[CERT-daily] Tageszusammenfassung - 09.11.2022

Daily end-of-shift report team at cert.at
Wed Nov 9 19:15:56 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 08-11-2022 18:00 − Mittwoch 09-11-2022 18:00
Handler:     Stephan Richter
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Intel, AMD Address Many Vulnerabilities With Patch Tuesday Advisories ∗∗∗
---------------------------------------------
Intel and AMD have announced fixes for many vulnerabilities on this Patch Tuesday, including for flaws that have been assigned a ‘high severity’ rating.
---------------------------------------------
https://www.securityweek.com/intel-amd-address-many-vulnerabilities-patch-tuesday-advisories


∗∗∗ Microsoft: Windows 10 21H1 reaches end of service next month ∗∗∗
---------------------------------------------
Microsoft has reminded customers today that all editions of Windows 10 21H1 (also known as the May 2021 Update) are reaching the end of service (EOS) next month.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-21h1-reaches-end-of-service-next-month/


∗∗∗ Lenovo fixes flaws that can be used to disable UEFI Secure Boot ∗∗∗
---------------------------------------------
Lenovo has fixed two high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models that could allow an attacker to deactivate UEFI Secure Boot.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lenovo-fixes-flaws-that-can-be-used-to-disable-uefi-secure-boot/


∗∗∗ Phishing-Resistant MFA Does Not Mean Un-Phishable ∗∗∗
---------------------------------------------
Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it were as comprehensively accurate as the original, more-limited fact it was based on. Anything can be hacked. Do not confuse “phishing-resistant” with being impossible to phish or socially engineer.
---------------------------------------------
https://www.linkedin.com/pulse/phishing-resistant-mfa-does-mean-un-phishable-roger-grimes/


∗∗∗ SMS „Hallo Mama, mein Handy ist kaputt“ ist betrügerisch! ∗∗∗
---------------------------------------------
Eine großangelegte SMS-Betrugsmasche sorgt aktuell für Verunsicherung bei Empfänger:innen. Der Inhalt der „Hallo Mama“ oder „Hallo Papa“ SMS soll vermitteln, dass das eigene Kind eine neue Nummer hätte. Das Kind bittet deshalb um Kontaktaufnahme über WhatsApp. Wer hier antwortet, wird schon bald vom vermeintlichen Kind zu Zahlungen aufgefordert. Ignorieren Sie die Nachrichten und führen Sie auf keinen Fall Überweisungen durch.
---------------------------------------------
https://www.watchlist-internet.at/news/sms-hallo-mama-mein-handy-ist-kaputt-ist-betruegerisch/


∗∗∗ Massive ois[.]is Black Hat Redirect Malware Campaign ∗∗∗
---------------------------------------------
Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines. PublicWWW results show nearly 15,000 websites have been affected by this malware so far.
---------------------------------------------
https://blog.sucuri.net/2022/11/massive-ois-is-black-hat-redirect-malware-campaign.html


∗∗∗ Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns ∗∗∗
---------------------------------------------
The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other attacks.
---------------------------------------------
https://blog.talosintelligence.com/ipfs-abuse/


∗∗∗ Check Point CloudGuard Spectral exposes new obfuscation techniques for malicious packages on PyPI ∗∗∗
---------------------------------------------
Check Point Research (CPR) detects a new and unique malicious package on PyPI, the leading package index used by developers for the Python programming language The new malicious package was designed to hide code in images and infect through open-source projects on Github CPR responsibly disclosed this information to PyPI, who removed the packages.
---------------------------------------------
https://research.checkpoint.com/2022/check-point-cloudguard-spectral-exposes-new-obfuscation-techniques-for-malicious-packages-on-pypi/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks ∗∗∗
---------------------------------------------
Microsoft has released security updates to address two high-severity Microsoft Exchange zero-day vulnerabilities collectively known as ProxyNotShell and exploited in the wild.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-proxynotshell-exchange-zero-days-exploited-in-attacks/


∗∗∗ Kritische Sicherheitslücken in VMware Workspace ONE - Updates verfügbar ∗∗∗
---------------------------------------------
VMware hat Updates für drei kritische Authentication Bypass Sicherheitslücken im Remote-Access-Tool VMware Workspace ONE veröffentlicht. Entfernte, anonyme Angreifer:innen können die Authentifizierung in erreichbaren VMware Workspace ONE Instanzen umgehen und Administratorrechte auf den betroffenen Systemen erlangen.
---------------------------------------------
https://cert.at/de/warnungen/2022/11/kritische-sicherheitslucken-in-vmware-workspace-one-updates-verfugbar


∗∗∗ Citrix Gateway und ADC: Kritische Lücke ermöglicht unbefugten Zugriff ∗∗∗
---------------------------------------------
Citrix schließt Sicherheitslücken, durch die Angreifer etwa unberechtigt auf die Gerätefunktionen zugreifen können. Administratoren sollten zügig aktualisieren.
---------------------------------------------
https://heise.de/-7334851


∗∗∗ Multiple vulnerabilities in WordPress ∗∗∗
---------------------------------------------
WordPress contains multiple vulnerabilities listed below which are to the WordPress Post by Email Feature. 
---------------------------------------------
https://jvn.jp/en/jp/JVN09409909/


∗∗∗ IBM Security Bulletins 2022-11-08 ∗∗∗
---------------------------------------------
IBM App Connect Enterprise, IBM Cloud Application Business Insights, IBM Security Guardium, IBM Security Verify Access
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Lenovo Product Security Advisories 2022-11-08 ∗∗∗
---------------------------------------------
AMD Graphics Driver, AMD IBPB Return Branch Predictions, Brocade EZSwitch, Elan UltraNav and MiniPort Driver, Intel AMT SDK, Intel EMA, Intel MC, Intel Chipset Firmware, Intel PROSet Wireless WiFi, Intel vPro CSME WiFi, Killer WiFi, Intel SGX SDK, Lenovo Diagnostics, Lenovo Notebook BIOS, Lenovo Vantage Component, Multi-Vendor BIOS
---------------------------------------------
https://support.lenovo.com/at/en/product_security/home


∗∗∗ Cisco Security Advisories 2022-11-09 ∗∗∗
---------------------------------------------
Cisco Adaptive Security Appliance Software, Cisco FXOS Software, Cisco FirePOWER Software for ASA FirePOWER Module, Cisco Firepower Management Center Software, Cisco Firepower Threat Defense Software, Cisco NGIPS Software, Cisco Secure Firewall 3100 Series, Multiple Cisco Products Snort SMB2 Detection Engine
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2022%2F11%2F09&firstPublishedEndDate=2022%2F11%2F09


∗∗∗ Webbrowser: Zehn Sicherheitslücken weniger in Google Chrome ∗∗∗
---------------------------------------------
In dem jetzt verfügbaren Update für den Webbrowser Chrome schließt Google 10 Sicherheitslücken. Mit manipulierten Webseiten könnten Angreifer Code ausführen.
---------------------------------------------
https://heise.de/-7334255


∗∗∗ Foxit PDF Reader: Schadcode-Attacken über präparierte PDFs möglich ∗∗∗
---------------------------------------------
Die Foxit-Entwickler haben in ihren PDF-Anwendungen unter macOS und Windows Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-7334993


∗∗∗ Patchday: SAP stopft neun zum Teil kritische Schwachstellen ∗∗∗
---------------------------------------------
Am November-Patchday dichtet SAP teils kritische Sicherheitslücken in mehreren Produkten ab. Administratoren sollten sie zügig auf den aktuellen Stand bringen.
---------------------------------------------
https://heise.de/-7334573


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (vim, webkit2gtk, and wpewebkit), Fedora (mingw-python3, vim, webkit2gtk3, webkitgtk, and xen), Mageia (389-ds-base, bluez, ffmpeg, libtasn1, libtiff, libxml2, and mbedtls), Red Hat (kpatch-patch and linux-firmware), SUSE (conmon, containerized data importer, exim, expat, ganglia-web, gstreamer-0_10-plugins-base, gstreamer-0_10-plugins-good, gstreamer-plugins-base, gstreamer-plugins-good, kernel, kubevirt, protobuf, sendmail, and vsftpd), and Ubuntu (libzstd, openjdk-8, openjdk-lts, openjdk-17, openjdk-19, php7.2, php7.4, php8.1, and pixman).
---------------------------------------------
https://lwn.net/Articles/914221/


∗∗∗ Zahlreiche kritische Schwachstellen in Simmeth System GmbH Lieferantenmanager ∗∗∗
---------------------------------------------
Die Software Lieferantenmanager der Simmeth System GmbH ist von mehreren kritischen Schwachstellen betroffen. Durch diese lassen sich beliebige Befehle ohne Authentifizierung auf dem SQL Server ausführen. Des Weiteren können beliebige Dateien auf dem Webserver gelesen und Nutzersessions gestohlen werden. Außerdem wurde das E-Mail Passwort der Firma Simmeth mithilfe eines unauthentifizierten Requests ausgelesen.
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/


∗∗∗ [R1] Nessus Network Monitor Version 6.1.1 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers.
---------------------------------------------
https://www.tenable.com/security/tns-2022-25


∗∗∗ Xen Security Advisory CVE-2022-23824 / XSA-422 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-422.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list