[CERT-daily] Tageszusammenfassung - 30.11.2022

Daily end-of-shift report team at cert.at
Wed Nov 30 18:15:20 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 29-11-2022 18:00 − Mittwoch 30-11-2022 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ How Stuff Gets eXposed ∗∗∗
---------------------------------------------
Intel's Software Guard Extension (SGX) promises an isolated execution environment, protected from all software running on the machine. In the past few years, however, SGX has come under heavy fire, threatened by numerous side channel attacks. 
---------------------------------------------
https://sgx.fail/


∗∗∗ Looting Microsoft Configuration Manager ∗∗∗
---------------------------------------------
Microsoft Endpoint Configuration Manager (CM), also known as System Center Configuration Manager (SCCM), is widely deployed by companies to manage their Windows environments. It enables simple enrollment of servers and workstations, distributing software and generic management of the Windows systems in the environment.
---------------------------------------------
https://labs.withsecure.com/publications/looting-microsoft-configuration-manager


∗∗∗ Was tun, wenn Sie in einem Fake-Shop bestellt haben? ∗∗∗
---------------------------------------------
Sie haben im Internet eingekauft. Das bestellte Produkt kommt aber nicht an, E-Mails an den vermeintlichen Shop bleiben unbeantwortet. Kommt Ihnen das bekannt vor, haben Sie wahrscheinlich in einem Fake-Shop eingekauft. Wir zeigen Ihnen, was Sie tun können, wenn Sie in die Shopping-Falle getappt sind.
---------------------------------------------
https://www.watchlist-internet.at/news/was-tun-wenn-sie-in-einem-fake-shop-bestellt-haben/


∗∗∗ Industry 4.0: CNC Machine Security Risks Part 1 ∗∗∗
---------------------------------------------
This three-part blog series explores the risks associated with CNC machines.
---------------------------------------------
https://www.trendmicro.com/en_us/research/22/k/cnc-machine-security-risks-part-1.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ NVIDIA releases GPU driver update to fix 29 security flaws ∗∗∗
---------------------------------------------
NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/nvidia-releases-gpu-driver-update-to-fix-29-security-flaws/


∗∗∗ CISA Releases Seven Industrial Control Systems Advisories ∗∗∗
---------------------------------------------
* ICSA-22-333-01 Mitsubishi Electric GOT2000
* ICSA-22-333-02 Hitachi Energys IED Connectivity Packages and PCM600 Products
* ICSA-22-333-03 Hitachi Energys MicroSCADA ProX SYS600 Products
* ICSA-22-333-04 Moxa UC Series
* ICSA-22-333-05 Mitsubishi Electric FA Engineering Software
* ICSA-21-334-02 Mitsubishi MELSEC and MELIPC Series (Update E)
* ICSA-19-346-02 Omron PLC CJ
---------------------------------------------
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/29/cisa-releases-seven-industrial-control-systems-advisories


∗∗∗ Kritische Sicherheitslücke in VLC Media Player ∗∗∗
---------------------------------------------
Ein Update steht für den VLC Media Player bereit, mit dem die Entwickler unter anderem eine kritische Sicherheitslücke schließen.
---------------------------------------------
https://heise.de/-7362049


∗∗∗ Webbrowser Chrome 108 dichtet 28 Sicherheitslücken ab ∗∗∗
---------------------------------------------
Das Update auf den Webbrowser Chrome 108 liefert im Wesentlichen Fehlerkorrekturen, die 28 Schwachstellen schließen.
---------------------------------------------
https://heise.de/-7361154


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (krb5), Fedora (galera, mariadb, and mingw-python3), Red Hat (389-ds:1.4, kernel, kernel-rt, kpatch-patch, krb5, and usbguard), Scientific Linux (krb5), Slackware (kernel), SUSE (binutils, dbus-1, exiv2, freerdp, git, java-1_8_0-ibm, kernel, libarchive, libdb-4_8, libmspack, nginx, opencc, python, python3, rxvt-unicode, sudo, supportutils, systemd, vim, and webkit2gtk3), and Ubuntu (bind9, gnutls28, libsamplerate, linux-gcp-5.4, perl, pixman, shadow, [...]
---------------------------------------------
https://lwn.net/Articles/916346/


∗∗∗ Delta Electronics Patches Serious Flaws in Industrial Networking Devices ∗∗∗
---------------------------------------------
Taiwan-based Delta Electronics has patched potentially serious vulnerabilities in two of its industrial networking products. The flaws were identified by researchers at CyberDanube, a new industrial cybersecurity company based in Austria, in Delta’s DX-2100-L1-CN 3G cloud router and the DVW-W02W2-E2 industrial wireless access point.
---------------------------------------------
https://www.securityweek.com/delta-electronics-patches-serious-flaws-industrial-networking-devices


∗∗∗ Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework ∗∗∗
---------------------------------------------
Developers have been warned that the popular Quarkus framework is affected by a critical vulnerability that could lead to remote code execution.
---------------------------------------------
https://www.securityweek.com/developers-warned-critical-remote-code-execution-flaw-quarkus-java-framework


∗∗∗ Anker Eufy Door Bell Sicherheitskameras mit Schwachstellen, Daten werden in die Cloud übertragen, Homebase 2 hat auch Schwachstellen ∗∗∗
---------------------------------------------
Anker Eufy Door Bell-Sicherheitskameras werden auch in Deutschland verkauft. Ein Sicherheitsforscher hat nun verschiedene Sicherheitslücken in der Firmware der Eufy-Kameras gefunden.
---------------------------------------------
https://www.borncity.com/blog/2022/11/30/anker-eufy-door-bell-sicherheitskameras-mit-schwachstellen-daten-werden-in-die-cloud-bertragen-homebase-2-hat-auch-schwachstellen/


∗∗∗ Drop What Youre Doing and Update iOS, Android, and Windows ∗∗∗
---------------------------------------------
https://www.wired.com/story/ios-android-windows-vulnerability-patches-november-2022/


∗∗∗ Security Advisory - Improper Authorization Vulnerability in a Huawei Childrens Watch ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-iaviahcw-21a3acd8-en


∗∗∗ Security Bulletin: A Kafka vulnerability affects IBM Operations Analytics Predictive Insights (CVE-2022-34917 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-kafka-vulnerability-affects-ibm-operations-analytics-predictive-insights-cve-2022-34917/


∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.4ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 – 2022.4.0 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-102-4esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if16-2022-4-0/


∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty profile affects IBM Operations Analytics Predictive Insights(CVE-2022-22393 CVE-2022-22476 CVE-2022-22475) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-liberty-profile-affects-ibm-operations-analytics-predictive-insightscve-2022-22393-cve-2022-22476-cve-2022-22475/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Netty libraries affect IBM Operations Analytics Predictive Insights (CVE-2021-43797 CVE-2022-24823) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-libraries-affect-ibm-operations-analytics-predictive-insights-cve-2021-43797-cve-2022-24823/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operations-analytics-predictive-insights/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote authenticated attacker to execute arbitrary code on the system due to PostgreSQL (CVE-2022-2625) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-remote-authenticated-attacker-to-execute-arbitrary-code-on-the-system-due-to-postgresql-cve-2022-2625/


∗∗∗ Zahlreiche kritische Schwachstellen in Planet Enterprises Ltd - Planet eStream ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list