[CERT-daily] Tageszusammenfassung - 16.09.2022

Fri Sep 16 19:49:32 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 15-09-2022 18:00 − Freitag 16-09-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Sicherheitslücke in WordPress-Plug-in WPGateway macht Angreifer zu Admins ∗∗∗
---------------------------------------------
Angreifer attackieren WordPress-Websites mit WPGateway. Sicherheitsupdates sind noch nicht verfügbar.
---------------------------------------------
https://heise.de/-7265906


∗∗∗ Update für Exchange Extended Protection-Script, aber weiterhin Fehler ∗∗∗
---------------------------------------------
Mit den Sicherheitsupdates vom August 2022 für Microsoft Exchange (On-Premises-Lösung) ist es erforderlich, Extended Protection (EP) zu aktivieren, um alle Schwachstellen zu schließen. Die Aktivierung erfolgt per Script, welches Microsoft bereitgestellt hat – was aber zu Problemen führte.
---------------------------------------------
https://www.borncity.com/blog/2022/09/16/update-fr-exchange-extended-protection-script-aber-weiterhin-fehler/


∗∗∗ PS2 Emulator: Exploit in PS4 und PS5 soll nicht behebbar sein ∗∗∗
---------------------------------------------
Eine Lücke im integrierten PS2-Emulator der Playstation 4 und 5 soll sich "grundsätzlich" nicht beheben lassen. Das reicht, um Code auszuführen.
---------------------------------------------
https://www.golem.de/news/ps2-emulator-exploit-in-ps4-und-ps5-soll-nicht-behebbar-sein-2209-168319.html


∗∗∗ Bitdefender releases free decryptor for LockerGoga ransomware ∗∗∗
---------------------------------------------
Romanian cybersecurity firm Bitdefender has released a free decryptor to help LockerGoga ransomware victims recover their files without paying a ransom.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/bitdefender-releases-free-decryptor-for-lockergoga-ransomware/


∗∗∗ Microsoft Edge’s News Feed ads abused for tech support scams ∗∗∗
---------------------------------------------
An ongoing malvertising campaign is injecting ads in the Microsoft Edge News Feed to redirect potential victims to websites pushing tech support scams.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-edge-s-news-feed-ads-abused-for-tech-support-scams/


∗∗∗ Water Tank Management System Used Worldwide Has Unpatched Security Hole ∗∗∗
---------------------------------------------
A water tank management system used by organizations worldwide is affected by a critical vulnerability that can be exploited remotely and the vendor does not appear to want to patch it.read more
---------------------------------------------
https://www.securityweek.com/water-tank-management-system-used-worldwide-has-unpatched-security-hole


∗∗∗ Word Maldoc With CustomXML and Renamed VBAProject.bin, (Fri, Sep 16th) ∗∗∗
---------------------------------------------
Friend and colleague 0xThiebaut just gave me a heads up for this interesting sample: 2056b52f8c2f62e222107e6fb6ca82708cdae73a91671d40e61aef8698e3e139
---------------------------------------------
https://isc.sans.edu/diary/rss/29056


∗∗∗ Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies ∗∗∗
---------------------------------------------
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware.
---------------------------------------------
https://thehackernews.com/2022/09/hackers-targeting-weblogic-servers-and.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bzip2, chromium, glib2.0, libraw, mariadb-10.3, and mod-wsgi), Fedora (kdiskmark, wordpress, and zlib), Oracle (.NET 6.0, .NET Core 3.1, mariadb:10.3, nodejs:14, nodejs:16, ruby:2.7, and ruby:3.0), Red Hat (.NET 6.0, php:7.4, and webkit2gtk3), SUSE (389-ds, flatpak, kernel, libgit2, and thunderbird), and Ubuntu (sqlite3, vim, and wayland).
---------------------------------------------
https://lwn.net/Articles/908297/


∗∗∗ Synology-SA-22:15 GLPI ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote attackers or remote authenticated users to obtain sensitive information, inject arbitrary web script or HTML or inject SQL command via a susceptible version of GLPI.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_22_15


∗∗∗ CISA Adds Six Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/09/15/cisa-adds-six-known-exploited-vulnerabilities-catalog


∗∗∗ Achtung: Backdoor in TechLogix Networx Power Delivery-Unit, vom Internet isolieren und patchen ∗∗∗
---------------------------------------------
In Stromversorgungskomponenten (Power Delivery-Units) des US-Herstellers TechLogix Networx gibt es eine gravierende Schwachstelle in deren Firmware. Die Firmware nimmt in älteren Versionen (vor Version 2.0.2a) keine Authentifizierung vor, d.h. man kann über Netzwerk die Power Delivery-Unit abschalten.
---------------------------------------------
https://www.borncity.com/blog/2022/09/16/achtung-backdoor-in-techlogix-networx-power-delivery-unit-vom-internet-isolieren-und-patchen/


∗∗∗ Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104-3/


∗∗∗ Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to sensitive information exposure (CVE-2021-35550) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-sensitive-information-exposure-cve-2021-35550-2/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for UNIX container is vulnerable to obtain sensitive information due to OpenSSL (CVE-2022-2097) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-container-is-vulnerable-to-obtain-sensitive-information-due-to-openssl-cve-2022-2097/


∗∗∗ Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to Denial of Service (CVE-2021-35578) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-denial-of-service-cve-2021-35578-2/


∗∗∗ Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to exposure of sensitive information (CVE-2021-35603) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-exposure-of-sensitive-information-cve-2021-35603-4/


∗∗∗ Dell BSAFE: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1452


∗∗∗ xpdf: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1451


∗∗∗ NGINX: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1450


∗∗∗ Nextcloud: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1449

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily