Tageszusammenfassung - 17.01.2024

End-of-Day report

Timeframe: Dienstag 16-01-2024 18:00 - Mittwoch 17-01-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Jetzt patchen! Vorsicht vor DoS-Angriffen auf Citrix NetScaler ADC und Gateway

Citrix hat Produkte seiner NetScaler-Serie auf den aktuellen Stand gebracht und gegen laufende Attacken gerüstet.

https://www.heise.de/-9599627.html

Tausende Geräte kompromittiert durch Ivanti-Sicherheitslücken

Die Schwachstellen in Ivantis VPN-Software werden massiv angegriffen. IT-Forscher haben tausende kompromittierte Systeme gefunden.

https://www.heise.de/-9599887.html

LKA warnt vor WhatsApp-Betrugsmasche

Eine neue Betrugsmasche setzt auf erneutes Kontaktieren von Opfern vorheriger Betrügereien. Davor warnt das LKA Niedersachsen.

https://www.heise.de/-9600403.html

Apple, AMD, Qualcomm: GPUs mehrerer Hersteller anfällig für Datenklau

Ein Angriff ist wohl einfach ausführbar und benötigt weniger als 10 Zeilen Code. Abgreifen lassen sich zum Beispiel Unterhaltungen mit KI-Chatbots.

https://www.golem.de/news/apple-amd-qualcomm-gpus-mehrerer-hersteller-anfaellig-fuer-datenklau-2401-181263.html

GitHub rotates keys to mitigate impact of credential-exposing flaw

GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables.

https://www.bleepingcomputer.com/news/security/github-rotates-keys-to-mitigate-impact-of-credential-exposing-flaw/

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code.

https://thehackernews.com/2024/01/pax-pos-terminal-flaw-could-allow.html

Whats worse than paying an extortion bot that auto-pwned your database?

Paying one that lied to you and only saved the first 20 rows of each table

https://go.theregister.com/feed/www.theregister.com/2024/01/17/extortion_bot_is_autopwning_postgresql/

Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin

On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript that will be executed whenever a user accesses an injected page.

https://www.wordfence.com/blog/2024/01/website-takeover-campaign-takes-advantage-of-unauthenticated-cross-site-scripting-vulnerability-in-popup-builder-plugin/

Vorsicht vor versteckten Kosten auf prosperi.academy!

Investieren für alle zugänglich zu machen. So lautet die Mission der Prosperi Academy, die derzeit auf Facebook und Instagram kräftig die Werbetrommel rührt. Mit Hilfe der Prosperi Plattform sollen Interessierte die wichtigsten Begriffe und Regeln rund ums Investieren lernen und zusätzliche Einnahmequellen entdecken. Doch wer sich entscheidet, Prosperi zu testen, muss mit versteckten Kosten rechnen.

https://www.watchlist-internet.at/news/vorsicht-vor-versteckten-kosten-auf-prosperiacademy/

Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887

Ivanti VPNs can be exploited by CVE-2023-46805 (High severity) and CVE-2024-21887 (Critical severity), chained together to run commands without authentication.

https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2023-46805-cve-2024-21887/

The 7 deadly cloud security sins and how SMBs can do things better

By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk

https://www.welivesecurity.com/en/business-security/7-deadly-cloud-security-sins-smb/

Countdown für die NIS2-Richtline läuft-

Zahlreiche Unternehmen müssen die NIS2-Richtlinie umsetzen. EU-Direktive schreibt strenge Maßnahmen zur Gewährleistung der Cybersicherheit vor.

https://www.zdnet.de/88413795/countdown-fuer-die-nis2-richtline-laeuft%e2%80%8b/

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. - CVE-2023-6549 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability - CVE-2023-6548 Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability - CVE-2024-0519 Google Chromium V8 Out-of-Bounds Memory Access Vulnerability

https://www.cisa.gov/news-events/alerts/2024/01/17/cisa-adds-three-known-exploited-vulnerabilities-catalog

Static Code Analysis: Why Your Company-s Reputation Depends On It

Static application security testing (SAST) solutions provide organizations with peace of mind that their applications are secure. But SAST platforms differ from each other. A SAST tool that meets developers where they are can make AppSec team-s lives much easier, and significantly enhance the organization-s ability to defend itself from code vulnerabilities in the SDLC. This comprehensive guide covers all aspects of Static Application Security Testing, on your journey to choosing a SAST tool and vendor.

https://checkmarx.com/appsec-knowledge-hub/sast/static-code-analysis-why-your-company-reputation-depends-on-it/

Vulnerabilities

MOVEit Transfer Service Pack (January 2024)

This article contains the details of the specific updates within the MOVEit Transfer January 2024 Service Pack. The Service Pack contains fixes for (1) newly disclosed CVE described below. Progress Software highly recommends you apply this Service Pack for product updates and security improvements. For Service Pack content, please review the Service Pack Release Notes and this knowledgebase article carefully.

https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024

MOVEit Automation Service Pack (January 2024)

As of January 17, 2024, the MOVEit Automation Service Pack is available for download from the Progress Download Center at https://community.progress.com/s/products-list using your Progress ID credentials. Progress Software highly recommends you apply this Service Pack for product updates and security improvements. For Service Pack content, please review the Service Pack Release Notes and this knowledgebase article carefully.

https://community.progress.com/s/article/MOVEit-Automation-Service-Pack-January-2024

Google Chrome: Sicherheitslücke wird in freier Wildbahn ausgenutzt

Google aktualisiert den Webbrowser Chrome. Das Update schließt hochriskante Sicherheitslücken. Eine davon wird bereits missbraucht.

https://www.heise.de/-9599575.html

Critical Patch Update: Oracle veröffentlicht 389 Sicherheitsupdates

Oracle hat in seinem Quartalsupdate unter anderem Banking Enterprise, MySQL und Solaris gegen mögliche Angriffe abgesichert.

https://www.heise.de/-9600083.html

Security updates for Wednesday

Security updates have been issued by Fedora (zabbix), Gentoo (OpenJDK), Red Hat (kernel), Slackware (gnutls and xorg), SUSE (cloud-init, kernel, xorg-x11-server, and xwayland), and Ubuntu (freeimage, postgresql-10, and xorg-server, xwayland).

https://lwn.net/Articles/958497/

2024-01-10: Cyber Security Advisory - AC500 V3 Multiple DoS vulnerabilities

https://search.abb.com/library/Download.aspx?DocumentID=3ADR011264&LanguageCode=en&DocumentPartId=&Action=Launch

IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/

K000138178 : Apache Tomcat vulnerability CVE-2023-42795

https://my.f5.com/manage/s/article/K000138178

K000138242 : OpenSSL vulnerability CVE-2023-5678

https://my.f5.com/manage/s/article/K000138242