[CERT-daily] Tageszusammenfassung - 10.10.2022

Mon Oct 10 19:14:52 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 07-10-2022 18:00 − Montag 10-10-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Fake adult sites push data wipers disguised as ransomware ∗∗∗
---------------------------------------------
Malicious adult websites push fake ransomware which, in reality, acts as a wiper that quietly tries to delete almost all of the data on your device.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-adult-sites-push-data-wipers-disguised-as-ransomware/


∗∗∗ Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server ∗∗∗
---------------------------------------------
A correction was made to the string in step 6 and step 9 in the URL Rewrite rule mitigation Option 3. Steps 8, 9, and 10 have updated images.
---------------------------------------------
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/


∗∗∗ That thing to help protect internet traffic from hijacking? Its broken ∗∗∗
---------------------------------------------
RPKI is supposed to verify network routes. Instead, heres how it could be subverted. An internet security mechanism called Resource Public Key Infrastructure (RPKI), intended to safeguard the routing of data traffic, is broken, according to security experts from Germanys ATHENE, the National Research Center for Applied Cybersecurity.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2022/10/09/internet_traffic_routing_defense/


∗∗∗ Groupware: Kritische Codeschmuggel-Lücke in Zimbra wird angegriffen ∗∗∗
---------------------------------------------
Eine Sicherheitslücke in der Groupware Zimbra erlaubt Angreifern, Schadcode einzuschleusen. Die Schwachstelle wird inzwischen angegriffen. Ein Workaround hilft.
---------------------------------------------
https://heise.de/-7289104


∗∗∗ Intel-CPU "Alder Lake": BIOS-Quellcode-Leak öffnet potenzielle Einfallstore ∗∗∗
---------------------------------------------
Rund 6 GByte BIOS-Daten für die CPU-Generation Core i-12000 sind Intel abhandengekommen. Darin enthalten ist Code für Sicherheitsmechanismen wie Boot Guard.
---------------------------------------------
https://heise.de/-7289262


∗∗∗ How to protect your Firefox saved passwords with a Primary Password ∗∗∗
---------------------------------------------
For better security, dont rely on browser syncing to manage your passwords. Heres a better way.
---------------------------------------------
https://www.zdnet.com/article/how-to-protect-your-firefox-saved-passwords-with-a-primary-password/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Kritische Sicherheitslücke in Fortinet Produkten - Updates verfügbar ∗∗∗
---------------------------------------------
Kritische Schwachstellen in Fortinet Produkten erlauben es Angreifenden, die Authentisierung zu umgehen und Aktionen mit Admin-Rechten auszuführen. CVE-Nummer(n): CVE-2022-40684 CVSS Base Score: 9.6.
---------------------------------------------
https://cert.at/de/warnungen/2022/10/kritische-sicherheitslucken-in-fortinet-firewalls-updates-verfugbar


∗∗∗ IBM Security Bulletins 2022-10-07 and 2022-10-08 ∗∗∗
---------------------------------------------
IBM Partner Engagement Manager, IBM CICS TX Standard, IBM CICS TX Advanced, IBM Cloud, IBM Business Automation Workflow, IBM Security Verify Governance, IBM TXSeries, IBM Security Network Threat Analytics, IBM Security Verify Governance, IBM Jazz.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (knot-resolver and libpgjava), Fedora (booth, dotnet3.1, expat, nheko, php-twig, php-twig2, php-twig3, poppler, python-joblib, and seamonkey), Mageia (colord, dbus, enlightenment, kitty, libvncserver, php, python3, and unbound), Slackware (libksba), SUSE (cyrus-sasl, ImageMagick, and xmlgraphics-commons), and Ubuntu (nginx and thunderbird).
---------------------------------------------
https://lwn.net/Articles/910724/


∗∗∗ Critical Remote Code Execution Vulnerability Found in vm2 Sandbox Library ∗∗∗
---------------------------------------------
A critical vulnerability in vm2 may allow a remote attacker to escape the sandbox and execute arbitrary code on the host. A highly popular JavaScript sandbox library with more than 16 million monthly downloads, vm2 supports the execution of untrusted code synchronously in a single process.
---------------------------------------------
https://www.securityweek.com/critical-remote-code-execution-vulnerability-found-vm2-sandbox-library


∗∗∗ MISP 2.4.164 released with new tag relationship feature, improvements and a security fix ∗∗∗
---------------------------------------------
We are pleased to announce the immediate availability of MISP v2.4.164 with a new tag relationship features, many improvements and a security fix.
---------------------------------------------
https://www.misp-project.org/2022/10/10/MISP.2.4.164.released.html/


∗∗∗ Trend Micro Apex One: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein lokaler oder entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um seine Privilegien zu erhöhen und Sicherheitsmaßnahmen zu umgehen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1649


∗∗∗ ZDI-22-1399: Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-1399/


∗∗∗ ZDI-22-1398: Centreon Contact Group SQL Injection Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-1398/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily