the WinSxS folder.

https://www.securityweek.com/new-dll-search-order-hijacking-technique-targets-winsxs-folder/


Domain (in)security: the state of DMARC

This blog discusses the state of DMARC, the role that DMARC plays in email authentication, and why it should be a key component of your email security solution.

https://www.bitsight.com/blog/domain-insecurity-state-dmarc

Vulnerabilities

Technical Advisory - Multiple Vulnerabilities in PandoraFMS Enterprise

In this post I describe the 18 vulnerabilities that I discovered in PandoraFMS Enterprise v7.0NG.767 available at https://pandorafms.com. PandoraFMS is an enterprise scale network monitoring and management application which provides systems administrators with a central -hub- to monitor and manipulate the state of computers (agents) deployed across the network.

https://research.nccgroup.com/2024/01/02/technical-advisory-multiple-vulnerabilities-in-pandorafms-enterprise/


Security updates for Monday

Security updates have been issued by Debian (ansible, asterisk, cjson, firefox-esr, kernel, libde265, libreoffice, libspreadsheet-parseexcel-perl, php-guzzlehttp-psr7, thunderbird, tinyxml, and xerces-c), Fedora (podman-tui, proftpd, python-asyncssh, squid, and xerces-c), Mageia (libssh and proftpd), and SUSE (deepin-compressor, gnutls, gstreamer, libreoffice, opera, proftpd, and python-pip).

https://lwn.net/Articles/956521/


Security updates for Tuesday

Security updates have been issued by Gentoo (Joblib), Red Hat (firefox and thunderbird), SUSE (gstreamer-plugins-bad, libssh2_org, and webkit2gtk3), and Ubuntu (firefox and thunderbird).

https://lwn.net/Articles/956568/


Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.

https://www.ibm.com/support/pages/node/7103673


Multiple vulnerabilities affect IBM Storage Scale Hadoop Connector

https://www.ibm.com/support/pages/node/7104389


IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857

https://www.ibm.com/support/pages/node/7104391


IBM Maximo Application Suite uses WebSphere Liberty which is vulnerable to CVE-2023-46158, CVE-2023-44483 and CVE-2023-44487

https://www.ibm.com/support/pages/node/7104390


Vulnerabilities in Apache Ant affect IBM Operations Analytics - Log Analysis (CVE-2020-11023, CVE-2020-23064, CVE-2020-11022)

https://www.ibm.com/support/pages/node/7104401


Multiple vulnerabilities in Golang Go affect Cloud Pak System

https://www.ibm.com/support/pages/node/7037900