[CERT-daily] Tageszusammenfassung - 02.11.2022

Daily end-of-shift report team at cert.at
Wed Nov 2 19:05:56 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 31-10-2022 18:00 − Mittwoch 02-11-2022 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Sicherheitslücken: OpenSSL korrigiert Fehler im Zertifikatsparser ∗∗∗
---------------------------------------------
Zwei Buffer Overflows bei der Verarbeitung von Punycode können OpenSSL zum Absturz bringen - und möglicherweise Codeausführung ermöglichen.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecken-openssl-korrigiert-fehler-im-zertifikatsparser-2211-169402.html


∗∗∗ Lenovo kündigt gegen Schadcode-Attacken abgesicherte BIOS-Versionen an ∗∗∗
---------------------------------------------
Der Computer-Hersteller Lenovo will mehrere BIOS-Lücken in verschiedenen Laptop-Modellen schließen. Einige Updates sind aber erst für Anfang 2023 angekündigt.
---------------------------------------------
https://heise.de/-7327115


∗∗∗ Eine Million Downloads: Bösartige Android-Apps leiten auf Phishing-Seiten ∗∗∗
---------------------------------------------
Ein App-Entwickler fällt wiederholt auf, verseuchte Apps in Google Play anzubieten. Die derzeitig problematischen Apps kommen auf über eine Million Downloads.
---------------------------------------------
https://heise.de/-7327239


∗∗∗ Ausweiskopien mit Wasserzeichen versehen ∗∗∗
---------------------------------------------
Zahlreiche Betrugsmaschen zielen auf eine Kopie Ihres Ausweises ab. Damit können Kriminelle sich bei anderen Betrugsmaschen als Sie ausgeben, in Ihrem Namen Verträge abschließen oder andere Straftaten begehen. Versenden Sie Ausweiskopien daher nur, wenn es unbedingt notwendig ist. Gibt es keine andere Möglichkeit, sollten Sie die Ausweiskopie mit einem Wasserzeichen versehen. Wir zeigen Ihnen, wie Sie unkompliziert ein Wasserzeichen erstellen.
---------------------------------------------
https://www.watchlist-internet.at/news/ausweiskopien-mit-wasserzeichen-versehen-1/


∗∗∗ Raspberry Robin Wurm transportiert Malware ∗∗∗
---------------------------------------------
Laut den Sicherheitsforschern von Microsoft verbreitet die bisher vor allem auf USB-Laufwerken bekannte Malware Raspberry Robin jetzt auch die Ransomware Clop.
---------------------------------------------
https://www.zdnet.de/88404569/raspberry-robin-wurm-transportiert-malware/


∗∗∗ Windows PowerShell-Backdoor entdeckt; gibt sich als Teil des Windows Update-Prozesses aus ∗∗∗
---------------------------------------------
Sicherheitsforscher von SafeBreach sind kürzlich auf eine bisher unbekannte PowerShell-Backdoor in Windows gestoßen. Diese verwendet ein bösasartiges Word-Dokument, um die PowerShell-Scripte einzuschleusen. Die Backdoor kann Active Directory-Benutzer und Remote-Desktops auflisten und soll vermutlich zu einem späteren Zeitpunkt zur Ausbreitung in [...]
---------------------------------------------
https://www.borncity.com/blog/2022/11/01/windows-powershell-backdoor-als-teil-des-windows-update-prozesses-entdeckt/


∗∗∗ Gregor Samsa: Exploiting Javas XML Signature Verification ∗∗∗
---------------------------------------------
Earlier this year, I discovered a surprising attack surface hidden deep inside Java’s standard library: A custom JIT compiler processing untrusted XSLT programs, exposed to remote attackers during XML signature verification. This post discusses CVE-2022-34169, an integer truncation bug in this JIT compiler resulting in arbitrary code execution in many Java-based web applications and identity providers that support the SAML single-sign-on standard.
---------------------------------------------
https://googleprojectzero.blogspot.com/2022/11/gregor-samsa-exploiting-java-xml.html


∗∗∗ Server-side attacks, C&C in public clouds and other MDR cases we observed ∗∗∗
---------------------------------------------
This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. We hope that it helps you to stay up to date on the modern threat landscape and to be better prepared for attacks.
---------------------------------------------
https://securelist.com/server-side-attacks-cc-in-public-clouds-mdr-cases/107826/


∗∗∗ SHA-3 code execution bug patched in PHP – check your version! ∗∗∗
---------------------------------------------
As everyone waits for news of a bug in OpenSSL, heres a reminder that other cryptographic code in your life may also need patching!
---------------------------------------------
https://nakedsecurity.sophos.com/2022/11/01/sha-3-code-execution-bug-patched-in-php-check-your-version/


∗∗∗ Ransomware: Not enough victims are reporting attacks, and thats a problem for everyone ∗∗∗
---------------------------------------------
The true impact of ransomware is unclear because some victims arent disclosing that theyve been attacked.
---------------------------------------------
https://www.zdnet.com/article/ransomware-not-enough-victims-are-reporting-attacks-and-that-increases-the-threat-for-everyone/


∗∗∗ A technical analysis of Pegasus for Android – Part 3 ∗∗∗
---------------------------------------------
Pegasus is a spyware developed by the NSO group that was repeatedly analyzed by Amnesty International and CitizenLab. In this article, we dissect the Android version that was initially analyzed by Lookout in this paper, and we recommend reading it along with this post. During our research about Pegasus for Android, we’ve found out that vendors wrongly attributed [...]
---------------------------------------------
https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB ∗∗∗
---------------------------------------------
Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview) reported by Orca Security. Customers not using Jupyter Notebooks (99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks) were not susceptible to this vulnerability. The bug was introduced on August 12th and fully patched worldwide [...]
---------------------------------------------
https://msrc-blog.microsoft.com/2022/11/01/microsoft-mitigates-vulnerability-in-jupyter-notebooks-for-azure-cosmos-db/


∗∗∗ Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software ∗∗∗
---------------------------------------------
Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers.
---------------------------------------------
https://thehackernews.com/2022/11/multiple-vulnerabilities-reported-in.html


∗∗∗ Xcode 14.1 ∗∗∗
---------------------------------------------
This document describes the security content of Xcode 14.1.
---------------------------------------------
https://support.apple.com/kb/HT213496


∗∗∗ Cisco Security Advisories 2022-11-02 ∗∗∗
---------------------------------------------
Security Impact Rating: 4x High, 7x Medium
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2022%2F11%2F02&firstPublishedEndDate=2022%2F11%2F02


∗∗∗ Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022 ∗∗∗
---------------------------------------------
On November 1, 2022, the OpenSSL Project announced the following vulnerabilities: CVE-2022-3602 - X.509 Email Address 4-byte Buffer Overflow CVE-2022-3786 - X.509 Email Address Variable Length Buffer Overflow  For a description of these vulnerabilities, see OpenSSL Security Advisory [Nov 1 2022]. This advisory will be updated as additional information becomes available.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
AIX, IBM CICS TX Advanced, IBM CICS TX Standard, IBM Cloud Object Storage Systems, IBM Cloud Pak for Integration, IBM Cloud Pak for Security, IBM DataPower Gateway, IBM Elastic Storage System, IBM Event Streams, IBM FlashSystem, IBM FlashSystem models FS900 and V9000, IBM InfoSphere Information Server, IBM MQ, IBM QRadar SIEM, IBM SAN Volume Controller, IBM Security Guardium, IBM Security Verify Access, IBM Spectrum Virtualize, IBM Storwize, IBM Voice Gateway, IBM WebSphere Application Server, IBM WebSphere Application Server used by IBM Master Data Management, Platform Navigator and Automation Assets in IBM Cloud Pak for Integration, Power System, Zlib for IBM i
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ An Update on the OpenSSL vulnerability CVE-2022-3602 ∗∗∗
---------------------------------------------
November 1, 2022: IBM is responding to the reported buffer overflow vulnerability that the OpenSSL open-source community disclosed for OpenSSL versions 3.0.0 – 3.0.6. We are taking action as an enterprise, and for IBM products and services that may potentially be impacted, as we do for all vulnerabilities rated High.
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-preparing-to-respond-to-the-upcoming-openssl-vulnerability/


∗∗∗ FortiGuard PSIRT Advisories 2022-11-01 ∗∗∗
---------------------------------------------
AV Engine, FortiADC, FortiClient (MAC), FortiDeceptor, FortiEDR CollectorWindows, FortiMail, FortiManager/FortiAnalyzer, FortiOS, FortiSIEM, FortiSOAR, FortiTester
---------------------------------------------
https://fortiguard.fortinet.com/psirt


∗∗∗ Xen Security Advisories 2022-11-01 ∗∗∗
---------------------------------------------
Xen released 10 Security Advisories.
---------------------------------------------
https://xenbits.xen.org/xsa/


∗∗∗ Bitdefender: Löschen von Registry-Keys durch Sicherheitslücke möglich ∗∗∗
---------------------------------------------
Eine Sicherheitslücke in den Virenscannern von Bitdefender ermöglicht Angreifern, Registry-Schlüssel zu löschen. Bitdefender verteilt Aktualisierungen dagegen.
---------------------------------------------
https://heise.de/-7327061


∗∗∗ Kritische Sicherheitslücke in IT-Managementsoftware von Hitachi geschlossen ∗∗∗
---------------------------------------------
Admins sollten die aktuellen Versionen von Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer und Hitachi Ops Center Viewpoint installieren.
---------------------------------------------
https://heise.de/-7327825


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (batik, chromium, expat, libxml2, ncurses, openvswitch, pysha3, python-django, thunderbird, and tomcat9), Fedora (cacti, cacti-spine, curl, mbedtls, mingw-expat, and xen), Gentoo (apptainer, bind, chromium, exif, freerdp, gdal, gitea, hiredis, jackson-databind, jhead, libgcrypt, libksba, libtirpc, lighttpd, net-snmp, nicotine+, open-vm-tools, openexr, rpm, schroot, shadow, sofia-sip, tiff, and xorg-server), Mageia (libreoffice), Oracle (expat), Red [...]
---------------------------------------------
https://lwn.net/Articles/913261/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python3.7), Gentoo (android-tools, expat, firefox, libjxl, libxml2, pjproject, sqlite, thunderbird, and zlib), Oracle (compat-expat1), Slackware (php8 and vim), SUSE (kernel, libtasn1, podman, and pyenv), and Ubuntu (libtasn1-6).
---------------------------------------------
https://lwn.net/Articles/913352/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ffmpeg and linux-5.10), Fedora (libksba, openssl, and php), Gentoo (openssl), Mageia (curl, gdk-pixbuf2.0, libksba, nbd, php, and virglrenderer), Red Hat (kernel, kernel-rt, libksba, and openssl), SUSE (gnome-desktop, hdf5, hsqldb, kernel, nodejs10, openssl-3, php7, podofo, python-Flask-Security, python-lxml, and xorg-x11-server), and Ubuntu (backport-iwlwifi-dkms, firefox, ntfs-3g, and openssl).
---------------------------------------------
https://lwn.net/Articles/913504/


∗∗∗ Nov 3 2022 Security Releases ∗∗∗
---------------------------------------------
The Node.js project will release new versions of the 14.x, 16.x, 18.x, 19.xreleases lines on or shortly after Thursday, November 3, 2022 in order to address: One medium severity issues. Two high severity issues that affect OpenSSL as per secadv/20221101.txt These security releases are driven by the OpenSSL security release as announced in OpenSSL November Security Release as well as an additional vulnerability that affects all supported release lines.
---------------------------------------------
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases


∗∗∗ Chromium: CVE-2022-3723 Type Confusion in V8 ∗∗∗
---------------------------------------------
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild.
---------------------------------------------
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3723


∗∗∗ Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN46345126/


∗∗∗ Security Advisory - Path Traversal Vulnerability in a Huawei Childrens Watch ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20221102-01-d002dd8e-en


∗∗∗ K44454157: Expat vulnerability CVE-2022-40674 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K44454157


∗∗∗ Citrix Hypervisor Security Bulletin for CVE-2022-42316, CVE-2022-42317 & CVE-2022-42318 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX472851/citrix-hypervisor-security-bulletin-for-cve202242316-cve202242317-cve202242318


∗∗∗ [R1] Nessus Agent Version 10.2.1 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2022-22

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list