[CERT-daily] Tageszusammenfassung - 14.09.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 13-09-2022 18:00 − Mittwoch 14-09-2022 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Securing your IoT devices against cyber attacks in 5 steps ∗∗∗
---------------------------------------------
How is IoT being used in the enterprise, and how can it be secured? We will demonstrate important security best practices and how a secure password policy is paramount to the security of devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/securing-your-iot-devices-against-cyber-attacks-in-5-steps/


∗∗∗ Easy Process Injection within Python, (Wed, Sep 14th) ∗∗∗
---------------------------------------------
Process injection is a common technique used by malware to cover their tracks. What looks more legit than a process called "notepad.exe" or "explorer.exe"?
---------------------------------------------
https://isc.sans.edu/diary/rss/29048


∗∗∗ Neue Phishing-Masche: Fake-Konversationen für mehr Glaubwürdigkeit ∗∗∗
---------------------------------------------
Sicherheitsforscher warnen vor einer neuen Taktik, die Phishing-Mails noch glaubhafter erscheinen lässt.
---------------------------------------------
https://heise.de/-7263942


∗∗∗ Passengers Exposed to Hacking via Vulnerabilities in Airplane Wi-Fi Devices ∗∗∗
---------------------------------------------
Researchers have discovered two potentially serious vulnerabilities in wireless LAN devices that they say are often used in airplanes.
---------------------------------------------
https://www.securityweek.com/passengers-exposed-hacking-vulnerabilities-airplane-wi-fi-devices


∗∗∗ Malware Infects Magento-Powered Stores via FishPig Distribution Server ∗∗∗
---------------------------------------------
For the past several weeks, Magento stores have been injected with malware via a supply chain attack that targeted the FishPig distribution server.
---------------------------------------------
https://www.securityweek.com/malware-infects-magento-powered-stores-fishpig-distribution-server


∗∗∗ Mail „Energiekosten: Jetzt 475,00 Euro erhalten“ ist Betrug! ∗∗∗
---------------------------------------------
In Zeiten von 150 Euro Energiegutschein oder 500 Euro Klimabonus kann eine E-Mail mit dem Betreff „Energiekosten: Jetzt 475,00 Euro erhalten“ durchaus für echt gehalten werden. Doch Vorsicht: Die Nachricht leitet auf eine Website zum „Lars Meyer Geld-System“ weiter – eine betrügerische Investment-Plattform, auf der Sie nicht investieren dürfen.
---------------------------------------------
https://www.watchlist-internet.at/news/mail-energiekosten-jetzt-47500-euro-erhalten-ist-betrug/


∗∗∗ CISA Adds Two Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/09/14/cisa-adds-two-known-exploited-vulnerabilities-catalog



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs ∗∗∗
---------------------------------------------
Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/


∗∗∗ IBM Security Bulletins 2022-09-13 ∗∗∗
---------------------------------------------
IBM WebSphere Application Server, IBM SPSS Statistics, IBM Maximo Asset Management, IBM Maximo Manage, IBM App Connect Enterprise, IBM Integration Bus, IBM App Connect Professional.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Patchday: Angreifer attackieren Windows 7 bis 11 ∗∗∗
---------------------------------------------
Kritische Lücken bedrohen Microsoft Dynamics 365 und Windows. Sicherheitsupdates stehen zur Installation bereit.
---------------------------------------------
https://heise.de/-7263140


∗∗∗ Patchday Adobe: Schadcode-Attacken auf InDesign, Photoshop & Co. möglich ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für verschiedene Anwendungen von Adobe. Derzeit sind keine dokumentierten Attacken bekannt.
---------------------------------------------
https://heise.de/-7263205


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (open-vm-tools), Debian (freecad and sqlite3), Fedora (qt5-qtwebengine and vim), SUSE (firefox, kernel, libzapojit, perl, postgresql14, and samba), and Ubuntu (dotnet6, dpdk, gdk-pixbuf, rust-regex, and systemd).
---------------------------------------------
https://lwn.net/Articles/907983/


∗∗∗ Zero-day in WPGateway Wordpress plugin actively exploited in attacks ∗∗∗
---------------------------------------------
https://www.bleepingcomputer.com/news/security/zero-day-in-wpgateway-wordpress-plugin-actively-exploited-in-attacks/


∗∗∗ Atlassian Confluence: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1422


∗∗∗ Delta Industrial Automation DIAEnergie ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-256-03


∗∗∗ Kingspan TMS300 CS ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-256-04


∗∗∗ Honeywell SoftMaster ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-256-02


∗∗∗ Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-256-01


∗∗∗ Multi-Vendor BIOS Security Vulnerabilities (September 2022) ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500519-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-SEPTEMBER-2022


∗∗∗ Quectel Wireless WAN Driver Command Injection Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500515


∗∗∗ genua genucenter: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1412


∗∗∗ Zoom Video Communications On-Premise: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1420

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily