[CERT-daily] Tageszusammenfassung - 13.10.2022

Thu Oct 13 19:08:26 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 12-10-2022 18:00 − Donnerstag 13-10-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New Alchimist attack framework targets Windows, macOS, Linux ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered a new attack and C2 framework called Alchimist, which appears to be actively used in attacks targeting Windows, Linux, and macOS systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-alchimist-attack-framework-targets-windows-macos-linux/


∗∗∗ SiteCheck Malware Trends Report – Q3 2022 ∗∗∗
---------------------------------------------
Our free SiteCheck remote website scanner provides immediate insights about malware infections, blocklisting, website anomalies, and errors for millions of webmasters every month. Best of all, conducting a remote website scan is one of the easiest ways to identify security issues.
---------------------------------------------
https://blog.sucuri.net/2022/10/sitecheck-malware-trends-report-2022-q3.html


∗∗∗ Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers ∗∗∗
---------------------------------------------
Core to the attacks has been the use of implants coined CreepyDrive and CreepyBox for their ability to exfiltrate sensitive data to actor-controlled OneDrive and Dropbox accounts. Also deployed is a PowerShell backdoor dubbed CreepySnail.
---------------------------------------------
https://thehackernews.com/2022/10/researchers-uncover-custom-backdoors.html


∗∗∗ VPN-Problem: Apple-Apps leaken Daten unter iOS ∗∗∗
---------------------------------------------
Der iPhone-VPN-Dienst scheint noch immer nicht sauber zu laufen. Ein Sicherheitsforscher warnt vor Leaks insbesondere aus Apple-eigenen Apps.
---------------------------------------------
https://heise.de/-7307198


∗∗∗ Top 5 ransomware detection techniques: Pros and cons of each ∗∗∗
---------------------------------------------
In the fight against ransomware, much of the discussion revolves around prevention and response. Actually detecting the ransomware, however, is just as important to securing your business. To understand why, just consider the following example.
---------------------------------------------
https://www.malwarebytes.com/blog/business/2022/10/top-5-ransomware-detection-techniques-pros-and-cons-of-each


∗∗∗ MS Enterprise app management service RCE. CVE-2022-35841 ∗∗∗
---------------------------------------------
TL;DR A remote command execution and local privilege escalation vulnerability has been fixed by Microsoft as part of September’s patch Tuesday. The vulnerability, filed under CVE-2022-35841, affects the Enterprise App Management Service which handles the installation of enterprise applications deployed via MDM.
---------------------------------------------
https://www.pentestpartners.com/security-blog/ms-enterprise-app-management-service-rce-cve-2022-35841/


∗∗∗ Some Vulnerabilities Don’t Have a Name ∗∗∗
---------------------------------------------
There is a common assumption that all open source vulnerabilities hold a CVE. Still, others believe that the National Vulnerability Database (NVD) has the final word when deciding what is a vulnerability and what is not. However, can a vulnerability exist that isn’t tracked by a CVE, or is not in the NVD?
---------------------------------------------
https://checkmarx.com/blog/some-vulnerabilities-dont-have-a-name/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdates: Kritische Lücken in WAN-Managementsystem von Aruba ∗∗∗
---------------------------------------------
Zwei kritische Schwachstellen in Aruba EdgeConnect Orchestrator gefährden Netzwerke.
---------------------------------------------
https://heise.de/-7307059


∗∗∗ CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface ∗∗∗
---------------------------------------------
An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.
---------------------------------------------
https://security.paloaltonetworks.com/CVE-2022-0030


∗∗∗ Juniper Security Bulletins 2022-10-12 ∗∗∗
---------------------------------------------
Juniper has released 37 security advisories.
---------------------------------------------
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&numberOfResults=50&f:ctype=[Security%20Advisories]


∗∗∗ Schwachstelle in JavaScript-Sandbox vm2 erlaubt Ausbruch aus der Isolation ∗∗∗
---------------------------------------------
Wer eine Version kleiner 3.9.11 von vm2 verwendet, sollte die Sandbox aktualisieren, da eine Schwachstelle das Ausführen von Remote-Code auf dem Host erlaubt.
---------------------------------------------
https://heise.de/-7306752


∗∗∗ Groupware Zimbra: Updates stopfen mehrere Sicherheitslecks ∗∗∗
---------------------------------------------
In der Groupware Zimbra beheben die Entwickler mehrere sicherheitsrelevante Fehler. Angreifer könnten die Instanz kompromittieren oder ihre Rechte ausweiten.
---------------------------------------------
https://heise.de/-7307521


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libreoffice, rexical, ruby-nokogiri, and squid), Fedora (wavpack), Red Hat (expat), SUSE (gdcm, orthanc, orthanc-gdcm, orthanc-webviewer and rubygem-puma), and Ubuntu (GMP and unzip).
---------------------------------------------
https://lwn.net/Articles/911042/


∗∗∗ Trellix ePolicy Orchestrator: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trellix ePolicy Orchestrator ausnutzen, um Dateien zu manipulieren oder einen Cross-Site-Scripting-Angriff durchzuführen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1700


∗∗∗ Vulnerability Spotlight: Multiple issues in Robustel R1510 cellular router could lead to code execution, denial of service ∗∗∗
---------------------------------------------
Cisco Talos recently discovered nine vulnerabilities in the Robustel R1510 industrial cellular router, several of which could allow an adversary to inject operating system code remotely.
---------------------------------------------
http://blog.talosintelligence.com/2022/10/vuln-spotlight-robustel-router.html


∗∗∗ Sonicwall: GMS File Path Manipulation ∗∗∗
---------------------------------------------
An unauthenticated attacker can gain access to web directory containing applications binaries and configuration files through file path manipulation vulnerability.
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0021


∗∗∗ Drupal: Twig Field Value - Moderately critical - Access bypass - SA-CONTRIB-2022-058 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-058


∗∗∗ Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-predictive-insights-impacted-by-apache-log4j-vulnerabilities-cve-2021-4104/


∗∗∗ Security Bulletin: Hortonworks DataFlow product has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities [CVE-2021-44228], [CVE-2021-45105], and [CVE-2021-45046] ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-hortonworks-dataflow-product-has-log-messages-vulnerable-to-arbitrary-code-execution-denial-of-service-and-remote-code-execution-due-to-apache-log4j-vulnerabilities-cve-2021-4422/


∗∗∗ Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-predictive-insights-impacted-by-apache-log4j-vulnerabilities-cve-2021-44832/


∗∗∗ Security Bulletin: Vulnerabilities in Java affect IBM WIoTP MessageGateway (CVE-2021-213) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affect-ibm-wiotp-messagegateway-cve-2021-213/


∗∗∗ Dell BIOS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1705


∗∗∗ Grafana: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1702


∗∗∗ Mitel MiVoice Connect: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1706


∗∗∗ Pulse Secure SA45520 - CVEs (CVE-2022-35254,CVE-2022-35258) may lead to DoS attack ∗∗∗
---------------------------------------------
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily