[CERT-daily] Tageszusammenfassung - 11.10.2022

Tue Oct 11 20:05:53 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 10-10-2022 18:00 − Dienstag 11-10-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Your Publicly Accessible Google API Key Could Be Giving Hackers Access to Your Files and Photos! ∗∗∗
---------------------------------------------
We’ve all seen them before, those long, seemingly random strings of characters starting with AIza. Yes, that’s right, the ubiquitous Google API key.
---------------------------------------------
https://spidersilk.com/news/your-publicly-accessible-google-api-key-could-be-giving-hackers-access-to-your-files-and-photos


∗∗∗ Fortinet Confirms Zero-Day Vulnerability Exploited in One Attack ∗∗∗
---------------------------------------------
Fortinet has confirmed that the critical vulnerability whose existence came to light last week is a zero-day flaw that has been exploited in at least one attack.
---------------------------------------------
https://www.securityweek.com/fortinet-confirms-zero-day-vulnerability-exploited-one-attack


∗∗∗ Siemens Not Ruling Out Future Attacks Exploiting Global Private Keys for PLC Hacking ∗∗∗
---------------------------------------------
Researchers have demonstrated that threat actors could obtain global private keys that protect some of Siemens’ industrial devices, and the vendor says it cannot rule out malicious exploitation in the future.
---------------------------------------------
https://www.securityweek.com/siemens-not-ruling-out-future-attacks-exploiting-global-private-keys-plc-hacking


∗∗∗ Living off the Cloud. Cloudy with a Chance of Exfiltration ∗∗∗
---------------------------------------------
Unless default settings are changed, typical Office 365 (O365) licences come loaded with various services that are all usable by end users without special permissions. Power Automate can be used maliciously by compromised users or insider threats to systematically capture and exfiltrate data without having to contend with network safeguards.
---------------------------------------------
https://www.pentestpartners.com/security-blog/living-off-the-cloud-cloudy-with-a-chance-of-exfiltration/


∗∗∗ Betrügerisches Jobangebot auf santo-vermoegen.com ∗∗∗
---------------------------------------------
Auf „santo-vermoegen.com/infofolder“ sind aktuell freie Stellen als „Back Office Mitarbeiter“ ausgeschrieben. Der Job ist auch auf diversen Jobportalen inseriert. Die Beschreibung der Tätigkeit ist vage. Es geht lediglich hervor, dass Sie auf Ihrem privaten Bankkonto Zahlungen empfangen, protokollieren und weiterleiten. Vorsicht: Dabei handelt es sich um Geldwäsche, Sie machen sich strafbar!
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerisches-jobangebot-auf-santo-vermoegencom/


∗∗∗ Exchange Server: Neue 0-day (nicht NotProxyShell, CVE-2022-41040, CVE-2022-41082) ∗∗∗
---------------------------------------------
AhnLabs schreibt, dass theoretisch die Möglichkeit besteht, dass die von dem vietnamesischen Sicherheitsunternehmen GTSC am 28. September offengelegten Schwachstellen von Microsoft Exchange Server(CVE-2022-41040, CVE-2022-41082) für die Infektion ausgenutzt wurden. Aber die Angriffsmethode, der generierte WebShell-Dateiname, und nachfolgende Angriffe nach der Installation der WebShell lassen vermuten, dass ein anderer Angreifer eine andere Zero-Day-Schwachstelle ausgenutzt hat.
---------------------------------------------
https://www.borncity.com/blog/2022/10/11/exchange-server-neue-0-day-nicht-notproxyshell-cve-2022-41040-cve-2022-41082/


∗∗∗ Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there ! ∗∗∗
---------------------------------------------
During the assessment of a PHP application, we recently came across a file upload vulnerability allowing the interpretation of PHP code inserted into valid PNG files. However, the image processing performed by the application forced us to dig deeper into the different techniques available to inject PHP payloads into this particular file format - and to make it persist through image transformations.
---------------------------------------------
https://www.synacktiv.com/publications/persistent-php-payloads-in-pngs-how-to-inject-php-code-in-an-image-and-keep-it-there.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Siemens Security Advisories ∗∗∗
---------------------------------------------
16 new, 11 updated
---------------------------------------------
https://new.siemens.com/global/en/products/services/cert.html?d=2022-10#SecurityPublications


∗∗∗ IBM Security Bulletins 2022-10-10 ∗∗∗
---------------------------------------------
IBM Process Mining, z/Transaction Processing Facility, Content Manager OnDemand z/OS, IBM Sterling Connect.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Exchange Zero-Day-Lücke: Nochmals nachgebesserter Workaround ∗∗∗
---------------------------------------------
Microsoft bessert den Workaround für die Zero-Day-Lücke in Exchange noch mal nach. Admins bleibt nur zu hoffen, dass die jetzige Regel bis zum Update hält.
---------------------------------------------
https://heise.de/-7304522


∗∗∗ SAP-Patchday: 15 neue Sicherheitswarnungen im Oktober ∗∗∗
---------------------------------------------
Die von SAP zum Oktober-Patchday verfügbaren Updates schließen unter anderem zwei kritische Sicherheitslücken.
---------------------------------------------
https://heise.de/-7305149


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (connman, dbus, git, isc-dhcp, strongswan, and wordpress), Fedora (rubygem-pdfkit and seamonkey), Red Hat (gnutls, nettle, rh-ruby27-ruby, and rh-ruby30-ruby), SUSE (libgsasl, python, and snakeyaml), and Ubuntu (graphite2, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-raspi, linux, linux-aws, linux-bluefield, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux-hwe, linux-oracle, openssh, and pcre3).
---------------------------------------------
https://lwn.net/Articles/910828/


∗∗∗ iOS 16.0.3 freigegeben ∗∗∗
---------------------------------------------
Apple hat zum 10. Oktober 2022 iOS 16.0.3 für neuere iPhone-Modelle freigegeben. Es handelt sich um ein Sicherheitsupdate, welches die Sicherheitslücke CVE-2022-22658 in Mail beseitigen soll.
---------------------------------------------
https://www.borncity.com/blog/2022/10/11/ios-16-0-3-freigegeben/


∗∗∗ OpenSSL Security Advisory [11 October 2022] ∗∗∗
---------------------------------------------
https://www.openssl.org/news/secadv/20221011.txt


∗∗∗ Xen Security Advisory CVE-2022-33749 / XSA-413 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-413.html


∗∗∗ Xen Security Advisory CVE-2022-33748 / XSA-411 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-411.html


∗∗∗ Xen Security Advisory CVE-2022-33746 / XSA-410 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-410.html


∗∗∗ Xen Security Advisory CVE-2022-33747 / XSA-409 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-409.html


∗∗∗ PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-046/


∗∗∗ Hashicorp Vagrant: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1669


∗∗∗ Octopus Deploy: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1663


∗∗∗ Citrix Hypervisor Security Bulletin for CVE-2022-33748 & CVE-2022-33749 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX465146/citrix-hypervisor-security-bulletin-for-cve202233748-cve202233749


∗∗∗ Altair HyperView Player ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-284-01


∗∗∗ Daikin Holdings Singapore Pte Ltd. SVMPC1 and SVMPC2 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-284-02


∗∗∗ Sensormatic Electronics C-CURE 9000 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-284-03


∗∗∗ Lenovo: IPV6 VLAN Stacking Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500520-IPV6-VLAN-STACKING-VULNERABILITY

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily