[CERT-daily] Tageszusammenfassung - 18.11.2022

Daily end-of-shift report team at cert.at
Fri Nov 18 18:28:07 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 17-11-2022 18:00 − Freitag 18-11-2022 18:00
Handler:     Robert Waldner
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Zeppelin: Heimlich die Schlüssel einer Ransomware geknackt ∗∗∗
---------------------------------------------
Eine Sicherheitsfirma ist es gelungen die Ransomware Zeppelin zu knacken. Sie half heimlich mehreren Organisationen, wieder an ihre Daten zu gelangen.
---------------------------------------------
https://www.golem.de/news/zeppelin-heimlich-die-schluessel-einer-ransomware-geknackt-2211-169870.html


∗∗∗ Security baseline for Microsoft Edge v107 ∗∗∗
---------------------------------------------
We have reviewed the settings in Microsoft Edge version 107 and updated our guidance with the addition of one new setting. We’re also highlighting three settings we would like you to consider based on your organizational needs. 
---------------------------------------------
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v107/ba-p/3678903


∗∗∗ Successful Hack of Time-Triggered Ethernet ∗∗∗
---------------------------------------------
Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it.
---------------------------------------------
https://www.schneier.com/blog/archives/2022/11/successful-hack-of-time-triggered-ethernet.html


∗∗∗ Microsoft Warns of Cybercrime Group Delivering Royal Ransomware, Other Malware ∗∗∗
---------------------------------------------
A threat actor tracked as DEV-0569 and known for the distribution of various malicious payloads was recently observed updating its delivery methods, Microsoft warns.
---------------------------------------------
https://www.securityweek.com/microsoft-warns-cybercrime-group-delivering-royal-ransomware-other-malware


∗∗∗ CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain ∗∗∗
---------------------------------------------
Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series - Recommended Practices Guide for Customers.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/11/17/cisa-nsa-and-odni-release-guidance-customers-securing-software


*** #StopRansomware: Hive Ransomware ***
---------------------------------------------
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022.
---------------------------------------------
https://www.cisa.gov/uscert/ncas/alerts/aa22-321a



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (asterisk, firefox-esr, php-phpseclib, phpseclib, python-django, and thunderbird), Fedora (grub2, samba, and thunderbird), Mageia (firefox, sudo, systemd, and thunderbird), Slackware (freerdp), SUSE (firefox, go1.18, go1.19, kernel, openvswitch, python-Twisted, systemd, and xen), and Ubuntu (expat, git, multipath-tools, unbound, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/915378/


∗∗∗ WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN13927745/


∗∗∗ Security Bulletin: IBM Operations Analytics – Log Analysis vulnerable to multiple vulnerabilities in Apache Tika (CVE-2022-30126, CVE-2022-33879, CVE-2022-30973) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-log-analysis-vulnerable-to-multiple-vulnerabilities-in-apache-tika-cve-2022-30126-cve-2022-33879-cve-2022-30973/


∗∗∗ Security Bulletin: Vulnerabilities with Kernel affect IBM Cloud Object Storage Systems (August 2022v2) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-affect-ibm-cloud-object-storage-systems-august-2022v2/


∗∗∗ Security Bulletin: Rational Asset Analyzer is vulnerable to HTTP header injection (CVE-2022-34165) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-vulnerable-to-http-header-injection-cve-2022-34165/


∗∗∗ Security Bulletin: Vulnerabilities from log4j affect IBM Operations Analytics – Log Analysis (CVE-2019-17571, CVE-2020-9488) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-from-log4j-affect-ibm-operations-analytics-log-analysis-cve-2019-17571-cve-2020-9488-2/


∗∗∗ Security Bulletin: This Power System update is being released to address CVE 2022-22488 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2022-22488/


∗∗∗ Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics – Log Analysis (CVE-2021-44832, CVE-2021-45105) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-from-log4j-core-2-16-0-jar-affect-ibm-operations-analytics-log-analysis-cve-2021-44832-cve-2021-45105-3/


∗∗∗ Security Bulletin: Rational Asset Analyzer is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-vulnerable-to-denial-of-service-due-to-graphql-java-cve-2022-37734/


∗∗∗ Security Bulletin: Potential vulnerability in Eclipse Jetty affects IBM Operations Analytics – Log Analysis (CVE-2022-2047) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-in-eclipse-jetty-affects-ibm-operations-analytics-log-analysis-cve-2022-2047/


∗∗∗ Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-the-community-edition-of-ibm-ilog-cplex-optimization-studio-is-affected-by-multiple-vulnerabilities-in-libcurl-cve-2022-42915-cve-2022-42916-cve-2022-32221/


∗∗∗ Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-transform-services-for-ibm-i-is-vulnerable-to-denial-of-service-buffer-overflow-and-allowing-attacker-to-obtain-sensitive-information-due-to-multiple-vulnerabilities/


∗∗∗ Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2022-23305) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-predictive-insights-impacted-by-apache-log4j-vulnerabilities-cve-2022-23305/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list