[CERT-daily] Tageszusammenfassung - 14.12.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 13-12-2022 18:00 − Mittwoch 14-12-2022 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft-signed malicious Windows drivers used in ransomware attacks ∗∗∗
---------------------------------------------
Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-signed-malicious-windows-drivers-used-in-ransomware-attacks/


∗∗∗ Open-source repositories flooded by 144,000 phishing packages ∗∗∗
---------------------------------------------
Unknown threat actors have uploaded a total of 144,294 phishing-related packages on the open-source package repositories NuGet, PyPI, and NPM.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/open-source-repositories-flooded-by-144-000-phishing-packages/


∗∗∗ Input Validation for Website Security ∗∗∗
---------------------------------------------
Web forms are incredibly useful tools. They allow you to gather important information about potential clients and site visitors, collect comments and feedback, upload files, subscribe new users to your blog, or even collect payment details. But if your forms aren’t properly validating user inputs, you might be in for a nasty surprise: a variety of issues can occur if data is uploaded to your site’s environment without specific controls.
---------------------------------------------
https://blog.sucuri.net/2022/12/input-validation-for-website-security.html


∗∗∗ Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities ∗∗∗
---------------------------------------------
Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects.The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a projects list of dependencies with the vulnerabilities that affect them," [..]
---------------------------------------------
https://thehackernews.com/2022/12/google-launches-largest-distributed.html


∗∗∗ New GoTrim Botnet Attempting to Break into WordPress Sites Admin Accounts ∗∗∗
---------------------------------------------
A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of the targeted systems."This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses :::trim::: to split data communicated to and from the C2 server," 
---------------------------------------------
https://thehackernews.com/2022/12/new-gotrim-botnet-attempting-to-break.html


∗∗∗ Ade iOS 15: Apple stellt Support auf neueren iPhones offenbar ein ∗∗∗
---------------------------------------------
iPhones ab Baujahr 2017 erhalten Sicherheits-Updates nur noch nach Upgrade auf iOS 16. Lücken in iOS 15 werden laut Apple aktiv ausgenutzt.
---------------------------------------------
https://heise.de/-7394913


∗∗∗ BSI-Magazin mit Schwerpunkt "Ransomware" veröffentlicht ∗∗∗
---------------------------------------------
Die zweite Ausgabe des BSI-Magazins "Mit Sicherheit" in diesem Jahr ist erschienen. Das BSI stellt in diesem BSI-Magazin eine der aktuell größten Bedrohungen für die IT-Sicherheit in einem Sonderteil in den Mittelpunkt: Ransomware. [..] Weitere Themen sind Automotive Security, der Digitale Verbraucherschutz sowie die Zusammenarbeit von BSI und NATO zur Gestaltung der Cloud-Sicherheit im Bündnis. Außerdem gibt es im neuen BSI-Magazin eine neue Checkliste mit Tipps für ein sicheres Heimnetzwerk.
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/BSI-Magazin_2_2022_221214.html


∗∗∗ NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing ∗∗∗
---------------------------------------------
Original release date: December 13, 2022Today, the National Security Agency (NSA), CISA, and the Office of the Director of National Intelligence (ODNI), published Potential Threats to 5G Network Slicing. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents both the benefits and risks associated with 5G network slicing. It also provides mitigation strategies that address potential threats to 5G network slicing.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/12/13/nsa-cisa-and-odni-release-guidance-potential-threats-5g-network



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerabilities found on Arcadyan Routers ∗∗∗
---------------------------------------------
The two vulnerabilities were found by Asher Davila L. in Arcadyan wireless modems with model number VRV9506JAC23. It is probable that they are also present in other Arcadyan models as well because their web interfaces are similar and they have common features. The following are the two found vulnerabilities:
* CVE-2020-9420: Cleartext transmission of sensitive information
* CVE-2020-9419: Stored cross-site scripting
---------------------------------------------
https://gist.github.com/AsherDLL/03d0762b5a535e300f1121caebe333ce


∗∗∗ Webbrowser: Chrome-Update dichtet acht Sicherheitslecks ab ∗∗∗
---------------------------------------------
Google hat eine aktualisierte Version des Webbrowsers Chrome bereitgestellt. Sie schließt mindestens vier hochriskante Sicherheitslücken.
---------------------------------------------
https://heise.de/-7394554


∗∗∗ VMSA-2022-0032: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation) ∗∗∗
---------------------------------------------
Synopsis: VMware Workspace ONE Access and Identity Manager updates address multiple vulnerabilities (CVE-2022-31700, CVE-2022-31701).         
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0032.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (pngcheck), Fedora (qemu), Mageia (admesh, busybox, emacs, libarchive, netkit-telnet, ruby, rxvt-unicode, and shadowutils), Oracle (bcel and kernel), Red Hat (389-ds-base, bcel, dbus, firefox, grub2, kernel, kernel-rt, kpatch-patch, thunderbird, and usbguard), Scientific Linux (bcel), SUSE (containerd, firefox, grafana, java-1_8_0-openjdk, libtpms, net-snmp, and wireshark), and Ubuntu (pillow).
---------------------------------------------
https://lwn.net/Articles/917839/


∗∗∗ Adobe Patches 38 Flaws in Enterprise Software Products ∗∗∗
---------------------------------------------
After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple enterprise-facing products.The San Jose, California software maker said the flaws could expose users to code execution and privilege escalation attacks across all computer platforms.
---------------------------------------------
https://www.securityweek.com/adobe-patches-38-flaws-enterprise-software-products


∗∗∗ ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches ∗∗∗
---------------------------------------------
Industrial giants Siemens and Schneider Electric have addressed over 140 vulnerabilities with their December 2022 Patch Tuesday updates.Siemensread more
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-siemens-fixes-80-openssl-openssh-flaws-switches


∗∗∗ Apple Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
Original release date: December 13, 2022Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible: 
    iCloud for Windows 14.1
    Safari 16.2
    macOS Monterey 12.6.2
    macOS Big Sur 11.7.2
    tvOS 16.2
    watchOS 9.2
    iOS 15.7.2 and iPadOS 15.7.2
    iOS 16.2 and iPadOS 16.2
    macOS Ventura 13.1
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/12/13/apple-releases-security-updates-multiple-products


∗∗∗ Sonicwall Capture Client Local Privilege Escalation via SentinelOne Agent (Aikido) ∗∗∗
---------------------------------------------
An arbitrary file deletion vulnerability (Aikido) in Sonicwall Capture Client via SentinelOne Agent could allow a local attacker to escalate privileges and delete files. The exploit was confirmed to work with 6 vulnerable EDR products, including the SentinelOne Agent for Windows.Please note: an attacker must first obtain low-privileged access on the target system in order to exploit this vulnerability.
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0025


∗∗∗ Cisco Identity Services Engine Unauthorized File Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM


∗∗∗ Weidmueller: Multiple IoT and control products affected by JavaScript injection vulnerability ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-056/


∗∗∗ NVIDIA GPU Display Driver Advisory - November 2022 ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500536-NVIDIA-GPU-DISPLAY-DRIVER-ADVISORY-NOVEMBER-2022


∗∗∗ Vulnerabilities in Linux Kernel, Golang Go, and cURL libcurl may affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847643


∗∗∗ Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2022-34165) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847655


∗∗∗ Vulnerabilities in zlib and Golang Go may affect the IBM Spectrum Protect Server (CVE-2018-25032, CVE-2022-27664) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847653


∗∗∗ IBM Copy Services Manager is vulnerable to a remote attack vulnerabilities due to IBM WebSphere Application Server Liberty vulnerabilities (CVE-2022-22476) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847789


∗∗∗ IBM Tivoli Netcool\/OMNIbus Transport Module Common Integration Library is affected by vulnerability in Apache Kafka (CVE-2022-34917) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847829


∗∗∗ IBM Tivoli Netcool\/OMNIbus Probe and Integrations Library are affected by vulnerabilities in FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6846525


∗∗∗ IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847939


∗∗∗ IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847945

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily