[CERT-daily] Tageszusammenfassung - 30.12.2022

Fri Dec 30 18:12:07 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 29-12-2022 18:00 − Freitag 30-12-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Netgear warns users to patch recently fixed WiFi router bug ∗∗∗
---------------------------------------------
Netgear has fixed a high-severity vulnerability affecting multiple WiFi router models and advised customers to update their devices to the latest available firmware as soon as possible.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/


∗∗∗ New Linux malware uses 30 plugin exploits to backdoor WordPress sites ∗∗∗
---------------------------------------------
A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-linux-malware-uses-30-plugin-exploits-to-backdoor-wordpress-sites/


∗∗∗ Security Update Guide Improvement – Representing Hotpatch Updates ∗∗∗
---------------------------------------------
Today we are updating the way Microsoft Security Update Guide (SUG) represents the Windows Hotpatch feature to make it easier for users to identify the hotpatch and security updates.
---------------------------------------------
https://msrc-blog.microsoft.com/2022/12/29/security-update-guide-improvement-representing-hotpatch-updates/


∗∗∗ Opening the Door for a Knock: Creating a Custom DShield Listener, (Thu, Dec 29th) ∗∗∗
---------------------------------------------
There are a variety of services listening for connections on DShield honeypots. Different systems scanning the internet can connect to these listening services due to exceptions in the firewall. Any attempted connections blocked by the firewall are logged and can be analyzed later. This can be useful to see TCP port connection attempts, but it usefulness is limited.
---------------------------------------------
https://isc.sans.edu/diary/rss/29382


∗∗∗ SPF and DMARC use on GOV domains in different ccTLDs, (Fri, Dec 30th) ∗∗∗
---------------------------------------------
Although e-mail is one of the cornerstones of modern interpersonal communication, its underlying Simple Mail Transfer Protocol (SMTP) is far from what we might call robust or secure. By itself, the protocol lacks any security features related to ensuring (among other factors) integrity or authenticity of transferred data or the identity of their sender, and creating a “spoofed” e-mail is therefore quite easy.
---------------------------------------------
https://isc.sans.edu/diary/rss/29384


∗∗∗ CISA Warns of Active exploitation of JasperReports Vulnerabilities ∗∗∗
---------------------------------------------
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two-years-old security flaws impacting TIBCO Softwares JasperReports product to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaws, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), were addressed by TIBCO in April 2018 and March 2019, respectively.
---------------------------------------------
https://thehackernews.com/2022/12/cisa-warns-of-active-exploitation-of.html


∗∗∗ ENLBufferPwn (CVE-2022-47949) ∗∗∗
---------------------------------------------
ENLBufferPwn is a vulnerability in the common network code of several first party Nintendo games since the Nintendo 3DS that allows an attacker to execute code remotely in the victims console by just having an online game with them (remote code execution).
---------------------------------------------
https://github.com/PabloMK7/ENLBufferPwn


∗∗∗ Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463 ∗∗∗
---------------------------------------------
Welcome to the third and final installment of the “Chrome Browser Exploitation” series. The main objective of this series has been to provide an introduction to browser internals and delve into the topic of Chrome browser exploitation on Windows in greater depth.
---------------------------------------------
https://jhalon.github.io/chrome-browser-exploitation-3/


∗∗∗ EU-Regeln für Cybersicherheit bald in Kraft: Rund 20.000 Betriebe betroffen ∗∗∗
---------------------------------------------
Die EU hat die novellierte Richtlinie zur Netz- und Informationssicherheit (NIS2) im Amtsblatt veröffentlicht. Der Countdown zur Umsetzung in Deutschland läuft.
---------------------------------------------
https://heise.de/-7444366


=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins 2022-12-30 ∗∗∗
---------------------------------------------
IBM Cloud Pak for Automation, IBM Cloud Pak for Business Automation, IBM Cloud Application Business Insights, IBM Cloud Transformation Advisor, Tivoli Netcool/OMNIbus, Netcool/System Service Monitor
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libcommons-net-java), Fedora (python3.6), and SUSE (conmon, polkit-default-privs, thunderbird, and webkit2gtk3).
---------------------------------------------
https://lwn.net/Articles/918778/


∗∗∗ Synology-SA-22:26 VPN Plus Server ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to possible execute arbitrary command via a susceptible version of Synology VPN Plus Server.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_22_26

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily