[CERT-daily] Tageszusammenfassung - 11.11.2022

Daily end-of-shift report team at cert.at
Fri Nov 11 18:32:53 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 10-11-2022 18:00 − Freitag 11-11-2022 18:00
Handler:     Stephan Richter
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ US Health Dept warns of Venus ransomware targeting healthcare orgs ∗∗∗
---------------------------------------------
The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the countrys healthcare organizations.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-venus-ransomware-targeting-healthcare-orgs/


∗∗∗ Microsoft fixes Windows zero-day bug exploited to push malware ∗∗∗
---------------------------------------------
Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-zero-day-bug-exploited-to-push-malware/


∗∗∗ NIS2-Richtlinie: Domaininhaber müssen künftig Adressdaten hinterlegen ∗∗∗
---------------------------------------------
Die neue EU-Richtlinie zur IT-Sicherheit (NIS2) untersagt die anonyme Registrierung von Domains.
---------------------------------------------
https://www.golem.de/news/nis2-richtlinie-domaininhaber-muessen-kuenftig-adressdaten-hinterlegen-2211-169666.html


∗∗∗ Sicherheitslücke: Sperrbildschirm von Pixel-Smartphones ließ sich umgehen ∗∗∗
---------------------------------------------
Einem Forscher ist es gelungen, ein Pixel-Smartphone von Google ohne PIN zu entsperren. Doch Fix und Bug Bounty ließen lange auf sich warten.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-sperrbildschirm-von-pixel-smartphones-liess-sich-umgehen-2211-169685.html


∗∗∗ Cisco dichtet Sicherheitslecks in ASA und Firepower ab ∗∗∗
---------------------------------------------
Cisco dichtet teils hochriskante Sicherheitslücken in der Software der Adaptive Security Appliance und Firepower Threat Defense. Admins sollten aktiv werden.
---------------------------------------------
https://heise.de/-7336757


∗∗∗ Digitalbarometer 2022: Weiter leichtes Spiel für Cyber-Kriminelle ∗∗∗
---------------------------------------------
BSI und Polizeiliche Kriminalprävention der Länder und des Bundes (ProPK) veröffentlichen die vierte gemeinsame Bürgerbefragung: Viele Bürgerinnen und Bürger vernachlässigen grundlegende Maßnahmen, um sich vor Angriffen im Netz zu schützen.
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/221111_Digitalbarometer.html


∗∗∗ CISA Releases Decision Tree Model to Help Companies Prioritize Vulnerability Patching ∗∗∗
---------------------------------------------
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday announced the release of a Stakeholder-Specific Vulnerability Categorization (SSVC) guide that can help organizations prioritize vulnerability patching using a decision tree model.
---------------------------------------------
https://www.securityweek.com/cisa-releases-decision-tree-model-help-companies-prioritize-vulnerability-patching


∗∗∗ Phishing-resistente Multifaktor Authentifizierung ∗∗∗
---------------------------------------------
Multifaktor Authentifizierung (MFA) kann durch Phishing ausgehebelt werden. Es kommt darauf an, MFA widerstandsfähiger zu machen, betont Lance Spitzner, SANS Security Awareness Director, in einem Gastbeitrag.
---------------------------------------------
https://www.zdnet.de/88404820/phishing-resistente-multifaktor-authentifizierung/


∗∗∗ HackHound IRC Bot Being Distributed via Webhards ∗∗∗
---------------------------------------------
Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. The ASEC analysis team has been monitoring malware types distributed through webhards and uploaded multiple blog posts about them in the past.
---------------------------------------------
https://asec.ahnlab.com/en/41806/


∗∗∗ CVE-2019-8561: A Hard-to-Banish PackageKit Framework Vulnerability in macOS ∗∗∗
---------------------------------------------
This blog entry details our investigation of CVE-2019-8561, a vulnerability that exists in the macOS PackageKit framework, a component used to install software installer packages (PKG files).
---------------------------------------------
https://www.trendmicro.com/en_us/research/22/k/cve-2019-8561-a-hard-to-banish-packagekit-framework-vulnerabilit.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium and exiv2), Fedora (curl, device-mapper-multipath, dotnet6.0, mediawiki, mingw-gcc, and php-pear-CAS), Gentoo (lesspipe), Slackware (php), SUSE (git, glibc, kernel, libarchive, python, python-rsa, python3-lxml, rpm, sudo, xen, and xwayland), and Ubuntu (wavpack).
---------------------------------------------
https://lwn.net/Articles/914571/


∗∗∗ Preisgabe von sensiblen Informationen in Zoom (SYSS-2022-048) ∗∗∗
---------------------------------------------
Bei einer Videokonferenz über Zoom werden Chatnachrichten im Installationsverzeichnis gespeichert. Ein Angreifer kann diese Nachrichten entschlüsseln.
---------------------------------------------
https://www.syss.de/pentest-blog/preisgabe-von-sensiblen-informationen-in-zoom-syss-2022-048


∗∗∗ Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602) ∗∗∗
---------------------------------------------
CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate.
---------------------------------------------
https://www.rapid7.com/blog/post/2022/11/11/rapid7s-impact-from-openssl-buffer-overflow-vulnerabilities-cve-2022-3786-cve-2022-3602/


∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-semeru-runtime-5/


∗∗∗ Security Bulletin: IBM InfoSphere DataStage is vulnerable to a command injection vulnerability [CVE-2022-40752] ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-datastage-is-vulnerable-to-a-command-injection-vulnerability-cve-2022-40752-2/


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility – CVE-2021-2163 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-used-by-the-ibm-installation-manager-and-ibm-packaging-utility-cve-2021-2163/


∗∗∗ Omron NJ/NX-series Machine Automation Controllers ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-314-07


∗∗∗ Omron NJNX-series ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-314-08

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list