[CERT-daily] Tageszusammenfassung - 19.10.2022

Wed Oct 19 18:58:43 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 18-10-2022 18:00 − Mittwoch 19-10-2022 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Adobe patcht Illustrator außer der Reihe ∗∗∗
---------------------------------------------
Nach dem großen Patchday letzte Woche legt Adobe nun zwei Updates gegen kritische Lücken im Illustrator nach.
---------------------------------------------
https://heise.de/-7314003


∗∗∗ AMD, Google, Microsoft, Nvidia: Offengelegter Sicherheitsprozessor Caliptra ∗∗∗
---------------------------------------------
Branchenschwergewichte setzen auf RISC-V-Technik für offengelegte Hardware-Security. Sie könnte Black-Box-Umsetzungen wie Microsofts Pluton ersetzen.
---------------------------------------------
https://heise.de/-7313272


∗∗∗ Achtung Betrug: Bewerben Sie sich nicht als „Process Tester“ bei page-rangers.de ∗∗∗
---------------------------------------------
page-rangers.de bietet einen gut bezahlten Minijob als „App-Tester“. Die Arbeit wird von zu Hause aus erledigt und benötigt keine speziellen Anforderungen. Sie erhalten täglich kleine Aufträge, z. B. die Benutzerfreundlichkeit bei der Eröffnung eines Bankkontos zu testen. Doch Vorsicht: Mit diesem Job stehlen Kriminelle Ihre Identität. Mit dem erstellten Bankkonto wird in Ihrem Namen Geld gewaschen!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-betrug-bewerben-sie-sich-nicht-als-process-tester-bei-page-rangersde/


∗∗∗ Defenders beware: A case for post-ransomware investigations ∗∗∗
---------------------------------------------
The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.
---------------------------------------------
https://www.microsoft.com/security/blog/2022/10/18/defenders-beware-a-case-for-post-ransomware-investigations/


∗∗∗ Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk ∗∗∗
---------------------------------------------
Microsoft was recently made aware of a Cross-Site Scripting (XSS) vulnerability (CVE-2022-35829), that under limited circumstances, affects older versions of Service Fabric Explorer (SFX). The current default SFX web client (SFXv2) is not vulnerable to this attack. However, customers can manually switch from the default web client (SFXv2) to an older vulnerable SFX web [...]
---------------------------------------------
https://msrc-blog.microsoft.com/2022/10/19/awareness-and-guidance-related-to-potential-service-fabric-explorer-sfx-v1-web-client-risk/


∗∗∗ Are Internet Scanning Services Good or Bad for You?, (Wed, Oct 19th) ∗∗∗
---------------------------------------------
I'm in Luxembourg to attend the first edition of the CTI Summit[1]. There was an interesting keynote performed by Patrice Auffret[2], the founder of Onyphe, about "Ethical Internet Scanning in 2022". They are plenty of online scanners that work 24x7 to build a map of the Internet. They scan the entire IP addresses space and look for interesting devices, vulnerabilities, etc. Big players are Shodan, Onyphe, Censys, ZoomEye, etc.
---------------------------------------------
https://isc.sans.edu/diary/rss/29164


∗∗∗ Fully undetectable Windows backdoor gets detected ∗∗∗
---------------------------------------------
SafeBreach Labs says it has detected a novel fully undetectable (FUD) PowerShell backdoor, which calls into question the accuracy of threat naming.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2022/10/18/fully_undetectable_windows_powershell_backdoor/


∗∗∗ A New Attack Surface on MS Exchange Part 4 - ProxyRelay! ∗∗∗
---------------------------------------------
Hi, this is a long-time-pending article. We could have published this article earlier (the original bug was reported to MSRC in June 2021 with a 90-days Public Disclosure Policy). However, during communications with MSRC, they explained that since this is an architectural design issue, lots of code changes and testings are expected and required, so they hope to resolve this problem with a one-time CU (Cumulative Update) instead of the regular Patch Tuesday.
---------------------------------------------
https://devco.re/blog/2022/10/19/a-new-attack-surface-on-MS-exchange-part-4-ProxyRelay/


∗∗∗ Warning: "FaceStealer" iOS and Android apps steal your Facebook login ∗∗∗
---------------------------------------------
FaceStealer is back. As a seasoned threat to legitimate app stores, expect it to be gone and then back again.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2022/10/warning-facestealer-ios-and-android-apps-steal-your-facebook-login


∗∗∗ TeamTNT Returns – or Does It? ∗∗∗
---------------------------------------------
Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal.
---------------------------------------------
https://www.trendmicro.com/en_us/research/22/j/teamtnt-returns-or-does-it.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bcel, kernel, node-xmldom, and squid), Mageia (chromium-browser-stable, dhcp, dokuwiki, firefox, golang, python-joblib, sos, and unzip), Oracle (nodejs and nodejs:16), Red Hat (firefox, kernel, kernel-rt, nodejs, nodejs:14, and thunderbird), Scientific Linux (firefox and thunderbird), Slackware (git and mozilla), SUSE (amazon-ssm-agent, caasp-release, cri-o, patchinfo, release-notes-caasp, skuba, enlightenment, libreoffice, netty, nodejs12, nodejs14, [...]
---------------------------------------------
https://lwn.net/Articles/911723/


∗∗∗ Oracle Releases 370 New Security Patches With October 2022 CPU ∗∗∗
---------------------------------------------
Oracle on Tuesday announced the release of 370 patches as part of its quarterly set of security updates. The October 2022 Critical Patch Update (CPU) resolves over 50 critical-severity vulnerabilities. More than 200 of the newly released security patches deal with vulnerabilities that are remotely exploitable without authentication.
---------------------------------------------
https://www.securityweek.com/oracle-releases-370-new-security-patches-october-2022-cpu


∗∗∗ Festo: CPX-CEC-C1 and CPX-CMXX, Missing Authentication for Critical Webpage Function UPDATE A ∗∗∗
---------------------------------------------
UPDATE A (19.10.2022): Added Control block-Set CPX-CEC-C1 and Control block-SETCPX-CMXX to affected products. 
Unauthenticated access to critical webpage functions (e.g. reboot) may cause a denial of service
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-036/


∗∗∗ K30425568: Overview of F5 vulnerabilities (October 2022) ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K30425568


∗∗∗ CVE-2021-3772 Linux Kernel Vulnerability in NetApp DSA E2800 series ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-609377-bt.html


∗∗∗ Multiple Cross Site Scripting vulnerabilities in Bosch VIDEOJET multi 4000 ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html


∗∗∗ Cisco Identity Services Engine Unauthorized File Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM


∗∗∗ Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu


∗∗∗ Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnESbgBf


∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-twLnpy3M


∗∗∗ Security Bulletin: Operations Dashboard is vulnerable to Golang Go vulnerabilities (CVE-2022-27664 and CVE-2022-32190) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-golang-go-vulnerabilities-cve-2022-27664-and-cve-2022-32190/


∗∗∗ Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-spark-affecting-ibm-qradar-user-behavior-analytics/


∗∗∗ Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak-9/


∗∗∗ Security Bulletin: Enterprise Content Management System Monitor is affected by vulnerability in Dojo [CVE-2021-23450] ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-management-system-monitor-is-affected-by-vulnerability-in-dojo-cve-2021-23450/


∗∗∗ Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2022-34339, CVE-2021-3712, CVE-2021-3711, CVE-2021-4160, CVE-2021-29425, CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-43138, CVE-2022-24758) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-cve-2022-34339-cve-2021-3712-cve-2021-3711-cve-2021-4160-cve-2021-29425-cve-2021-3733-cve-2021-3737-cve-2022-0391/


∗∗∗ Security Bulletin: CMIS is affected since it uses Spring Framework, but not vulnerable to [CVE-2022-22965] and [CVE-2022-22963] ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cmis-is-affected-since-it-uses-spring-framework-but-not-vulnerable-to-cve-2022-22965-and-cve-2022-22963/


∗∗∗ Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to JUnit4 (CVE-2020-15250) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-is-vulnerable-to-information-disclosure-due-to-junit4-cve-2020-15250/


∗∗∗ Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2022-23302) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-predictive-insights-impacted-by-apache-log4j-vulnerabilities-cve-2022-23302/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily