[CERT-daily] Tageszusammenfassung - 18.01.2023

Wed Jan 18 19:08:01 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 17-01-2023 18:00 − Mittwoch 18-01-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ RC4 Is Still Considered Harmful ∗∗∗
---------------------------------------------
Ive been spending a lot of time researching Windows authentication implementations, specifically Kerberos. In June 2022 I found an interesting issue number 2310 with the handling of RC4 encryption that allowed you to authenticate as another user if you could either interpose on the Kerberos network traffic to and from the KDC or directly if the user was configured to disable typical pre-authentication requirements. This blog post goes into more detail [...]
---------------------------------------------
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html


∗∗∗ Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware, (Wed, Jan 18th) ∗∗∗
---------------------------------------------
https://isc.sans.edu/diary/rss/29448


∗∗∗ Is WordPress Secure? ∗∗∗
---------------------------------------------
According to W3Techs, 43.2% of all websites on the internet use WordPress. And of all websites that use a CMS (Content Management System) more than half (64%) leverage WordPress to power their blog or website. Unfortunately, since WordPress has such a large market share it has also become a prime target for attackers. You might be wondering whether WordPress is safe to use. And the short answer is yes - WordPress core is safe to use, but only if you maintain it to the latest version and [...]
---------------------------------------------
https://blog.sucuri.net/2023/01/is-wordpress-secure.html


∗∗∗ CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems ∗∗∗
---------------------------------------------
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9)
---------------------------------------------
https://thehackernews.com/2023/01/cisa-warns-of-flaws-in-siemens-ge.html


∗∗∗ Jetzt patchen! Tausende Firewalls von Sophos angreifbar ∗∗∗
---------------------------------------------
Sicherheitsforscher haben das Internet auf verwundbare Sophos-Firewalls gescannt und sind fündig geworden. Sicherheitspatches gibt es seit Dezember 2022.
---------------------------------------------
https://heise.de/-7462565


∗∗∗ MSI-Motherboards sollen trotz aktivem Secure Boot manipulierte Systeme starten ∗∗∗
---------------------------------------------
Ein Sicherheitsforscher hat herausgefunden, dass der Schutzmechanismus Secure Boot auf MSI-Motherboards standardmäßig aktiv ist, aber trotzdem alles durchwinkt.
---------------------------------------------
https://heise.de/-7462913


∗∗∗ Hochriskante Sicherheitslücken in Qt "nur ein Bug" ∗∗∗
---------------------------------------------
IT-Sicherheitsforscher von Cisco Thalos haben hochriskante Sicherheitslücken in Qt-QML gefunden. Qt sieht App-Entwickler am Zuge und stuft sie nur als Bug ein.
---------------------------------------------
https://heise.de/-7462956


∗∗∗ Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability ∗∗∗
---------------------------------------------
Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.
---------------------------------------------
https://www.securityweek.com/vendors-actively-bypass-security-patch-year-old-magento-vulnerability


∗∗∗ The Defender’s Guide to Windows Services ∗∗∗
---------------------------------------------
This is the second installment of the Defender’s Guide series. In keeping with the theme, we are discussing Windows Services, the underlying technology, common attack vectors, and methods of securing/monitoring them.
---------------------------------------------
https://posts.specterops.io/the-defenders-guide-to-windows-services-67c1711ecba7?source=rss----f05f8696e3cc---4


∗∗∗ Silo, or not silo, that is the question ∗∗∗
---------------------------------------------
As we (security folks) were working on the hardening of WSUS update servers, we had to answer an interesting question dealing with how to best isolate a sensitive server like WSUS on on-premises Active Directory. The question was: should I put my WSUS server into my T0 silo?
---------------------------------------------
https://medium.com/tenable-techblog/silo-or-not-silo-that-is-the-question-d0141d0cbb78?source=rss----68728ef06732---4


∗∗∗ Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS ∗∗∗
---------------------------------------------
Elastic IPs (EIPs) are public and static IPv4 addresses provided by AWS. EIPs can be viewed as a pool of IPv4 addresses, accessible from the internet, that can be used in numerous ways. Once an EIP is allocated to an AWS account, it can be associated with a single compute instance or an elastic network [...]
---------------------------------------------
https://orca.security/resources/blog/elastic-ip-transfer-attack-vector-on-aws/


∗∗∗ An in-depth HTTP Strict Transport Security Tutorial ∗∗∗
---------------------------------------------
HSTS is an Internet standard and policy that tells the browser to only interact with a website using a secure HTTPS connection. Check out this article to learn how to leverage the security of your website and customers’ data and the security benefits you’ll gain from doing so.
---------------------------------------------
https://www.trendmicro.com/en_us/devops/23/a/http-strict-transport-security-tutorial.html


∗∗∗ Kriminelle versprechen Geld für Haarspenden auf Job-Börsen, aber zahlen nicht! ∗∗∗
---------------------------------------------
Wenn Sie auf Facebook in diversen Job-Börsen nach einer Beschäftigung suchen, stoßen Sie womöglich auf ein verlockendes Angebot für Ihre Haare. Um für Krebskranke Perücken anzufertigen, ist man bereit, Ihnen bis zu 2000 Euro für Ihre Haare zu bezahlen. Achtung: Wenn Sie hier Kontakt aufnehmen, gibt man Ihnen genaue Anweisungen zum Abschneiden Ihrer Haare und verspricht eine Bezahlung bei Abholung. Doch dann sind Ihre Haare ab, Sie werden blockiert und [...]
---------------------------------------------
https://www.watchlist-internet.at/news/kriminelle-versprechen-geld-fuer-haarspenden-auf-job-boersen-aber-zahlen-nicht/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patchday: Sicherheitslücken in über 100 Oracle-Produkten ∗∗∗
---------------------------------------------
Das erste Oracle Critical Patch Update des Jahres 2023 liefert Beschreibungen und Updates für Sicherheitslücken in mehr als 100 Produkten des Unternehmens.
---------------------------------------------
https://heise.de/-7462438


∗∗∗ Versionsverwaltung: Git schließt zwei kritische Lücken in Version 2.39 ∗∗∗
---------------------------------------------
Sicherheitsforscher haben Lücken in Git entdeckt, durch die beliebiger Code ausgeführt werden konnte. Patches stehen bereit, Nutzer sollten umgehend updaten.
---------------------------------------------
https://heise.de/-7462680


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (awstats), Oracle (dpdk, libxml2, postgresql:10, systemd, and virt:ol and virt-devel:rhel), Red Hat (kernel), Slackware (git, httpd, libXpm, and mozilla), SUSE (libzypp-plugin-appdata), and Ubuntu (git, libxpm, linux-ibm-5.4, linux-oem-5.14, and ruby2.3).
---------------------------------------------
https://lwn.net/Articles/920318/


∗∗∗ Remote Code Execution Vulnerabilities Found in TP-Link, NetComm Routers ∗∗∗
---------------------------------------------
Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).Two security defects were identified in TP-Link WR710N-V1-151022 and Archer-C5-V2-160201 SOHO (small office/home office) routers, allowing attackers to execute code, crash devices, or guess login credentials.
---------------------------------------------
https://www.securityweek.com/remote-code-execution-vulnerabilities-found-tp-link-netcomm-routers


∗∗∗ IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6850801


∗∗∗ Security Advisory - System Command Injection Vulnerability in a Huawei Printer Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-sciviahpp-f18e962a-en


∗∗∗ Security Advisory - Misinterpretation of Input in a Huawei Printer Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-moiiahpp-a2a7a816-en


∗∗∗ Security Advisory - Data Processing Error Vulnerability in a Huawei Band ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-dpeviahb-44e16f60-en


∗∗∗ Security Advisory - Buffer Overflow Vulnerability in a Huawei Printer Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-boviahpp-7a1783e1-en


∗∗∗ Security Advisory - System Command Injection Vulnerability in a Huawei Printer Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-sciviahpp-4181d272-en


∗∗∗ Security Advisory - Misinterpretation of Input Vulnerability in Huawei Printer ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-moivihp-5deb7c23-en

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily