[CERT-daily] Tageszusammenfassung - 23.11.2022

Wed Nov 23 18:10:04 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 22-11-2022 18:00 − Mittwoch 23-11-2022 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Backdoored Chrome extension installed by 200,000 Roblox players ∗∗∗
---------------------------------------------
Chrome browser extension SearchBlox installed by more than 200,000 users has been discovered to contain a backdoor that can steal your Roblox credentials as well as your assets on Rolimons, a Roblox trading platform.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/backdoored-chrome-extension-installed-by-200-000-roblox-players/


∗∗∗ Ducktail Malware Operation Evolves with New Malicious Capabilities ∗∗∗
---------------------------------------------
The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign."The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victims Facebook account," ...
---------------------------------------------
https://thehackernews.com/2022/11/ducktail-malware-operation-evolves-with.html


∗∗∗ Mind the Gap ∗∗∗
---------------------------------------------
Note: The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable.
---------------------------------------------
https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html


∗∗∗ Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice ∗∗∗
---------------------------------------------
In September 2022, Proofpoint researchers identified initial delivery of a penetration testing framework called Nighthawk. Launched in late 2021 by MDSec, Nighthawk is similar to other frameworks such as Brute Ratel and Cobalt Strike and, like those, could see rapid adoption by threat actors wanting to diversify their methods and add a relatively unknown framework to their arsenal.
---------------------------------------------
https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice


∗∗∗ Kritische Infrastruktur: EU-Richtlinie nimmt Betreiber in die Pflicht ∗∗∗
---------------------------------------------
Das EU-Parlament hat eine Richtlinie zur Resilienz kritischer Einrichtungen beschlossen. Sie gilt für elf Branchen. Manche Betreiber sind besonders wichtig.
---------------------------------------------
https://heise.de/-7349574


∗∗∗ Google will Missbrauch des Pentesting-Tools Cobalt Strike eindämmen ∗∗∗
---------------------------------------------
Damit Admins Netzwerk-Attacken durch Cobalt-Strike-Missbrauch besser erkennen können, hat Google unter anderem Erkennungsregeln auf Yara-Basis veröffentlicht.
---------------------------------------------
https://heise.de/-7349813


∗∗∗ Standard für maschinenlesbare Sicherheitshinweise verabschiedet ∗∗∗
---------------------------------------------
Das Common Security Advisory Framework soll Administratoren die Arbeit erleichtern und aktuelle Sicherheitsinformationen leichter auffindbar machen.
---------------------------------------------
https://heise.de/-7350491


∗∗∗ Angriffe auf Boa Web Server gefährden IoT ∗∗∗
---------------------------------------------
Anfällige SDK-Komponenten führen zu Lieferkettenrisiken in IoT- und OT-Umgebungen, insbesondere durch den veralteten Boa Web Server, warnt Microsoft Security Threat Intelligence (MSTI).
---------------------------------------------
https://www.zdnet.de/88405186/angriffe-auf-boa-web-server-gefaehrden-iot/


∗∗∗ Web Application Firewalls umgehen ∗∗∗
---------------------------------------------
Web Application Firewalls (WAFs) sind beliebte Infrastrukturkomponenten, die verwendet werden, um Angriffe auf Webanwendungen zu erschweren. Was bieten WAFs wirklich? Können sie auch nur theoretisch perfekt sein, um jede Art von Webangriff zu verhindern? Lassen Sie uns WAFs entmystifizieren!
---------------------------------------------
https://certitude.consulting/blog/de/web-application-firewalls-umgehen/


∗∗∗ CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack ∗∗∗
---------------------------------------------
In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. [..] The researcher has graciously provided this detailed write-up of the vulnerability and a proof-of-concept exploit demonstrating the bug.
---------------------------------------------
https://www.thezdi.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack


∗∗∗ CVE-2022-40300: SQL Injection in ManageEngine Privileged Access Management ∗∗∗
---------------------------------------------
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched SQL injection vulnerability in Zoho ManageEngine products.
---------------------------------------------
https://www.thezdi.com/blog/2022/11/22/cve-2022-40300-sql-injection-in-manageengine-privileged-access-management


=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins 2022-11-22 ∗∗∗
---------------------------------------------
IBM Operations Analytics, IBM QRadar, IBM SDK, IBM Sterling Connect, Rational Service Tester, Rational Performance Tester, IBM HTTP Server, IBM Security Verify Governance, IBM InfoSphere DataStage, IBM Cloud Pak for Security
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Sicherheitslücke in HPE-Switches OfficeConnect gefährdet Netzwerke ∗∗∗
---------------------------------------------
Angreifer könnten Switches von Hewlett Packard Enterprise attackieren. Sicherheitsupdates stehen zum Download bereit.
---------------------------------------------
https://heise.de/-7350116


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (heimdal, libarchive, and nginx), Fedora (varnish-modules and xterm), Red Hat (firefox), Scientific Linux (firefox, hsqldb, and thunderbird), SUSE (Botan, colord, containerized-data-importer, ffmpeg-4, java-1_8_0-ibm, krb5, nginx, redis, strongswan, tomcat, and xtrabackup), and Ubuntu (apr-util, freerdp2, and sysstat).
---------------------------------------------
https://lwn.net/Articles/915802/


∗∗∗ CISA Releases Eight Industrial Control Systems Advisories ∗∗∗
---------------------------------------------
Original release date: November 22, 2022CISA has released eight (8) Industrial Control Systems (ICS) advisories on 22 November 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
- ICSA-22-326-01 AVEVA Edge
- ICSA-22-326-02 Digital Alert Systems DASDEC
- ICSA-22-326-03 Phoenix Contact Automation Worx
- ICSA-22-326-04 GE Cimplicity
- ICSA-22-326-05 Moxa Multiple ARM-Based Computers
- ICSMA-21-152-01 Hillrom Medical Device Management (Update C)
- ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update I)
- ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update G)
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/11/22/cisa-releases-eight-industrial-control-systems-advisories


∗∗∗ WordPress BeTheme 26.5.1.4 PHP Object Injection ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2022110040


∗∗∗ Security Advisory - Improper Input Validation Vulnerability in a Huawei Childrens Watch ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-iivviahcw-5fb2d55c-en


∗∗∗ Security Advisory - Insufficient Authentication Vulnerability in some Huawei Band Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20221130-01-c7f72ffb-en


∗∗∗ Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-247053-bt.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily