[CERT-daily] Tageszusammenfassung - 15.09.2022

Thu Sep 15 18:08:39 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 14-09-2022 18:00 − Donnerstag 15-09-2022 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Gesetzentwurf: EU-Kommission will Sicherheitsupdates vorschreiben ∗∗∗
---------------------------------------------
Mit einem Entwurf für ein Cyberresilienzgesetz möchte die EU-Kommission für mehr IT-Sicherheit sorgen.
---------------------------------------------
https://www.golem.de/news/gesetzentwurf-eu-kommission-will-sicherheitsupdates-vorschreiben-2209-168301.html


∗∗∗ Self-spreading stealer attacks gamers via YouTube ∗∗∗
---------------------------------------------
A malicious bundle containing the RedLine stealer and a miner is distributed on YouTube through cheats and cracks ads for popular games.
---------------------------------------------
https://securelist.com/self-spreading-stealer-attacks-gamers-via-youtube/107407/


∗∗∗ Supply-Chain-Attacke: Trojaner in FishPig-Software bedroht Onlineshops ∗∗∗
---------------------------------------------
Derzeit platzieren Angreifer Hintertüren über kompromittierte Shop-Software unter anderem auf WordPress-Websites.
---------------------------------------------
https://heise.de/-7265052


∗∗∗ SideWalk Backdoor mit neuer Linux‑Variante ∗∗∗
---------------------------------------------
ESET-Forscher haben ein weiteres Tool im bereits umfangreichen Arsenal der SparklingGoblin APT-Gruppe entdeckt: eine Linux-Variante der SideWalk-Backdoor.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2022/09/14/sidewalk-backdoor-mit-neuer-linux-variante/


∗∗∗ Vorsicht vor Bitcoin-Scams auf Discord ∗∗∗
---------------------------------------------
Es scheint verlockend – reich werden nur mit ein paar Klicks. Kriminelle verwenden Schlagwörter wie Bitcoin“ oder „Crypto", um immer mehr Menschen abzuzocken. In einer Nachricht auf Discord wird behauptet, Sie hätten Bitcoin gewonnen? Finger weg, bei diesem Scam verlieren Sie Ihr Geld!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-bitcoin-scams-auf-discord/


∗∗∗ Change in Magniber Ransomware (*.cpl → *.jse) – September 8th ∗∗∗
---------------------------------------------
After Magniber changed its method of distribution from an MSI format to a CPL format on July 20th, it has been monitored to show decreased distribution activity as of mid-August.
---------------------------------------------
https://asec.ahnlab.com/en/38808/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Schwerwiegende Sicherheitslücke in Microsoft Teams entdeckt ∗∗∗
---------------------------------------------
Angreifer*innen könnten die Login-Daten der Desktop-App stehlen, auch bei aktiver Multifaktor-Authentifizierung.
---------------------------------------------
https://futurezone.at/digital-life/schwere-sicherheitsluecke-microsoft-teams-login-datenklau-phishing/402146898


∗∗∗ IBM Security Bulletins 2022-09-14 ∗∗∗
---------------------------------------------
FileNet Content Manager, IBM Call Center, IBM Cloud PAK for Watson AI Ops, IBM SDK (Java Technology Edition), IBM Semeru Runtime, IBM Sterling Connect, IBM Sterling Control Center, IBM Sterling Order Management, IBM Tivoli Application Dependency Discovery Manager, Transaction Processing Facility
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ ZDI: (0Day) Vulnerabilities (RCE) in NIKON NIS-Elements Viewer ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-22-1211/ , https://www.zerodayinitiative.com/advisories/ZDI-22-1212/ , https://www.zerodayinitiative.com/advisories/ZDI-22-1213/ , https://www.zerodayinitiative.com/advisories/ZDI-22-1214/ , https://www.zerodayinitiative.com/advisories/ZDI-22-1215/ , https://www.zerodayinitiative.com/advisories/ZDI-22-1216/ , https://www.zerodayinitiative.com/advisories/ZDI-22-1217/ , https://www.zerodayinitiative.com/advisories/ZDI-22-1218/
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-22-1219/


∗∗∗ Sicherheitsupdates: BIOS-Lücken gefährden unzählige Lenovo-PCs ∗∗∗
---------------------------------------------
Lenovo hat BIOS-Updates für praktisch sein gesamtes PC-Modell-Portfolio bereitgestellt. Unter anderem werden Schadcode-Lücken geschlossen.
---------------------------------------------
https://heise.de/-7264659


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (nova, pcs, and rails), Fedora (firejail, moby-engine, and pspp), Oracle (.NET 6.0, gnupg2, kernel, python3, and rsyslog rsyslog7), Red Hat (.NET 6.0 and .NET Core 3.1), SUSE (kernel), and Ubuntu (intel-microcode, poppler, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/908137/


∗∗∗ ZDI-22-1210: (0Day) Ansys SpaceClaim X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-1210/


∗∗∗ Cisco IOS XR Software Broadband Network Gateway PPP over Ethernet Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt


∗∗∗ Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2


∗∗∗ Cisco Network Convergence System 4000 Series TL1 Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6


∗∗∗ (Non-US) DIR-2150 :: Rev Rx :: FW v4.0.1 :: Multiple Vulnerabiltiies ∗∗∗
---------------------------------------------
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10304


∗∗∗ ffmpeg: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1433


∗∗∗ Google Chrome und Microsoft Edge: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1432


∗∗∗ ImageMagick: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1431


∗∗∗ genua genugate: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1438


∗∗∗ Denial of Service in Printanista Hub / Printscout (SYSS-2022-042) ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/codeausfuehrung-ueber-unsicheren-diagnosedienst-in-jasperreports-server-syss-2022-041-1


∗∗∗ PAN-SA-2022-0005 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator (Severity: NONE) ∗∗∗
---------------------------------------------
https://security.paloaltonetworks.com/PAN-SA-2022-0005


∗∗∗ PAN-SA-2022-0004 Informational: Cortex XDR Agent: Allow List is Visible to Low Privileged Users (Severity: NONE) ∗∗∗
---------------------------------------------
https://security.paloaltonetworks.com/PAN-SA-2022-0004


∗∗∗ CVE-2022-0029 Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File (Severity: MEDIUM) ∗∗∗
---------------------------------------------
https://security.paloaltonetworks.com/CVE-2022-0029

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily