Nolldagssårbarhet i Exim

Zero Day Initiative har publicerat information om en nolldagssårbarhet (CVE-2023-42115) i e-postservern Exim med CVSS-klassning 9,8. [1]

Sårbarheten gör det möjligt för en oautentiserad angripare att fjärrköra kod på sårbara system. Bristande validering av data från användaren i SMTP-tjänsten kan uttnyttjas för buffertöverskridning och på så vis köra kod.

Påverkade produkter

Exim (alla versioner)

Rekommendationer

Till dess att en rättning görs tillgänglig rekommenderar CERT-SE att avskilja applikationen från nätverket.

Källor

[1] https://www.zerodayinitiative.com/advisories/ZDI-23-1469/

CERT-SE:s veckobrev v.39

Med anledning av att den europeiska cybersäkerhetsmånaden snart börjar har CERT-SE lanserat årets CTF-utmaning. Mer information om hur du kan delta hittar du på cert.se:

https://www.cert.se/2023/09/cert-se-ctf2023

Nyheter i veckan

Sony investigates cyberattack as hackers fight over who’s responsible (25 sep)
https://www.bleepingcomputer.com/news/security/sony-investigates-cyberattack-as-hackers-fight-over-whos-responsible/

City of Dallas Details Ransomware Attack Impact, Costs (25 sep)
https://www.securityweek.com/city-of-dallas-details-ransomware-attack-impact-costs/

Säkerhetshål hos fackförbund – medlemskap har kunnat kartläggas (26 sep)
https://computersweden.idg.se/2.2683/1.780069/sakerhetshal-hos-fackforbund–medlemskap-har-kunnat-kartlaggas

The Rhysida ransomware group hit the Kuwait Ministry of Finance (26 sep)
https://securityaffairs.com/151501/cyber-crime/rhysida-ransomware-kuwait-ministry-of-finance.html

Ransomware group demands $51 million from Johnson Controls after cyber attack (28 sep)
https://www.bitdefender.com/blog/hotforsecurity/ransomware-group-demands-51-million-from-johnson-controls-after-cyber-attack/

Nätverksfel fick Volkswagens fabriker att stanna (28 sep)
https://computersweden.idg.se/2.2683/1.780086/natverksfel-fick-volkswagens-fabriker-att-stanna

Intrång i Götegorgsregionens IT-system (28 sep)
https://goteborgsregionen.se/nyheterochpress/intrangigrsitsystem.5.2299e1a318a930fd21214d8d.html

Roundup: Medusa ransomware hit Philippine state insurer and more briefs (29 sep)
https://www.healthcareitnews.com/news/asia/roundup-medusa-ransomware-hit-philippine-state-insurer-and-more-briefs

Rapporter och analyser

Threat Analysis: MGM Resorts International ALPHV/Blackcat/Scattered Spider Ransomware Attack (25 sep)
https://blog.morphisec.com/mgm-resorts-alphv-spider-ransomware-attack

Almost 8 million DDoS attacks launched in first half of 2023 (26 sep)
https://betanews.com/2023/09/26/almost-8-million-ddos-attacks-launched-in-first-half-of-2023/

A new spin on the ZeroFont phishing technique (26 sep)
https://isc.sans.edu/diary/A+new+spin+on+the+ZeroFont+phishing+technique/30248/

LockBit 3.0 tops hacking list in August amid drop in ransomware attacks (26 sep)
https://siliconangle.com/2023/09/26/lockbit-3-0-tops-hacking-list-august-amid-decrease-ransomware-attacks/

People’s Republic of China-Linked Cyber Actors Hide in Router Firmware (27 sep)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a

Researchers Release Details of New RCE Exploit Chain for SharePoint (27 sep)
https://www.darkreading.com/vulnerabilities-threats/reseachers-release-details-of-new-rce-exploit-chain-for-sharepoint

Google quietly corrects previously submitted disclosure for critical webp 0-day (27 sep)
https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/

Malicious ad served inside Bing’s AI chatbot (28 sep)
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot

FBI: Dual ransomware attack victims now get hit within 48 hours (28 sep)
https://www.bleepingcomputer.com/news/security/fbi-dual-ransomware-attack-victims-now-get-hit-within-48-hours/

https://www.ic3.gov/Media/News/2023/230928.pdf

Phishing via Dropbox (28 sep)
https://blog.checkpoint.com/harmony-email/phishing-via-dropbox/

Microsoft breach led to theft of 60,000 US State Dept emails (28 sep)
https://www.bleepingcomputer.com/news/security/microsoft-breach-led-to-theft-of-60-000-us-state-dept-emails/

The anatomy of a Facebook account heist (28 sep)
https://www.vox.com/technology/2023/9/28/23892964/facebook-account-hacked-theft-stolen-online-scams-meta

APT34 Deploys Phishing Attack With New Malware (29 sep)
https://www.trendmicro.com/en_us/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html

Informationssäkerhet och blandat

Europeiska cybersäkerhetsmånaden startar 1 oktober
https://cybersecuritymonth.eu/

Teachers encouraged to enter schoolgirls into UK’s flagship cyber security contest (25 sep)
https://www.ncsc.gov.uk/news/teachers-encouraged-to-enter-schoolgirls-into-uks-flagship-cyber-security-contest

What Does Secure by Design Actually Mean? (28 sep)
https://www.tripwire.com/state-of-security/what-does-secure-design-actually-mean

National Security Agency is starting an artificial intelligence security center (28 sep)
https://apnews.com/article/nsa-artificial-intelligence-security-deepfakes-f9b19dd64890884cc2b0700ddf66e666

Vägledning på gång för att minska antalet telefonbedrägerier (29 sep)
https://pts.se/sv/nyheter/telefoni/2023/vagledning-pa-gang-for-att-minska-antalet-telefonbedragerier/

CERT-SE i veckan

Kritiska sårbarheter i Progress WS_FTP

CERT-SE CTF 2023

Kritiska sårbarheter i Cisco-produkter (uppdaterad 2023-09-29)

Information gällande felaktigt utskick från CERT-SE