[CERT-daily] Tageszusammenfassung - 12.08.2022

Fri Aug 12 18:16:11 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 11-08-2022 18:00 − Freitag 12-08-2022 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ I’m a security reporter and got fooled by a blatant phish ∗∗∗
---------------------------------------------
Think youre too smart to be fooled by a phisher? Think again.
---------------------------------------------
https://arstechnica.com/?p=1873356


∗∗∗ The Importance of Website Logs ∗∗∗
---------------------------------------------
In this post, we’ll explain why logs are so important and help you understand how to use website logs to level up your security and maintain compliance.
---------------------------------------------
https://blog.sucuri.net/2022/08/importance-of-website-logs-for-security.html


∗∗∗ Conti Cybercrime Cartel Using BazarCall Phishing Attacks as Initial Attack Vector ∗∗∗
---------------------------------------------
A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks.
---------------------------------------------
https://thehackernews.com/2022/08/conti-cybercrime-cartel-using-bazarcall.html


∗∗∗ Sloppy Software Patches Are a ‘Disturbing Trend’ ∗∗∗
---------------------------------------------
The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.
---------------------------------------------
https://www.wired.com/story/software-patch-flaw-uptick-zdi/


∗∗∗ Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike ∗∗∗
---------------------------------------------
Since 2019, threat actor Monster Libra (also known as TA551 or Shathak) has pushed different families of malware.
---------------------------------------------
https://isc.sans.edu/diary/rss/28934


∗∗∗ Details zum Einbruch bei Cisco – Einfallstor persönliches Google-Konto ∗∗∗
---------------------------------------------
Cisco wurde Opfer eines Cyber-Angriffs, bei dem Kriminelle Zugriff auf das interne Netz erlangten. Jetzt veröffentlicht das Unternehmen Details dazu.
---------------------------------------------
https://heise.de/-7218236


∗∗∗ Input-Device-Monitoring bei Windows: Finde die Wanze! ∗∗∗
---------------------------------------------
Für moderne Malware, die im Userland agiert, sind forensische Aufspürmethoden für Abhörversuche quasi nicht existent. Ein Forscherteam will Abhilfe schaffen.
---------------------------------------------
https://heise.de/-7218864


∗∗∗ O’Neill-Kleidung online kaufen? Nicht auf backmanboats.com! ∗∗∗
---------------------------------------------
Wir erhalten immer wieder Meldungen zu Online-Shops, die entweder gar keine Ware verschicken oder etwas, das nichts mit der Produktbeschreibung zu tun hat. Haben Sie ein teures Marken T-Shirt bestellt, aber eine billige Kopie erhalten? Solche Online-Shops nennt man Markenfälscher, da sie angeben, bekannte Marken wie O'Neill zu verkaufen.
---------------------------------------------
https://www.watchlist-internet.at/news/oneill-kleidung-online-kaufen-nicht-auf-backmanboatscom/


∗∗∗ CISA Adds Two Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/08/11/cisa-adds-two-known-exploited-vulnerabilities-catalog


∗∗∗ Windows Sicherheitsupdate KB5012170 für Secure Boot DBX (9. August 2022) ∗∗∗
---------------------------------------------
Noch ein kurzer Nachtrag vom Patchday, 9. August 2022. Dort wurde auch ein Sicherheitsupdate für das Secure Boot Modul durch Microsoft bereitgestellt.
---------------------------------------------
https://www.borncity.com/blog/2022/08/12/windows-sicherheitsupdate-kb5012170-fr-secure-boot-dbx-9-august-2022/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Researchers Find Vulnerability in Software Underlying Discord, Microsoft Teams, and Other Apps ∗∗∗
---------------------------------------------
The popular apps used by millions of users all run the same software, called Electron.
---------------------------------------------
https://www.vice.com/en/article/m7gb7y/researchers-find-vulnerability-in-software-underlying-discord-microsoft-teams-and-other-apps


∗∗∗ Groupware Zimbra "trivial angreifbar" – Admins sollten schnell updaten ∗∗∗
---------------------------------------------
Mit der Verkettung zweier Security-Bugs in der Groupware haben Angreifer seit Ende Juni tausende Zimbra-Installationen übernommen.
---------------------------------------------
https://heise.de/-7218354


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gnutls28, libtirpc, postgresql-11, and samba), Fedora (microcode_ctl, wpebackend-fdo, and xen), Oracle (.NET 6.0, galera, mariadb, and mysql-selinux, and kernel), SUSE (dbus-1 and python-numpy), and Ubuntu (booth).
---------------------------------------------
https://lwn.net/Articles/904549/


∗∗∗ OT Security Firm Warns of Safety Risks Posed by Alerton Building System Vulnerabilities ∗∗∗
---------------------------------------------
OT and IoT cybersecurity company SCADAfence has discovered potentially serious vulnerabilities in a widely used building management system made by Alerton, a brand of industrial giant Honeywell.
---------------------------------------------
https://www.securityweek.com/ot-security-firm-warns-safety-risks-posed-alerton-building-system-vulnerabilities


∗∗∗ Realtek SDK Vulnerability Exposes Routers From Many Vendors to Remote Attacks ∗∗∗
---------------------------------------------
A serious vulnerability affecting the eCos SDK made by Taiwanese semiconductor company Realtek could expose the networking devices of many vendors to remote attacks.
---------------------------------------------
https://www.securityweek.com/realtek-sdk-vulnerability-exposes-routers-many-vendors-remote-attacks


∗∗∗ Bitdefender: Schwachstelle in Device42 ∗∗∗
---------------------------------------------
Wegen einer mittlerweile behobenen Schwachstelle in Device42 gibt Bitdefender eine Empfehlung zum Update auf die Version 18.01.00 von Device42.
---------------------------------------------
https://www.zdnet.de/88402845/bitdefender-schwachstelle-in-device42/


∗∗∗ Vulnerabilities on Xiaomi’s mobile payment mechanism which could allow forged transactions : A Check Point Research analysis ∗∗∗
---------------------------------------------
Check Point Research (CPR) analyzed the payment system built into Xiaomi smartphones powered by MediaTek chips CPR found vulnerabilities that could allow forging of payment and disabling the payment system directly.
---------------------------------------------
https://blog.checkpoint.com/2022/08/12/vulnerabilities-on-xiaomis-mobile-payment-mechanism/


∗∗∗ VU#309662: Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/309662


∗∗∗ Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to an XML External Entity (XXE) Injection vulnerability due to IBM WebSphere Application Server Liberty ( CVE-2021-20492 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-watson-knowledge-catalog-instascan-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-due-to-ibm-websphere-application-server-liberty-cve-2021-20492/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-file-agent-is-vulnerable-to-remote-code-execution-due-to-apache-commons-configuration-cve-2022-33980/


∗∗∗ Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2022 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-cloud-pak-for-business-automation-ifixes-for-july-2022/


∗∗∗ Security Bulletin: Operations Dashboard is vulnerable to remote connection exploit by Go CVE-2022-30629 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-remote-connection-exploit-by-go-cve-2022-30629/


∗∗∗ Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to ejs [CVE-2022-29078] ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-automation-assets-in-ibm-cloud-pak-for-integration-is-vulnerable-to-remote-code-execution-due-to-ejs-cve-2022-29078/


∗∗∗ Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote authenticated attacker due to Node.js (CVE-2022-29244, CVE-2022-33987) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-and-ibm-integration-bus-are-vulnerable-to-a-remote-authenticated-attacker-due-to-node-js-cve-2022-29244-cve-2022-33987/


∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthenticated attacker to cause a denial of service or low integrity impact due to multiple vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-are-vulnerable-to-unauthenticated-attacker-to-cause-a-denial-of-service-or-low-integrity-impact-due-to-multiple-vulnerabilities/


∗∗∗ PostgreSQL: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1013


∗∗∗ Emerson ROC800, ROC800L and DL8000 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-223-04

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily