[CERT-daily] Tageszusammenfassung - 10.08.2022

Wed Aug 10 18:41:29 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 09-08-2022 18:00 − Mittwoch 10-08-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ BSI warnt vor dem Einsatz unsicherer Funk-Türschlösser der Marke ABUS ∗∗∗
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) warnt nach §7 BSI-Gesetz vor dem Einsatz des digitalen Türschlosses "HomeTec Pro CFA3000" des Herstellers ABUS und empfiehlt, das Produkt zu ersetzen.
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220810_Warnung_ABUS.html


∗∗∗ Achtung: Fake-Shops! Kaufen Sie nichts bei diesen Garten-Online-Shops ∗∗∗
---------------------------------------------
Online finden Sie viele Shops zu jedem Bereich. Auch Garten-Shops bilden da keine Ausnahme. Die Online-Shops gartenland-paradies.de, home-garten-shop.de und rasengarten.com sind allesamt Fake-Shops und versuchen, Sie zu betrügen.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-fake-shops-kaufen-sie-nichts-bei-diesen-garten-online-shops/


∗∗∗ Microsoft veröffentlicht Bedrohungsmatrix zu Azure für Sicherheits-Evaluierungen ∗∗∗
---------------------------------------------
Analog zum in Sicherheitskreisen vielgenutzten MITRE ATT&CK Framework hat Microsoft für Azure und Azure AD Informationen zu potenziellen Angriffen aufbereitet.
---------------------------------------------
https://heise.de/-7216398


∗∗∗ UnRAR Vulnerability Exploited in the Wild, Likely Against Zimbra Servers ∗∗∗
---------------------------------------------
The US Cybersecurity and Infrastructure Security Agency (CISA) revealed on Tuesday that a recently patched vulnerability affecting the UnRAR archive extraction tool is being exploited in the wild.
---------------------------------------------
https://www.securityweek.com/unrar-vulnerability-exploited-wild-likely-against-zimbra-servers


∗∗∗ Novel News on Cuba Ransomware aka Greetings From Tropical Scorpius ∗∗∗
---------------------------------------------
Beginning in early May 2022, Unit 42 observed a threat actor deploying Cuba Ransomware using novel tools and techniques. Using our naming schema, Unit 42 tracks the threat actor as Tropical Scorpius.
---------------------------------------------
https://unit42.paloaltonetworks.com/cuba-ransomware-tropical-scorpius/


∗∗∗ 10 malicious PyPI packages found stealing developers credentials ∗∗∗
---------------------------------------------
Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developers systems with password-stealing malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/10-malicious-pypi-packages-found-stealing-developers-credentials/


∗∗∗ VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges ∗∗∗
---------------------------------------------
VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies.
---------------------------------------------
https://securelist.com/vilerat-deathstalkers-continuous-strike/107075/


∗∗∗ Security Update Guide Notification System News: Create your profile now ∗∗∗
---------------------------------------------
Sharing information through the Security Update Guide (SUG) is an important part of our ongoing effort to help customers manage security risks and keep systems protected.
---------------------------------------------
https://msrc-blog.microsoft.com/2022/08/09/security-update-guide-notification-system-news-create-your-profile-now/


∗∗∗ Attacking and Remediating Excessive Network Share Permissions in Active Directory Environments ∗∗∗
---------------------------------------------
In this blog, I’ll explain how to quickly inventory, exploit, and remediate network shares configured with excessive permissions at scale in Active Directory environments. Excessive share permissions represent a risk that can lead to data exposure, privilege escalation, and ransomware attacks within enterprise environments.
---------------------------------------------
https://www.netspi.com/blog/technical/network-penetration-testing/network-share-permissions-powerhuntshares/


∗∗∗ Discovering Domains via a Timing Attack on Certificate Transparency ∗∗∗
---------------------------------------------
There is a flaw in a way that deployment of TLS certificates might be set up. It allows anyone to discover all domain names used by the same server. Sometimes, even when there is no HTTPS there!
---------------------------------------------
https://swarm.ptsecurity.com/discovering-domains-via-timing-attack/


∗∗∗ The Security Pros and Cons of Using Email Aliases ∗∗∗
---------------------------------------------
One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a "+" character after the username portion of your email address -- followed by a notation specific to the site youre signing up at -- lets you create an infinite number of unique email addresses tied to the same account.
---------------------------------------------
https://krebsonsecurity.com/2022/08/the-security-pros-and-cons-of-using-email-aliases/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Neue Sicherheitslücken in AMD- und Intel-Prozessoren: AEPIC & SQUIP ∗∗∗
---------------------------------------------
Internationale Expertenteams weisen Schwachstellen in zahlreichen aktuellen CPU-Typen von AMD und Intel nach, die auch künftige ARM-Chips treffen könnten.
---------------------------------------------
https://heise.de/-7211904


∗∗∗ Intel Patches Severe Vulnerabilities in Firmware, Management Software ∗∗∗
---------------------------------------------
Intel on Tuesday published 27 security advisories detailing roughly 60 vulnerabilities across firmware, software libraries, and endpoint and data center management products.
---------------------------------------------
https://www.securityweek.com/intel-patches-severe-vulnerabilities-firmware-management-software


∗∗∗ Microsoft Security Update Summary (9. August 2022) ∗∗∗
---------------------------------------------
Am 9. August 2022 hat Microsoft Sicherheitsupdates für Windows-Clients und -Server, für Office usw. – sowie für weitere Produkte – veröffentlicht. Die Sicherheitsupdates beseitigen zudem 118 Schwachstellen, davon 17 kritisch und zwei 0-day-Schwachstellen.
---------------------------------------------
https://www.borncity.com/blog/2022/08/10/microsoft-security-update-summary-9-august-2022/


∗∗∗ Exchange Server Sicherheitsupdates (9. August 2022) ∗∗∗
---------------------------------------------
Microsoft hat zum 9. August Sicherheitsupdates für Exchange Server 2013, Exchange Server 2016 und Exchange Server 2019 veröffentlicht.
---------------------------------------------
https://www.borncity.com/blog/2022/08/10/exchange-server-sicherheitsupdates-9-august-2022/


∗∗∗ Patchday: Adobe schließt kritische Lücken in Commerce und Kreativprogrammen ∗∗∗
---------------------------------------------
Adobe schließt zum August-Patchday mehrere, teils kritische Sicherheitslücken. Betroffen sind Adobe Commerce und Magento sowie PDF- und Kreativ-Software.
---------------------------------------------
https://heise.de/-7215839


∗∗∗ Jetzt handeln! Exploit-Code für VMware-Lücke aufgetaucht, neue Updates verfügbar ∗∗∗
---------------------------------------------
VMware hat für neu entdeckte Sicherheitslücken Updates bereitgestellt. Für eine ältere Schwachstelle ist jetzt Exploit-Code aufgetaucht, warnt der Hersteller.
---------------------------------------------
https://heise.de/-7216296


∗∗∗ IBM Security Bulletins 2022-08-09 ∗∗∗
---------------------------------------------
IBM Netezza, IBM Sterling Connect, IBM MQ Operator, IBM Queue manager, IBM Cloud Pak, IBM Sterling B2B Integrator, IBM Event Streams, IBM InfoSphere Information Server, IBM Process Mining.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Lenovo Product Security Advisories and Announcements 2022-08-09 ∗∗∗
---------------------------------------------
Lenovo published 9 security advisories.
---------------------------------------------
https://support.lenovo.com/de/de/product_security/home


∗∗∗ Dell Security Advisories and Notices ∗∗∗
---------------------------------------------
Dell published 1 security advisory.
---------------------------------------------
https://www.dell.com/support/security/en-us/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gst-plugins-good1.0), Fedora (firefox and ghostscript), Gentoo (consul, firefox, libass, libraw, lxml, mdbtools, pam_u2f, spice, and thunderbird), Oracle (kernel, kernel-container, and vim), Red Hat (galera, mariadb, and mysql-selinux, kernel, and kernel-rt), Scientific Linux (kernel), SUSE (bind, java-11-openjdk, kernel, mokutil, ncurses, and u-boot), and Ubuntu (epiphany-browser, libcdio, linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-lts-xenial, and linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle).
---------------------------------------------
https://lwn.net/Articles/904374/


∗∗∗ PaloAlto Networks PAN-OS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in PaloAlto Networks PAN-OS ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, Code zur Ausführung zu bringen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0952


∗∗∗ FreeBSD: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in FreeBSD ausnutzen, um einen Denial of Service Angriff durchzuführen, Informationen offenzulegen oder Code auszuführen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0995


∗∗∗ F5: K21600298: OpenSSL vulnerability CVE-2022-1292 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K21600298


∗∗∗ Red Hat Ceph Storage: Schwachstelle ermöglicht Manipulation von Dateien ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0979


∗∗∗ Apache Traffic Server: Mehrere Schwachstellen ermöglichen Manipulation von Dateien ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0992


∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0989


∗∗∗ Citrix Hypervisor Security Bulletin for CVE-2022-33745 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX463455/citrix-hypervisor-security-bulletin-for-cve202233745


∗∗∗ SonicWall SMA1000 CVE-2021-33909 and CVE-2022-0847 ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily