[CERT-daily] Tageszusammenfassung - 29.09.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 28-09-2022 18:00 − Donnerstag 29-09-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ New Royal Ransomware emerges in multi-million dollar attacks ∗∗∗
---------------------------------------------
A new ransomware operation named Royal is quickly ramping up, targeting corporations with ransom demands ranging from $250,000 to over $2 million.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-royal-ransomware-emerges-in-multi-million-dollar-attacks/


∗∗∗ The secrets of Schneider Electric’s UMAS protocol ∗∗∗
---------------------------------------------
Kaspersky ICS CERT report on vulnerabilities in Schneider Electrics engineering software that enables UMAS protocol abuse.
---------------------------------------------
https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/


∗∗∗ Report Shows How Long It Takes Ethical Hackers to Execute Attacks ∗∗∗
---------------------------------------------
A survey of more than 300 ethical hackers conducted by cybersecurity companies Bishop Fox and SANS Institute found that many could execute an end-to-end attack in less than a day.
---------------------------------------------
https://www.securityweek.com/report-shows-how-long-it-takes-ethical-hackers-execute-attacks


∗∗∗ Exchange Health Checker – Script-Erweiterungen von Frank Zöchling ∗∗∗
---------------------------------------------
Von Microsoft gibt es den Exchange Health Checker, ein PowerShell-Script zur Überprüfung von On-Premises Exchange-Installationen auf Probleme. Das Script wird durch Microsoft wohl kontinuierlich weiter entwickelt. Frank Zöchling hat sich das Thema jetzt mal vorgenommen und das Ganze um ein Script erweitert, um wichtige Einstellungen beim Prüfen einer Exchange-Installation automatisch vorzunehmen.
---------------------------------------------
https://www.borncity.com/blog/2022/09/29/exchange-health-checker-script-erweiterungen-von-frank-zchling/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ New malware backdoors VMware ESXi servers to hijack virtual machines ∗∗∗
---------------------------------------------
Hackers have found a new method to establish persistence on VMware ESXi hypervisors to control vCenter servers and virtual machines for Windows and Linux while avoiding detection.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-malware-backdoors-vmware-esxi-servers-to-hijack-virtual-machines/


∗∗∗ Root-Lücke: Selbstheilungsfunktion gefährdet Cisco-Netzwerkhardware ∗∗∗
---------------------------------------------
Wichtige Sicherheitsupdates schließen mehrere Lücken in Ciscos Netzwerkbetriebssystem IOS und weiterer Software.
---------------------------------------------
https://heise.de/-7279116


∗∗∗ Matrix chat encryption sunk by five now-patched holes ∗∗∗
---------------------------------------------
You take the green pill, youll spend six hours in a dont roll your own crypto debate. Four security researchers have identified five cryptographic vulnerabilities in code libraries that can be exploited to undermine Matrix encrypted chat clients.
---------------------------------------------
https://www.theregister.com/2022/09/28/matrix_encryption_flaws/


∗∗∗ IBM Security Bulletins 2022-09-28 ∗∗∗
---------------------------------------------
IBM Content Manager OnDemand, SPSS Collaboration and Deployment Services, IBM Decision Optimization Center, IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, IBM Spectrum Protect for Virtual Environments, IBM MQ Operator and Queue manager container images, TXSeries, Rational Service Tester, IBM ILOG CPLEX Optimization Studio, IBM CICS TX Standard and Advanced, IBM SDK, Enterprise Content Management System Monitor, AIX, IBM Robotic Process Automation, IBM WebSphere Application Server Liberty.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, lighttpd, and webkit2gtk), Fedora (firefox, gajim, libofx, and python-nbxmpp), Gentoo (bluez, chromium, expat, firefox, go, graphicsmagick, kitty, php, poppler, redis, thunderbird, and zutty), Oracle (firefox and thunderbird), Red Hat (kernel), Slackware (xorg), SUSE (expat, libostree, lighttpd, python3-lxml, rust1.62, slurm, slurm_18_08, and vsftpd), and Ubuntu (libxi, linux-gcp, postgresql-9.5, and sqlite3).
---------------------------------------------
https://lwn.net/Articles/909870/


∗∗∗ Drupal Updates Patch Vulnerability in Twig Template Engine ∗∗∗
---------------------------------------------
Updates announced for Drupal this week address a severe vulnerability in Twig that could lead to the leakage of sensitive information.
---------------------------------------------
https://www.securityweek.com/drupal-updates-patch-vulnerability-twig-template-engine


∗∗∗ PHP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann mehrere Schwachstellen in PHP ausnutzen, um einen Denial of Service Angriff durchzuführen und um Sicherheitsmechanismen zu umgehen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1567


∗∗∗ Notepad++: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann eine Schwachstelle in Notepad++ ausnutzen, um beliebigen Programmcode auszuführen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1559


∗∗∗ Apache Tomcat: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat ausnutzen, um Informationen offenzulegen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1558


∗∗∗ xpdf: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in xpdf ausnutzen, um einen Denial of Service Angriff durchzuführen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1570


∗∗∗ Thunderbird 102.3.1 freigegeben ∗∗∗
---------------------------------------------
Die Entwickler des Thunderbird haben zum 28. September 2022 ein weiteres Update des E-Mail Client auf die Version 102.3.1 freigegeben. Es ist ein Bug-Fix-Update, welches eine Reihe an Problemen und Schwachstellen beheben soll.
---------------------------------------------
https://www.borncity.com/blog/2022/09/29/thunderbird-102-3-1-freigegeben/


∗∗∗ CVE-2022-37461: Two Reflected XSS Vulnerabilities in Canon Medical’s Vitrea View ∗∗∗
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-37461-two-reflected-xss-vulnerabilities-in-canon-medicals-vitrea-view/


∗∗∗ Hitachi Energy MicroSCADA Pro X SYS600_8DBD000107 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-272-02


∗∗∗ Hitachi Energy MicroSCADA Pro X SYS600_8DBD000106 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-272-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily