[CERT-daily] Tageszusammenfassung - 29.06.2022

Wed Jun 29 18:26:29 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 28-06-2022 18:00 − Mittwoch 29-06-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ MITM at the Edge: Abusing Cloudflare Workers ∗∗∗
---------------------------------------------
Cloudflare Workers provide a powerful serverless solution to run code that sits between every HTTP request and response. In this post, we’ll see how an attacker compromising a Cloudflare account can abuse Workers to establish persistence and exfiltrate sensitive data.
---------------------------------------------
https://blog.christophetd.fr/abusing-cloudflare-workers/


∗∗∗ Achtung vor Fake-Shops mit Gartenmöbeln! ∗∗∗
---------------------------------------------
Kriminelle passen ihre Fake-Shops aktuell wieder an die Sommersaison an, indem sie vermehrt Gartenmöbel, Rasenmäher oder sonstige Gartengeräte anbieten. Beispiele sind waganu.de, bbvipanswer.shop, strandkorbia.com oder zzyha.shop.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vor-fake-shops-mit-gartenmoebeln/


∗∗∗ CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1 ∗∗∗
---------------------------------------------
CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication ("Modern Auth") before Microsoft begins permanently disabling Basic Auth on October 1, 2022.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/06/28/cisa-releases-guidance-switching-modern-auth-exchange-online


∗∗∗ YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom” ∗∗∗
---------------------------------------------
YTStealer is a malware whose objective is to steal YouTube authentication cookies.
---------------------------------------------
https://www.intezer.com/blog/research/ytstealer-malware-youtube-cookies/


∗∗∗ Decryptor für Hive Ransomware v1 bis v4 verfügbar ∗∗∗
---------------------------------------------
Opfer der Hive Ransomware können ggf. hoffen, ihre verschlüsselten Dateien wieder entschlüsseln zu können. Denn koreanischen Sicherheitsforschern ist es gelungen, einen Decryptor für die Versionen 1 bis 4 dieser Hive Ransomware zu entwickeln.
---------------------------------------------
https://www.borncity.com/blog/2022/06/29/decryptor-fr-hive-ransomware-v1-bis-v4-verfgbar/


∗∗∗ Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS) ∗∗∗
---------------------------------------------
Cross-Site Scripting (XSS) is a well-known vulnerability that has been around for a long time and can be used to steal sessions, create fake logins and carry out actions as someone else, etc. In addition, many users are unaware of the potential dangers associated with their browser’s credential autofill feature.
---------------------------------------------
https://www.gosecure.net/blog/2022/06/29/did-you-know-your-browsers-autofill-credentials-could-be-stolen-via-cross-site-scripting-xss/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ CVE-2022-30522 – Denial of Service (DoS) Vulnerability in Apache httpd “mod_sed” filter ∗∗∗
---------------------------------------------
This past March we posted an analysis of a vulnerability in the Apache HTTP Server mod_sed filter module, CVE-2022-23943, in which a Denial of Service (DoS) can be triggered due to a miscalculation of buffers’ sizes. While analyzing this Apache httpd vulnerability and its patch, we suspected that although the fix resolved the issue, it created a new unwanted behavior.
---------------------------------------------
https://jfrog.com/blog/cve-2022-30522-denial-of-service-dos-vulnerability-in-apache-httpd-mod_sed-filter/


∗∗∗ Groupware: Präparierte E-Mails könnten zur Codeausführung in Zimbra führen ∗∗∗
---------------------------------------------
Angreifer könnten in Zimbra Backdoors per E-Mail hochladen. Schuld daran ist eine Lücke im Entpacker unrar, die die Erstellung beliebiger Dateien erlaubt.
---------------------------------------------
https://heise.de/-7156812


∗∗∗ Datenverwaltung: Kritische Lücke in Dell EMC PowerScale OneFS abgedichtet ∗∗∗
---------------------------------------------
Dell EMC PowerScale OneFS zur skalierbaren Datenspeicherung und -verwaltung enthält teils kritische Sicherheitslücken. Updates sollen sie schließen.
---------------------------------------------
https://heise.de/-7156674


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (blender, libsndfile, and maven-shared-utils), Fedora (openssl), Red Hat (389-ds-base, kernel, kernel-rt, kpatch-patch, and python-virtualenv), Scientific Linux (389-ds-base, kernel, python, and python-virtualenv), and Slackware (curl, mozilla, and openssl).
---------------------------------------------
https://lwn.net/Articles/899364/


∗∗∗ FabricScape: Escaping Service Fabric and Taking Over the Cluster ∗∗∗
---------------------------------------------
Unit 42 researchers identified FabricScape (CVE-2022-30137), a vulnerability of important severity in Microsoft’s Service Fabric – commonly used with Azure – that allows Linux containers to escalate their privileges in order to gain root privileges on the node, and then compromise all of the nodes in the cluster. The vulnerability could be exploited on containers that are configured to have runtime access, which is granted by default to every container.
---------------------------------------------
https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/


∗∗∗ Security Bulletin: IBM Netezza as a Service is vulnerable to denial of service due to Golang net package (CVE-2021-33194, CVE-2021-44716, CVE-2021-31525) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-netezza-as-a-service-is-vulnerable-to-denial-of-service-due-to-golang-net-package-cve-2021-33194-cve-2021-44716-cve-2021-31525/


∗∗∗ Security Bulletin: OpenSSL for IBM i is vulnerable to command injection due to a flaw in c_rehash script (CVE-2022-1292) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-vulnerable-to-command-injection-due-to-a-flaw-in-c_rehash-script-cve-2022-1292/


∗∗∗ Security Bulletin: Zlib for IBM i is vulnerable to a denial of service attack due to memory corruption (CVE-2018-25032) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-zlib-for-ibm-i-is-vulnerable-to-a-denial-of-service-attack-due-to-memory-corruption-cve-2018-25032/


∗∗∗ Security Vulnerabilities fixed in Thunderbird 91.11 and Thunderbird 102 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/


∗∗∗ Security Vulnerabilities fixed in Firefox for iOS 102 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2022-27/


∗∗∗ Advantech iView ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03


∗∗∗ Motorola Solutions MOSCAD IP and ACE IP Gateways ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-179-04


∗∗∗ Motorola Solutions MDLC ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-179-05


∗∗∗ Motorola Solutions ACE1000 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-179-06


∗∗∗ Omron SYSMAC CS/CJ/CP Series and NJ/NX Series ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-179-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily