[CERT-daily] Tageszusammenfassung - 15.04.2022

Fri Apr 15 18:53:25 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-04-2022 18:00 − Freitag 15-04-2022 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Sicherheit: Best Practice, zum Updaten von Windows Domain Controllern ∗∗∗
---------------------------------------------
In Unternehmensumgebungen werden oft Windows Server eingesetzt, die als Domain Controller (DC) fungieren. Domänencontroller sind für viele Unternehmen nach wie vor (trotz Trend zur Azure-Coud, so Microsoft) ein zentraler Bestandteil der Infrastruktur. Und die in der Active Directory gespeicherten Identitäten [...]
---------------------------------------------
https://www.borncity.com/blog/2022/04/15/sicherheit-best-practice-zum-updaten-von-windows-domain-controllern/


∗∗∗ Vorsicht vor ungerechtfertigten Kreditkartenabbuchungen von medianess.co ∗∗∗
---------------------------------------------
Ein QR-Code wird gescannt, ein Programm heruntergeladen oder eine App am Handy installiert. Konsument:innen berichten von ganz alltäglichen Situationen, in denen sie plötzlich auf der Seite medianess.co landen und aufgefordert werden ihre Kreditkartendaten einzugeben. Einige Tage später stellen sie verwundert fest, dass sie ein ungewolltes Abo abgeschlossen haben. Wir erklären Ihnen, wie Sie die ungerechtfertigten Abbuchungen beenden können und Ihr Geld zurückerhalten.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-ungerechtfertigten-kreditkartenabbuchungen-von-medianessco/


∗∗∗ CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers ∗∗∗
---------------------------------------------
This blog post is my analysis of a vulnerability exploited in the wild and patched in early 2021. Like the writeup published last week looking at an ASN.1 parser bug, this blog post is based on the notes I took as I was analyzing the patch and trying to understand the XNU vouchers subsystem. I hope that this writeup serves as the missing documentation for how some of the internals of the voucher subsystem works and its quirks which lead to this vulnerability.
---------------------------------------------
https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html


∗∗∗ Gaining Visibility Within Container Clusters ∗∗∗
---------------------------------------------
Service mesh platforms can be used to provide insight into the container processes and their network operations within K8s clusters.
---------------------------------------------
https://unit42.paloaltonetworks.com/visibility-k8s-clusters/


∗∗∗ CISA Adds Nine Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CISA has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/04/15/cisa-adds-nine-known-exploited-vulnerabilities-catalog


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022 ∗∗∗
---------------------------------------------
On March 29, 2022, the following critical vulnerability in the Spring Cloud Function Framework affecting releases 3.1.6, 3.2.2, and older unsupported releases was disclosed: CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression For a description of this vulnerability, see VMware Spring Framework Security Vulnerability Report.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (fribidi and python-django), Fedora (postgresql-jdbc, stargz-snapshotter, and thunderbird), Slackware (git, gzip, and xz), and SUSE (kernel, SDL2, and tomcat).
---------------------------------------------
https://lwn.net/Articles/891453/


∗∗∗ Johnson Controls Metasys ∗∗∗
---------------------------------------------
This advisory contains mitigations for an Incomplete Cleanup vulnerability in the Johnson Controls Metasys ADS/ADX/OAS servers for building management systems.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-02


∗∗∗ Red Lion DA50N ∗∗∗
---------------------------------------------
This advisory contains mitigation for Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, and Insufficiently Protected Credentials vulnerabilities in the Red Lion DA50N networking gateway.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-03


∗∗∗ Siemens SCALANCE FragAttacks ∗∗∗
---------------------------------------------
This advisory contains mitigations for Improper Authentication, Injection, Improper Validation of Integrity Check, and Improper Input Validation vulnerabilities in the Siemens SCALANCE FragAttacks.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-04


∗∗∗ Siemens OpenSSL Vulnerabilities in Industrial Products ∗∗∗
---------------------------------------------
This advisory contains mitigations for a NULL Pointer Dereference vulnerability in the Siemens OpenSSL.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-05


∗∗∗ Delta Electronics DMARS ∗∗∗
---------------------------------------------
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in the Delta Electronics DMARS program development tool.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-01


∗∗∗ Juniper Networks Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/04/14/juniper-networks-releases-security-updates-multiple-products


∗∗∗ Chrome 100.0.4896.127 fixt 0-day Schwachstelle CVE-2022-1364 ∗∗∗
---------------------------------------------
Google hat zum 14. April 2022 Notfall-Updates des Google Chrome 100.0.4896.127 für Android, sowie für Windows und Mac auf dem Desktop im Stable Channel freigegeben. Das Update schließt die 0-day-Schwachstelle CVE-2022-1364, die bereits Exploits existieren.
---------------------------------------------
https://www.borncity.com/blog/2022/04/15/chrome-100-0-4896-127-fixt-ausgenutzte-0-day-schwachstelle-cve-2022-1364/


∗∗∗ OpenSSL Infinite loop when parsing certificates CVE-2022-0778 ∗∗∗
---------------------------------------------
A vulnerability CVE-2022-0778 was found in OpenSSL that allows to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate leads to a DoS (Denial of service) attack. SonicWall is investigating its product line to determine which products and cloud services may be affected by this vulnerability.
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002


∗∗∗ Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Spring Security ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-vulnerable-to-multiple-vulnerabilities-due-to-spring-security/


∗∗∗ Security Bulletin: Due to use of Apache Storm IBM Tivoli Network Manager is vulnerable to arbiraty code execution ( CVE-2021-38294, CVE-2021-40865 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-apache-storm-ibm-tivoli-network-manager-is-vulnerable-to-arbiraty-code-execution-cve-2021-38294-cve-2021-40865/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-apache-thrift/


∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities in Plexus-utils affect IBM Netezza Analytics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-in-plexus-utils-affect-ibm-netezza-analytics/


∗∗∗ Security Bulletin: OpenSSL for IBM i is vulnerable to a denial of service due to a flaw in the BN_mod_sqrt() function (CVE-2022-0778) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-vulnerable-to-a-denial-of-service-due-to-a-flaw-in-the-bn_mod_sqrt-function-cve-2022-0778/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-node-js/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily