[CERT-daily] Tageszusammenfassung - 07.12.2022

Wed Dec 7 18:09:00 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 06-12-2022 18:00 − Mittwoch 07-12-2022 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers ∗∗∗
---------------------------------------------
Microsoft, three others release patches to fix a vulnerability in their respective products that enables such manipulation. Other EDR products potentially are affected as well.
---------------------------------------------
https://www.darkreading.com/vulnerabilities-threats/cyberattackers-popular-edr-tools-destructive-data-wipers


∗∗∗ DEV-0139 launches targeted attacks against the cryptocurrency industry ∗∗∗
---------------------------------------------
Microsoft security researchers investigate an attack where the threat actor, tracked DEV-0139, used chat groups to target specific cryptocurrency investment companies and run a backdoor within their network.
---------------------------------------------
https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/


∗∗∗ New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network ∗∗∗
---------------------------------------------
A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software.
---------------------------------------------
https://thehackernews.com/2022/12/new-go-based-zerobot-botnet-exploiting.html


∗∗∗ ChatGPT shows promise of using AI to write malware ∗∗∗
---------------------------------------------
For even the most skilled hackers, it can take at least an hour to write a script to exploit a software vulnerability and infiltrate their target. Soon, a machine may be able to do it in mere seconds.
---------------------------------------------
https://www.cyberscoop.com/chatgpt-ai-malware/


∗∗∗ So schützen Sie sich vor Scams ∗∗∗
---------------------------------------------
Beim Scamming - auch Vorschussbetrug genannt - versuchen Kriminelle, Sie zu einer Vorauszahlung zu drängen. Sie werden beispielsweise mit einem Millionengewinn, einer Erbschaft oder einem günstigen Kreditangebot geködert.
---------------------------------------------
https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-scams/


∗∗∗ OpenSSL punycode – with hindsight ∗∗∗
---------------------------------------------
The next Heartbleeds were about to be announced, two critical vulnerabilities that affect everyone and everything, everywhere. And then they were released. And everyone was let down.
---------------------------------------------
https://blog.checkpoint.com/2022/12/07/openssl-punycode-with-hindsight/


∗∗∗ Malware Distributed with Disguised Filenames (RIGHT-TO-LEFT OVERRIDE) ∗∗∗
---------------------------------------------
In August, the ASEC analysis team made a post on the malware being distributed with filenames that utilize RTLO (Right-To-Left Override).
---------------------------------------------
https://asec.ahnlab.com/en/43518/


∗∗∗ Industry 4.0: CNC Machine Security Risks Part 3 ∗∗∗
---------------------------------------------
This three-part blog series explores the risks associated with CNC machines
---------------------------------------------
https://www.trendmicro.com/en_us/research/22/l/cnc-machine-security-risks-part-3.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Fortinet schließt Sicherheitslücken in mehreren Produkten ∗∗∗
---------------------------------------------
Für zahlreiche Produkte aus dem Portfolio hat Fortinet Sicherheitsupdates herausgegeben. Sie schließen teils hochriskante Schwachstellen.
---------------------------------------------
https://heise.de/-7368520


∗∗∗ Dienste-Monitoring: Angreifer können Cacti beliebigen Code unterschieben ∗∗∗
---------------------------------------------
In der Webanwendung Cacti, die etwa zur Diensteüberwachung dient, könnten Angreifer beliebigen Code einschleusen und ausführen. Ein Patch ist verfügbar.
---------------------------------------------
https://heise.de/-7369455


∗∗∗ Jetzt patchen: Fehlkonfiguration in Netgear-Router lässt Angreifer auf das Gerät ∗∗∗
---------------------------------------------
Forscher warnen vor Fremdzugriffen auf den Nighthawk WiFi 6 Router von Netgear. Ein Update ist verfügbar, soll sich aber nicht automatisch installieren.
---------------------------------------------
https://heise.de/-7369071


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cgal, ruby-rails-html-sanitizer, and xfce4-settings), Red Hat (dbus, grub2, kernel, pki-core, and usbguard), Scientific Linux (pki-core), SUSE (bcel, LibVNCServer, and xen), and Ubuntu (ca-certificates and u-boot).
---------------------------------------------
https://lwn.net/Articles/917208/


∗∗∗ Cross-Site Scripting in Handy Macros for Confluence (SYSS-2022-049) ∗∗∗
---------------------------------------------
Durch eine Cross-Site Scripting-Schwachstelle im "Handy Tip"-Makro in Handy Macros for Confluence kann ausführbarer Schadcode in Seiten eingebaut werden.
---------------------------------------------
https://www.syss.de/pentest-blog/cross-site-scripting-in-handy-macros-for-confluence-syss-2022-049


∗∗∗ K35253541: Java vulnerabilities CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14797 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K35253541


∗∗∗ K71522481: Java vulnerability CVE-2021-2163 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K71522481


∗∗∗ Sprecher SPRECON-E-C/-E-P/-E-T3: Schwachstelle in der Firmwareverifikation ∗∗∗
---------------------------------------------
https://www.sprecher-automation.com/it-sicherheit/security-alerts

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily