Tageszusammenfassung - 05.06.2023

End-of-Day report

Timeframe: Freitag 02-06-2023 18:00 - Montag 05-06-2023 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter


KeePass v2.54 fixes bug that leaked cleartext master password

KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the applications memory.


Satacom delivers browser extension that steals cryptocurrency

A recent campaign by Satacom downloader is delivering a cryptocurrency-stealing extension for Chromium-based browsers, such as Chrome, Brave and Opera.


Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack

Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign thats designed to steal personally identifiable information (PII) and credit card data from e-commerce websites. A noteworthy aspect that sets it apart from other Magecart campaigns is that the hijacked sites further serve as "makeshift" command-and-control (C2) servers, using the cover to facilitate the distribution of malicious code without the knowledge of the victim sites.


Storing Passwords - A Journey of Common Pitfalls

[..] we recently discovered a vulnerability in the web interface of STARFACE PBX allowing login using the password hash rather than the cleartext password (see advisory). We want to use this as an opportunity to discuss how we analyse such login mechanisms and talk about the misconceptions in security concepts that result in such pitfalls along the way.


Big-Data-Unternehmen Splunk schließt teils kritische Sicherheitslücken

Der Big-Data-Spezialist Splunk korrigiert in der gleichnamigen Software zahlreiche Sicherheitslücken, die teils als kritisches Risiko eingestuft werden.


Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.


Kriminelle missbrauchen Spenden-Funktion von PayPal

Aktuell beobachten wir, dass Fake-Shops PayPal-Zahlungen mit der Funktion -Geld spenden- abwickeln. Brechen Sie die Zahlung sofort ab, wenn die PayPal-Zahlung nicht wie gewohnt abläuft, sondern als Spende bezeichnet wird! Wenn Sie mit der Funktion -Geld spenden- bezahlen, entfällt der Käuferschutz und eine Rückerstattung ist nicht möglich. Schauen Sie genau, wie Ihre PayPal-Zahlung erfolgt!


Vice Society mit eigener Ransomware unterwegs

Ransomware-Gruppe führt immer wieder gezielte Angriffe auf Bildungseinrichtungen und Krankenhäuser durch.


Trojaner Pikabot treibt sein Unwesen

Neue Malware-Familie setzt Anti-Analyse-Techniken ein und bietet Backdoor-Funktionen zum Laden von Shellcode und Ausführen zweistufiger Binärdateien.



Security updates for Monday

Security updates have been issued by Debian (chromium, cpio, mariadb-10.3, nbconvert, sofia-sip, and wireshark), Fedora (ImageMagick, mingw-python-requests, openssl, python3.6, texlive-base, and webkitgtk), Red Hat (apr-util, git, gnutls, kernel, kernel-rt, and kpatch-patch), Slackware (cups and ntp), and Ubuntu (linux-azure-fde, linux-azure-fde-5.15 and perl).


IBM Aspera Connect and IBM Aspera Cargo has addressed multiple vulnerabilities (CVE-2023-22862, CVE-2023-27285)


Vulnerability in libexpat (CVE-2022-43680) affects Power HMC


Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023


Multiple vulnerabilities may affect IBM® Semeru Runtime


There is a vulnerability in Apache SOAP used by IBM Maximo Asset Management (CVE-2022-40705)


There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management (CVE-2022-28367, CVE-2022-29577)


There is a vulnerability in Prism used by IBM Maximo Asset Management (CVE-2022-23647)


IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041)


Multiple vulnerabilities in IBM® Java SDK and WebSphere Application Server Liberty profile affect IBM Business Automation Workflow containers


A vulnerability has been identified in IBM HTTP Server shipped with IBM Businses Automation Workflow (CVE-2023-32342)


Cross-Site scripting vulnerability affect IBM Business Automation Workflow - CVE-2023-32339


Vulnerability in spring-expressions may affect IBM Business Automation Workflow - CVE-2023-20863


Multiple vulnerabilities in IBM Java XML affect IBM Tivoli System Automation for Multiplatforms deferred from Oracle Apr 2022 CPU (CVE-2022-21426)


Multiple vulnerabilities in VMware Tanzu Spring Framework affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow


There is a vulnerability in jQuery UI used by IBM Maximo Asset Management (CVE-2022-31160)


There are several vulnerabilities with TinyMCE used by IBM Maximo Asset Management


IBM Maximo Asset Management is vulnerable to stored cross-site scripting (CVE-2022-35645)