[CERT-daily] Tageszusammenfassung - 15.06.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 14-06-2022 18:00 − Mittwoch 15-06-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Security baseline for Microsoft 365 Apps for enterprise v2206 ∗∗∗
---------------------------------------------
Microsoft is pleased to announce the release of the recommended security configuration baseline settings for Microsoft 365 Apps for enterprise, version 2206.
---------------------------------------------
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-365-apps-for-enterprise-v2206/ba-p/3502714


∗∗∗ Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers ∗∗∗
---------------------------------------------
A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022.
---------------------------------------------
https://thehackernews.com/2022/06/panchan-new-golang-based-peer-to-peer.html


∗∗∗ TPM Sniffing Attacks Against Non-Bitlocker Targets ∗∗∗
---------------------------------------------
Last year, during an uptick in media attention for Trusted Platform Module (TPM) security triggered by a blog post from the Dolos Group describing a sniffing attack on Windows Bitlocker relying on a TPM, a customer asked us to investigate their TPM-based Full Disk Encryption (FDE) set up in light of this type of attack.
---------------------------------------------
https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets


∗∗∗ Bypassing CSP with dangling iframes ∗∗∗
---------------------------------------------
Our Web Security Academy has a topic on dangling markup injection - a technique for exploiting sites protected by CSP.
---------------------------------------------
https://portswigger.net/research/bypassing-csp-with-dangling-iframes


∗∗∗ A tiny botnet launched the largest DDoS attack on record ∗∗∗
---------------------------------------------
A small but powerful army of just 5,000 devices generated a record-breaking web attack.
---------------------------------------------
https://www.zdnet.com/article/a-tiny-botnet-launched-the-largest-ddos-attack-on-record/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Citrix warns critical bug can let attackers reset admin passwords ∗∗∗
---------------------------------------------
Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/citrix-warns-critical-bug-can-let-attackers-reset-admin-passwords/


∗∗∗ Patchday: Updates bessern zehn SAP-Schwachstellen aus ∗∗∗
---------------------------------------------
Am Juni-Patchday hat SAP zehn Sicherheitslücken geschlossen. Für zwei ältere Sicherheitsmeldungen aktualisiert der Hersteller die Sicherheitsmeldungen.
---------------------------------------------
https://heise.de/-7141579


∗∗∗ Patchday: Microsoft schließt MSDT-Lücke, die auch ohne Makros funktioniert ∗∗∗
---------------------------------------------
Windows ist unter anderem über Word verwundbar, wobei auch RTF-Formate genutzt werden können. Aber auch Azure, Edge & Co. bekommen wichtige Sicherheitsupdates.
---------------------------------------------
https://heise.de/-7141070


∗∗∗ Patchday Adobe: Schadcode-Lücken in InDesign, Illustrator & Co. geschlossen ∗∗∗
---------------------------------------------
Mehrere Adobe-Anwendungen sind über als kritisch eingestufte Schwachstellen attackierbar. Sicherheitsupdates schaffen Abhilfe.
---------------------------------------------
https://heise.de/-7141175


∗∗∗ Sicherheitslücke Hertzbleed: x86-Prozessortaktung verrät Geheimnisse ∗∗∗
---------------------------------------------
Ein Forscherteam belauscht kryptografische Berechnungen auf modernen x86-CPUs anhand charakteristischer Taktfrequenzänderungen.
---------------------------------------------
https://heise.de/-7141221


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Red Hat (.NET 6.0 and log4j), SUSE (389-ds, grub2, kernel, openssl-1_1, python-Twisted, webkit2gtk3, and xen), and Ubuntu (php7.2, php7.4, php8.0, php8.1 and util-linux).
---------------------------------------------
https://lwn.net/Articles/897992/


∗∗∗ Critical Code Execution Vulnerability Patched in Splunk Enterprise ∗∗∗
---------------------------------------------
Splunk this week announced the release of out-of-band patches that address multiple vulnerabilities across Splunk Enterprise, including a critical issue that could lead to arbitrary code execution.
---------------------------------------------
https://www.securityweek.com/critical-code-execution-vulnerability-patched-splunk-enterprise


∗∗∗ Schneider Electric Advisories 2022-06-15 ∗∗∗
---------------------------------------------
https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp


∗∗∗ Security Bulletin: IBM Financial Transaction Manager for Digital Payments for Multi-Platform is vulnerable to SQL injection. (CVE-2019-4575) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-financial-transaction-manager-for-digital-payments-for-multi-platform-is-vulnerable-to-sql-injection-cve-2019-4575/


∗∗∗ Security Bulletin: Operations Dashboard is vulnerable to denial of service by Go vulnerability CVE-2022-28327 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-denial-of-service-by-go-vulnerability-cve-2022-28327/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix-8/


∗∗∗ Security Bulletin: Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-v1-6-4-contains-fixes-for-multiple-security-vulnerabilities-2/


∗∗∗ Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential Cross-Site Scripting (Reflected) vulnerability (CVE-2020-4560) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-digital-payments-is-affected-by-a-potential-cross-site-scripting-reflected-vulnerability-cve-2020-4560/


∗∗∗ Security Bulletin: Vulnerabilities in Java affects IBM Cloud Application Business Insights – Quaterly Java update, CVE-2021-35603 and CVE-2021-35550 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affects-ibm-cloud-application-business-insights-quaterly-java-update-cve-2021-35603-and-cve-2021-35550/


∗∗∗ Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Copy Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-postgresql-may-affect-ibm-spectrum-copy-data-management-2/


∗∗∗ Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-22444) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-denial-of-service-due-to-lpd-cve-2022-22444/


∗∗∗ Security Bulletin: Operations Dashboard is vulnerable to denial of service by Go vulnerability CVE-2022-24675 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-denial-of-service-by-go-vulnerability-cve-2022-24675/


∗∗∗ Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential SQL Injection CVE-2020-4328 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-digital-payments-is-affected-by-a-potential-sql-injection-cve-2020-4328/


∗∗∗ VMSA-2022-0016 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0016.html


∗∗∗ AUMA: SIMA² Master Station Denial of Service Vulnerability on Automation Runtime Webserver ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-024/


∗∗∗ Johnson Controls Metasys ADS ADX OAS Servers ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-01


∗∗∗ Hardkodierte Backdoor Benutzer und veraltete Software Komponenten in der Nexans FTTO GigaSwitch Serie ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/nexans-ftto-gigaswitch-hardkodierte-backdoor-benutzer-veraltete-software-komponenten/


∗∗∗ Synaptics Fingerprint Driver Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500494-SYNAPTICS-FINGERPRINT-DRIVER-VULNERABILITY


∗∗∗ Intel Processors MMIO Stale Data Advisory ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500497-INTEL-PROCESSORS-MMIO-STALE-DATA-ADVISORY

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily