[CERT-daily] Tageszusammenfassung - 29.12.2022

Thu Dec 29 18:06:37 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 28-12-2022 18:00 − Donnerstag 29-12-2022 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Google Home speakers allowed hackers to snoop on conversations ∗∗∗
---------------------------------------------
A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/google-home-speakers-allowed-hackers-to-snoop-on-conversations/


∗∗∗ WordPress Vulnerability & Patch Roundup December 2022 ∗∗∗
---------------------------------------------
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.
---------------------------------------------
https://blog.sucuri.net/2022/12/wordpress-vulnerability-patch-roundup-december-2022.html


∗∗∗ The Worst Hacks of 2022 ∗∗∗
---------------------------------------------
The year was marked by sinister new twists on cybersecurity classics, including phishing, breaches, and ransomware attacks.
---------------------------------------------
https://www.wired.com/story/worst-hacks-2022/


∗∗∗ New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection ∗∗∗
---------------------------------------------
We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses.
---------------------------------------------
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/


∗∗∗ One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware. (arXiv:2212.13716v1 [cs.CR]) ∗∗∗
---------------------------------------------
Currently, the development of IoT firmware heavily depends on third-partycomponents (TPCs) to improve development efficiency. Nevertheless, TPCs are notsecure, and the vulnerabilities in TPCs will influence the security of IoTf irmware.
---------------------------------------------
http://arxiv.org/abs/2212.13716


∗∗∗ A survey and analysis of TLS interception mechanisms and motivations. (arXiv:2010.16388v2 [cs.CR] UPDATED) ∗∗∗
---------------------------------------------
TLS is an end-to-end protocol designed to provide confidentiality andintegrity guarantees that improve end-user security and privacy. While TLShelps defend against pervasive surveillance of intercepted unencrypted traffic,it also hinders several common beneficial operations typically performed bymiddleboxes on the network traffic.
---------------------------------------------
http://arxiv.org/abs/2010.16388


∗∗∗ HardCIDR – Network CIDR and Range Discovery Tool ∗∗∗
---------------------------------------------
HardCIDR is a Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test.
---------------------------------------------
https://www.darknet.org.uk/2022/12/hardcidr-network-cidr-and-range-discovery-tool/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting ∗∗∗
---------------------------------------------
The router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5743.php


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (multipath-tools), Fedora (containerd and trafficserver), Gentoo (libksba and openssh), and SUSE (webkit2gtk3).
---------------------------------------------
https://lwn.net/Articles/918715/


∗∗∗ Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers ∗∗∗
---------------------------------------------
Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities.
---------------------------------------------
https://www.securityweek.com/several-dos-code-execution-vulnerabilities-found-rockwell-automation-controllers


∗∗∗ Ungepatchte Citrix-Server zu Tausenden über kritische Schwachstellen angreifbar ∗∗∗
---------------------------------------------
Citrix hat in den letzten Monaten Sicherheitsupdates für kritische Schwachstellen in Citrix ADC- und Gateway-Produkten freigegeben und entsprechende Sicherheitswarnungen veröffentlicht.
---------------------------------------------
https://www.borncity.com/blog/2022/12/29/ungepatchte-citrix-server-zu-tausenden-ber-kritische-schwachstellen-angreifbar/


∗∗∗ (Non-US) DIR-825/EE : H/W Rev. R2 & DIR-825/AC Rev. G1A:: F/W 1.0.9 :: Multiple Vulnerabilities by Trend Micro, the Zero Day Initiative (ZDI) ∗∗∗
---------------------------------------------
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10319


∗∗∗ AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6851445


∗∗∗ IBM Synthetic Playback Agent is vulnerable due to its use of Apache Commons Text [CVE-2022-42889] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6852105

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily