Daily

daily@lists.cert.at

1 participants
3212 discussions

Tageszusammenfassung - 12.10.2022
by Daily end-of-shift report 12 Oct '22

12 Oct '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-10-2022 18:00 − Mittwoch 12-10-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Ein guter Tag für Freund:innen von Adobe Software und gepflegtem Patchen ∗∗∗ --------------------------------------------- Da kann man sich nicht beschweren: nicht nur eine kritische Lücke in Adobe Commerce und Magento Open Source (CVSS 10.0 - Highscore-verdächtig), sondern auch gleich deren mehrere in Adobe ColdFusion (unter Anderem 4x mit CVSS 9.8 und 1x mit 8.1). Nutzer:innen von Adobe Acrobat/Acrobat Reader kommen ebenfalls nicht zu kurz, auch wenn man dort dank Auto-Updates vielleicht nicht selbst so viel Spass mit dem Patchen hat. Und auch wenn ich nicht weiß, was (eine) Adobe Dimension ist: Admins haben dort 4x CVSS 7.8 - Freude. --------------------------------------------- https://cert.at/de/blog/2022/10/ein-guter-tag-fur-freundinnen-von-adobe-sof… ∗∗∗ New npm timing attack could lead to supply chain attacks ∗∗∗ --------------------------------------------- Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-npm-timing-attack-could-… ∗∗∗ Malicious WhatsApp mod distributed through legitimate apps ∗∗∗ --------------------------------------------- The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate apps internal store. --------------------------------------------- https://securelist.com/malicious-whatsapp-mod-distributed-through-legitimat… ∗∗∗ Userland Execution of Binaries Directly from Python ∗∗∗ --------------------------------------------- TL;DR: If you are familiar with what a userland binary execution tool does and you just want to see the code and/or test it, skip the rest of this post and go to the project GitHubs page. --------------------------------------------- https://www.anvilsecure.com/blog/userland-execution-of-binaries-directly-fr… ∗∗∗ A deep dive into CVE-2021–42847 - arbitrary file write and XXE in ManageEngine ADAudit Plus before 7006 ∗∗∗ --------------------------------------------- After coming across a vulnerable instance during a pentest, and discovering that no root cause analysis or PoC has ever been made available for this vulnerability, I decided to have a closer look myself. --------------------------------------------- https://medium.com/@erik.wynter/pwning-manageengine-from-endpoint-to-exploi… ∗∗∗ Brute-Force-Angriffe: Microsoft rüstet Schutzmechanismus nach ∗∗∗ --------------------------------------------- Die Windows-Updates zum Oktober-Patchday haben auch eine neue Funktion mitgebracht. Sie sperrt lokale Administratorkonten bei fehlerhaften Log-in-Versuchen. --------------------------------------------- https://heise.de/-7306276 ∗∗∗ Abo-Falle bei der Wohnungssuche auf rentola.at ∗∗∗ --------------------------------------------- Sind Sie gerade auf Wohnungssuche? Dann nehmen Sie sich vor einem undurchsichtigen Abo-Vertrag auf rentola.at in Acht. Geworben wird mit unzähligen Wohnungen in ganz Österreich und auf der ganzen Welt. Für eine erste Nachricht an Vermieter:innen müssen Sie jedoch 1 Euro bezahlen. Ein versteckter Kostenhinweis verrät: Hier landen Sie in einem teuren Abonnement! --------------------------------------------- https://www.watchlist-internet.at/news/abo-falle-bei-der-wohnungssuche-auf-… ∗∗∗ Qakbot Being Distributed as ISO Files Instead of Excel Macro ∗∗∗ --------------------------------------------- There is a recent increase in the distribution method of malware through ISO files. Among the malware, it has been identified that Qakbot, an online banking malware, has had its distribution method changed from Excel 4.0 Macro to ISO files. --------------------------------------------- https://asec.ahnlab.com/en/39537/ ∗∗∗ VMware vCenter Server bug disclosed last year still not patched ∗∗∗ --------------------------------------------- VMware informed customers today that vCenter Server 8.0 (the latest version) is still waiting for a patch to address a high-severity privilege escalation vulnerability disclosed in November 2021. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vmware-vcenter-server-bug-di… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke in Magento Open Source und Adobe Commerce - Updates verfügbar ∗∗∗ --------------------------------------------- Adobe hat Updates für die E-Commerce Software Suites Magento Open Source und Adobe Commerce herausgegeben. CVE-Nummer(n): CVE-2022-35698 CVSS Base Score: 10.0. Angreifer:innen können beliebigen Code auf betroffenen Systemen ausführen (vermutlich mit den Rechten des Webservers), und haben Zugriff auf alle Daten die im E-Commerce System gespeichert sind. --------------------------------------------- https://cert.at/de/warnungen/2022/10/kritische-sicherheitslucke-in-magento-… ∗∗∗ Microsoft Security Update Summary (11. Oktober 2022) ∗∗∗ --------------------------------------------- Am 11. Oktober 2022 hat Microsoft Sicherheitsupdates für Windows-Clients und -Server, für Office usw. – sowie für weitere Produkte – veröffentlicht. Die Sicherheitsupdates beseitigen 84 Schwachstellen … --------------------------------------------- https://www.borncity.com/blog/2022/10/11/microsoft-security-update-summary-… ∗∗∗ Exchange Server Sicherheitsupdates (11. Oktober 2022) ∗∗∗ --------------------------------------------- Microsoft hat zum 11. Oktober 2022 Sicherheitsupdates für Exchange Server 2013, Exchange Server 2016 und Exchange Server 2019 veröffentlicht. Diese Updates sollen Schwachstellen, die von externen Sicherheitspartnern gemeldet oder durch Microsoft gefunden wurden, schließen. Die seit Ende September 2022 bekannten 0-day-Schwachstellen (ProxyNotShell) werden aber nicht beseitigt. --------------------------------------------- https://www.borncity.com/blog/2022/10/12/exchange-server-sicherheitsupdates… ∗∗∗ IBM Security Bulletins 2022-10-11 ∗∗∗ --------------------------------------------- IBM Robotic Process Automation, IBM App Connect Enterprise, IBM Security Identity Management, IBM Security Guardium, IBM Cloud Pak, Rational Change, IBM Navigator Mobile Android, Rational Synergy. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Schneider Elecronic Security Advisories 2022-10-11 ∗∗∗ --------------------------------------------- 4 new, 8 updated --------------------------------------------- https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.… ∗∗∗ Webbrowser: Google schließt sechs Sicherheitslücken in Chrome ∗∗∗ --------------------------------------------- Google hat ein Update für den Webbrowser Chrome veröffentlicht. Es schließt insgesamt sechs Sicherheitslücken, von denen ein hohes Risiko ausgeht. --------------------------------------------- https://heise.de/-7305732 ∗∗∗ Fortinet-Patchday: Mehrere kritische Lücken geschlossen ∗∗∗ --------------------------------------------- Nachdem am Wochenende eine kritische Sicherheitslücke in Fortinet-Produkten bekannt wurde, hat das Unternehmen nun weitere Updates bereitgestellt. --------------------------------------------- https://heise.de/-7306400 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mediawiki and twig), Oracle (expat, gnutls and nettle, and kernel), Red Hat (expat, kernel, and kpatch-patch), and Ubuntu (advancecomp and dotnet6). --------------------------------------------- https://lwn.net/Articles/910953/ ∗∗∗ Zoom Video Communications: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter oder lokalerAngreifer kann mehrere Schwachstellen in Zoom Video Communications Zoom Client und Zoom Video Communications On-Premise ausnutzen, um einen Denial of Service Angriff durchzuführen und Sicherheitsmaßnahmen zu umgehen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1677 ∗∗∗ LibreOffice: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in LibreOffice ausnutzen, um beliebigen Programmcode auszuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1679 ∗∗∗ bingo!CMS vulnerable to authentication bypass ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN74592196/ ∗∗∗ The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN40620121/ ∗∗∗ VMSA-2022-0026 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2022-0026.html ∗∗∗ WAGO: FTP-Server - Denial-of-Service ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-047/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.10.2022
by Daily end-of-shift report 11 Oct '22

11 Oct '22

===================== = End-of-Day report = ===================== Timeframe: Montag 10-10-2022 18:00 − Dienstag 11-10-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Your Publicly Accessible Google API Key Could Be Giving Hackers Access to Your Files and Photos! ∗∗∗ --------------------------------------------- We’ve all seen them before, those long, seemingly random strings of characters starting with AIza. Yes, that’s right, the ubiquitous Google API key. --------------------------------------------- https://spidersilk.com/news/your-publicly-accessible-google-api-key-could-b… ∗∗∗ Fortinet Confirms Zero-Day Vulnerability Exploited in One Attack ∗∗∗ --------------------------------------------- Fortinet has confirmed that the critical vulnerability whose existence came to light last week is a zero-day flaw that has been exploited in at least one attack. --------------------------------------------- https://www.securityweek.com/fortinet-confirms-zero-day-vulnerability-explo… ∗∗∗ Siemens Not Ruling Out Future Attacks Exploiting Global Private Keys for PLC Hacking ∗∗∗ --------------------------------------------- Researchers have demonstrated that threat actors could obtain global private keys that protect some of Siemens’ industrial devices, and the vendor says it cannot rule out malicious exploitation in the future. --------------------------------------------- https://www.securityweek.com/siemens-not-ruling-out-future-attacks-exploiti… ∗∗∗ Living off the Cloud. Cloudy with a Chance of Exfiltration ∗∗∗ --------------------------------------------- Unless default settings are changed, typical Office 365 (O365) licences come loaded with various services that are all usable by end users without special permissions. Power Automate can be used maliciously by compromised users or insider threats to systematically capture and exfiltrate data without having to contend with network safeguards. --------------------------------------------- https://www.pentestpartners.com/security-blog/living-off-the-cloud-cloudy-w… ∗∗∗ Betrügerisches Jobangebot auf santo-vermoegen.com ∗∗∗ --------------------------------------------- Auf „santo-vermoegen.com/infofolder“ sind aktuell freie Stellen als „Back Office Mitarbeiter“ ausgeschrieben. Der Job ist auch auf diversen Jobportalen inseriert. Die Beschreibung der Tätigkeit ist vage. Es geht lediglich hervor, dass Sie auf Ihrem privaten Bankkonto Zahlungen empfangen, protokollieren und weiterleiten. Vorsicht: Dabei handelt es sich um Geldwäsche, Sie machen sich strafbar! --------------------------------------------- https://www.watchlist-internet.at/news/betruegerisches-jobangebot-auf-santo… ∗∗∗ Exchange Server: Neue 0-day (nicht NotProxyShell, CVE-2022-41040, CVE-2022-41082) ∗∗∗ --------------------------------------------- AhnLabs schreibt, dass theoretisch die Möglichkeit besteht, dass die von dem vietnamesischen Sicherheitsunternehmen GTSC am 28. September offengelegten Schwachstellen von Microsoft Exchange Server(CVE-2022-41040, CVE-2022-41082) für die Infektion ausgenutzt wurden. Aber die Angriffsmethode, der generierte WebShell-Dateiname, und nachfolgende Angriffe nach der Installation der WebShell lassen vermuten, dass ein anderer Angreifer eine andere Zero-Day-Schwachstelle ausgenutzt hat. --------------------------------------------- https://www.borncity.com/blog/2022/10/11/exchange-server-neue-0-day-nicht-n… ∗∗∗ Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there ! ∗∗∗ --------------------------------------------- During the assessment of a PHP application, we recently came across a file upload vulnerability allowing the interpretation of PHP code inserted into valid PNG files. However, the image processing performed by the application forced us to dig deeper into the different techniques available to inject PHP payloads into this particular file format - and to make it persist through image transformations. --------------------------------------------- https://www.synacktiv.com/publications/persistent-php-payloads-in-pngs-how-… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens Security Advisories ∗∗∗ --------------------------------------------- 16 new, 11 updated --------------------------------------------- https://new.siemens.com/global/en/products/services/cert.html?d=2022-10#Sec… ∗∗∗ IBM Security Bulletins 2022-10-10 ∗∗∗ --------------------------------------------- IBM Process Mining, z/Transaction Processing Facility, Content Manager OnDemand z/OS, IBM Sterling Connect. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Exchange Zero-Day-Lücke: Nochmals nachgebesserter Workaround ∗∗∗ --------------------------------------------- Microsoft bessert den Workaround für die Zero-Day-Lücke in Exchange noch mal nach. Admins bleibt nur zu hoffen, dass die jetzige Regel bis zum Update hält. --------------------------------------------- https://heise.de/-7304522 ∗∗∗ SAP-Patchday: 15 neue Sicherheitswarnungen im Oktober ∗∗∗ --------------------------------------------- Die von SAP zum Oktober-Patchday verfügbaren Updates schließen unter anderem zwei kritische Sicherheitslücken. --------------------------------------------- https://heise.de/-7305149 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (connman, dbus, git, isc-dhcp, strongswan, and wordpress), Fedora (rubygem-pdfkit and seamonkey), Red Hat (gnutls, nettle, rh-ruby27-ruby, and rh-ruby30-ruby), SUSE (libgsasl, python, and snakeyaml), and Ubuntu (graphite2, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-raspi, linux, linux-aws, linux-bluefield, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux-hwe, linux-oracle, openssh, and pcre3). --------------------------------------------- https://lwn.net/Articles/910828/ ∗∗∗ iOS 16.0.3 freigegeben ∗∗∗ --------------------------------------------- Apple hat zum 10. Oktober 2022 iOS 16.0.3 für neuere iPhone-Modelle freigegeben. Es handelt sich um ein Sicherheitsupdate, welches die Sicherheitslücke CVE-2022-22658 in Mail beseitigen soll. --------------------------------------------- https://www.borncity.com/blog/2022/10/11/ios-16-0-3-freigegeben/ ∗∗∗ OpenSSL Security Advisory [11 October 2022] ∗∗∗ --------------------------------------------- https://www.openssl.org/news/secadv/20221011.txt ∗∗∗ Xen Security Advisory CVE-2022-33749 / XSA-413 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-413.html ∗∗∗ Xen Security Advisory CVE-2022-33748 / XSA-411 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-411.html ∗∗∗ Xen Security Advisory CVE-2022-33746 / XSA-410 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-410.html ∗∗∗ Xen Security Advisory CVE-2022-33747 / XSA-409 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-409.html ∗∗∗ PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-046/ ∗∗∗ Hashicorp Vagrant: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1669 ∗∗∗ Octopus Deploy: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1663 ∗∗∗ Citrix Hypervisor Security Bulletin for CVE-2022-33748 & CVE-2022-33749 ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX465146/citrix-hypervisor-security-bul… ∗∗∗ Altair HyperView Player ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-284-01 ∗∗∗ Daikin Holdings Singapore Pte Ltd. SVMPC1 and SVMPC2 ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-284-02 ∗∗∗ Sensormatic Electronics C-CURE 9000 ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-284-03 ∗∗∗ Lenovo: IPV6 VLAN Stacking Vulnerability ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500520-IPV6-VLAN-STACKING-VULN… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.10.2022
by Daily end-of-shift report 10 Oct '22

10 Oct '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-10-2022 18:00 − Montag 10-10-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Fake adult sites push data wipers disguised as ransomware ∗∗∗ --------------------------------------------- Malicious adult websites push fake ransomware which, in reality, acts as a wiper that quietly tries to delete almost all of the data on your device. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-adult-sites-push-data-w… ∗∗∗ Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server ∗∗∗ --------------------------------------------- A correction was made to the string in step 6 and step 9 in the URL Rewrite rule mitigation Option 3. Steps 8, 9, and 10 have updated images. --------------------------------------------- https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-z… ∗∗∗ That thing to help protect internet traffic from hijacking? Its broken ∗∗∗ --------------------------------------------- RPKI is supposed to verify network routes. Instead, heres how it could be subverted. An internet security mechanism called Resource Public Key Infrastructure (RPKI), intended to safeguard the routing of data traffic, is broken, according to security experts from Germanys ATHENE, the National Research Center for Applied Cybersecurity. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2022/10/09/internet_tra… ∗∗∗ Groupware: Kritische Codeschmuggel-Lücke in Zimbra wird angegriffen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in der Groupware Zimbra erlaubt Angreifern, Schadcode einzuschleusen. Die Schwachstelle wird inzwischen angegriffen. Ein Workaround hilft. --------------------------------------------- https://heise.de/-7289104 ∗∗∗ Intel-CPU "Alder Lake": BIOS-Quellcode-Leak öffnet potenzielle Einfallstore ∗∗∗ --------------------------------------------- Rund 6 GByte BIOS-Daten für die CPU-Generation Core i-12000 sind Intel abhandengekommen. Darin enthalten ist Code für Sicherheitsmechanismen wie Boot Guard. --------------------------------------------- https://heise.de/-7289262 ∗∗∗ How to protect your Firefox saved passwords with a Primary Password ∗∗∗ --------------------------------------------- For better security, dont rely on browser syncing to manage your passwords. Heres a better way. --------------------------------------------- https://www.zdnet.com/article/how-to-protect-your-firefox-saved-passwords-w… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke in Fortinet Produkten - Updates verfügbar ∗∗∗ --------------------------------------------- Kritische Schwachstellen in Fortinet Produkten erlauben es Angreifenden, die Authentisierung zu umgehen und Aktionen mit Admin-Rechten auszuführen. CVE-Nummer(n): CVE-2022-40684 CVSS Base Score: 9.6. --------------------------------------------- https://cert.at/de/warnungen/2022/10/kritische-sicherheitslucken-in-fortine… ∗∗∗ IBM Security Bulletins 2022-10-07 and 2022-10-08 ∗∗∗ --------------------------------------------- IBM Partner Engagement Manager, IBM CICS TX Standard, IBM CICS TX Advanced, IBM Cloud, IBM Business Automation Workflow, IBM Security Verify Governance, IBM TXSeries, IBM Security Network Threat Analytics, IBM Security Verify Governance, IBM Jazz. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (knot-resolver and libpgjava), Fedora (booth, dotnet3.1, expat, nheko, php-twig, php-twig2, php-twig3, poppler, python-joblib, and seamonkey), Mageia (colord, dbus, enlightenment, kitty, libvncserver, php, python3, and unbound), Slackware (libksba), SUSE (cyrus-sasl, ImageMagick, and xmlgraphics-commons), and Ubuntu (nginx and thunderbird). --------------------------------------------- https://lwn.net/Articles/910724/ ∗∗∗ Critical Remote Code Execution Vulnerability Found in vm2 Sandbox Library ∗∗∗ --------------------------------------------- A critical vulnerability in vm2 may allow a remote attacker to escape the sandbox and execute arbitrary code on the host. A highly popular JavaScript sandbox library with more than 16 million monthly downloads, vm2 supports the execution of untrusted code synchronously in a single process. --------------------------------------------- https://www.securityweek.com/critical-remote-code-execution-vulnerability-f… ∗∗∗ MISP 2.4.164 released with new tag relationship feature, improvements and a security fix ∗∗∗ --------------------------------------------- We are pleased to announce the immediate availability of MISP v2.4.164 with a new tag relationship features, many improvements and a security fix. --------------------------------------------- https://www.misp-project.org/2022/10/10/MISP.2.4.164.released.html/ ∗∗∗ Trend Micro Apex One: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler oder entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um seine Privilegien zu erhöhen und Sicherheitsmaßnahmen zu umgehen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1649 ∗∗∗ ZDI-22-1399: Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-1399/ ∗∗∗ ZDI-22-1398: Centreon Contact Group SQL Injection Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-1398/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.10.2022
by Daily end-of-shift report 07 Oct '22

07 Oct '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-10-2022 18:00 − Freitag 07-10-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Powershell Backdoor with DGA Capability, (Fri, Oct 7th) ∗∗∗ --------------------------------------------- DGA ("Domain Generation Algorithm") is a popular tactic used by malware to make connections with their C2 more stealthy and difficult to block. The idea is to generate domain names periodically and use them during the defined period. An alternative is to generate a lot of domains and loop across them to find an available C2 server. Attackers just register a few domain names and can change them very quickly. --------------------------------------------- https://isc.sans.edu/diary/rss/29122 ∗∗∗ What is a Malware Attack? ∗∗∗ --------------------------------------------- A malware attack is the act of injecting malicious software to infiltrate and execute unauthorized commands within a victim’s system without their knowledge or authorization. The objectives of such an attack can vary – from stealing client information to sell as lead sources, obtaining system information for personal gain, bringing a site down to stop business or even just placing the mark of a cyber-criminal on a public domain. --------------------------------------------- https://blog.sucuri.net/2022/10/what-is-a-malware-attack.html ∗∗∗ Loads of PostgreSQL systems are sitting on the internet without SSL encryption ∗∗∗ --------------------------------------------- They probably shouldnt be connected in the first place, says database expert. Only a third of PostgreSQL databases connected to the internet use SSL for encrypted messaging, according to a cloud database provider. --------------------------------------------- https://www.theregister.com/2022/10/07/postgresql_no_ssl/ ∗∗∗ Top CVEs Actively Exploited By [..] State-Sponsored Cyber Actors ∗∗∗ --------------------------------------------- This joint Cybersecurity Advisory (CSA) provides the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by [..] state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). --------------------------------------------- https://www.cisa.gov/uscert/ncas/alerts/aa22-279a ∗∗∗ So schützen Sie sich vor Kleinanzeigen-Betrug ∗∗∗ --------------------------------------------- Egal ob Sie kaufen oder verkaufen: Schützen Sie sich auf Kleinanzeigen-Plattformen wie Willhaben, ebay, Vinted und Co. vor Kriminellen. Mit Fake-Profilen, gefälschten Zahlungsbestätigungen oder unechten Zahlungsplattformen zocken Kriminelle immer wieder Nutzer:innen ab. Wir geben Ihnen Tipps zum sicheren Kaufen und Verkaufen. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-kleinanzei… ∗∗∗ Exchange Hacks: Achtung, gut gemachte, bösartige Mails im Umlauf (7. Oktober 2022) ∗∗∗ --------------------------------------------- Die Woche wurden Administratoren von Exchange-Servern ja durch die Ende September 2022 bekannt gewordene 0-day-Schwachstellen und die Workarounds von Microsoft ziemlich gefordert. Inzwischen versuchen Cyber-Kriminelle aus dieser Situation Kapital zu schlagen. --------------------------------------------- https://www.borncity.com/blog/2022/10/07/exchange-hacks-achtung-gut-gemacht… ===================== = Vulnerabilities = ===================== ∗∗∗ Remote Code Execution in Zimbra Collaboration Suite - Workaround verfügbar ∗∗∗ --------------------------------------------- Eine kritische Schwachstelle in Zimbra Collaboration Suite erlaubt potentiell entfernten, unauthorisierten Angreifer:innen das Ausführen von beliebigem Code. Laut diversen Berichten wird diese Schwachstelle bereits aktiv ausgenutzt. Das Ausnützen der Schwachstelle durch senden einer Email mit speziell präparierten Anhängen in den Formaten .cpio, .tar, .rpm kann zu einer vollständigen Kompromittierung des Systems führen. --------------------------------------------- https://cert.at/de/warnungen/2022/10/remote-code-execution-in-zimbra-collab… ∗∗∗ Fortinet warns admins to patch critical auth bypass bug immediately ∗∗∗ --------------------------------------------- Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fortinet-warns-admins-to-pat… ∗∗∗ Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes ∗∗∗ --------------------------------------------- An attacker may trivially bypass the use of InetAddress::getAllByName to validate inputs. Note: As input validation is not an appropriate mechanism to protect against injection attacks — as opposed to output encoding and Harvard architecture-style APIs — this issue is itself considered to be of Low risk as code relying on the documented validation for such purposes should be considered insecure regardless of this issue. --------------------------------------------- https://research.nccgroup.com/2022/10/06/technical-advisory-openjdk-weak-pa… ∗∗∗ Angreifer könnten Cisco-Admins manipulierte Updates unterschieben ∗∗∗ --------------------------------------------- Es sind wichtige Sicherheitsupdates für unter anderem Cisco Expressway Series und TelePresence Video Communication Server erschienen. --------------------------------------------- https://heise.de/-7286880 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dbus, isc-dhcp, and strongswan), Fedora (booth, php, php-twig, php-twig2, and php-twig3), Oracle (expat, prometheus-jmx-exporter, and squid), Red Hat (expat, openvswitch2.11, and squid), Scientific Linux (expat and squid), SUSE (exiv2, LibVNCServer, postgresql-jdbc, protobuf, python-PyJWT, python3, slurm, squid, and webkit2gtk3), and Ubuntu (libreoffice). --------------------------------------------- https://lwn.net/Articles/910606/ ∗∗∗ VMware Patches Code Execution Vulnerability in vCenter Server ∗∗∗ --------------------------------------------- Virtualization giant VMware on Thursday announced patches for a vCenter Server vulnerability that could lead to arbitrary code execution. A centralized management utility, the vCenter Server is used for controlling virtual machines and ESXi hosts, along with their dependent components. Tracked as CVE-2022-31680 (CVSS score of 7.2), the security bug is described as an unsafe deserialization vulnerability in the platform services controller (PSC). --------------------------------------------- https://www.securityweek.com/vmware-patches-code-execution-vulnerability-vc… ∗∗∗ Growi vulnerable to improper access control ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN00845253/ ∗∗∗ IPFire WebUI vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN15411362/ ∗∗∗ Security Bulletin: IBM InfoSphere Information Server Low Level Authenticated User Can View Higher Level User And Group Listing (CVE-2022-36772) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2022-21824) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a session management vulnerability (CVE-2022-41291) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analy… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1638 ∗∗∗ Avaya Aura Application Enablement Services: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1645 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.10.2022
by Daily end-of-shift report 06 Oct '22

06 Oct '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-10-2022 18:00 − Donnerstag 06-10-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast ∗∗∗ --------------------------------------------- With just one malformed Zigbee frame, attackers could take over certain Ikea smart lightbulbs, leaving users unable to turn the lights down. --------------------------------------------- https://www.darkreading.com/application-security/ikea-smart-light-system-fl… ∗∗∗ Ransomware: Sicherheitssoftware mit legitimem Treiber deaktiviert ∗∗∗ --------------------------------------------- Die Ransomware Blackbyte nutzt die Angriffstechnik Bring your own vulnerable Driver, um Antivirensoftware zu deaktivieren. --------------------------------------------- https://www.golem.de/news/ransomware-sicherheitssoftware-mit-legitimem-trei… ∗∗∗ A look at the 2020–2022 ATM/PoS malware landscape ∗∗∗ --------------------------------------------- We looked at the number of affected ATMs and PoS terminals, geography of attacks and threat families used by cybercriminals to target victims in 2020-2022. --------------------------------------------- https://securelist.com/atm-pos-malware-landscape-2020-2022/107656/ ∗∗∗ Detecting and preventing LSASS credential dumping attacks ∗∗∗ --------------------------------------------- In this blog, we share examples of various threat actors that we’ve recently observed using the LSASS credential dumping technique. [..] Finally, we offer additional recommendations to further harden systems and prevent attackers from taking advantage of possible misconfigurations should they fail to leverage credential dumping. --------------------------------------------- https://www.microsoft.com/security/blog/2022/10/05/detecting-and-preventing… ∗∗∗ MSSQL, meet Maggie ∗∗∗ --------------------------------------------- Continuing our monitoring of signed binaries, DCSO CyTec recently found a novel backdoor malware targeting Microsoft SQL servers. [Keine kompromittierten Systeme in AT angeführt, Anm. d. Red.] --------------------------------------------- https://medium.com/@DCSO_CyTec/mssql-meet-maggie-898773df3b01 ∗∗∗ CVE-2022–36635 — A SQL Injection in ZKSecurityBio to RCE ∗∗∗ --------------------------------------------- This is a write-up of CVE-2022–36635: SQLInjection found in a platform of physical security (access control, elevator control, guest management, patrol and parking management) called ZKSecurity Bio v4.1.3 and how it was used to obtain a RCE. --------------------------------------------- https://medium.com/stolabs/cve-2022-36635-a-sql-injection-in-zksecuritybio-… ∗∗∗ Exchange Zero-Day: Microsoft bessert Workaround erneut nach ∗∗∗ --------------------------------------------- Nachdem der erste Workaround für eine Exchange Zero-Day-Lücke wirkungslos war und Microsoft nachbesserte, hat der Hersteller abermals eine Korrektur vorgelegt. --------------------------------------------- https://heise.de/-7285558 ∗∗∗ Gratis Entschlüsselungstool: Lücke in Ransomwares der Hades-Familie entdeckt ∗∗∗ --------------------------------------------- Opfer einiger Erpressungstrojan der der Hades-Familie wie MafiaWare666 können unter bestimmten Voraussetzungen wieder auf ihre Daten zugreifen. --------------------------------------------- https://heise.de/-7285784 ∗∗∗ Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style ∗∗∗ --------------------------------------------- Hidden DNS resolvers and how to compromise your infrastructure --------------------------------------------- https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-you… ∗∗∗ ESET Threat Report T2 2022 ∗∗∗ --------------------------------------------- Ein Blick auf die Bedrohungslandschaft im zweiten Drittel des Jahres 2022 aus Sicht der ESET-Telemetrie und aus der Perspektive der ESET-Experten. --------------------------------------------- https://www.welivesecurity.com/deutsch/2022/10/05/eset-threat-report-t2-202… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2022-41343 - RCE via Phar Deserialisation (Dompdf) ∗∗∗ --------------------------------------------- Dompdf is a popular library in PHP used for rendering PDF files from HTML. Tanto Security disclosed a vulnerability in Dompdf affecting version 2.0.0 and below. The vulnerability was patched in Dompdf v2.0.1. We recommend all Dompdf users update to the latest version as soon as possible. --------------------------------------------- https://tantosec.com/blog/cve-2022-41343/ ∗∗∗ Cisco Security Advisories 2022-10-05 ∗∗∗ --------------------------------------------- Cisco published 9 Security Advisories (2 High, 7 Medium Severity) --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9 and nodejs), Red Hat (prometheus-jmx-exporter and squid), Slackware (dhcp), SUSE (pngcheck and sendmail), and Ubuntu (isc-dhcp, kitty, and linux-gcp-5.4). --------------------------------------------- https://lwn.net/Articles/910492/ ∗∗∗ Internet Systems Consortium DHCP: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium DHCP ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1634 ∗∗∗ Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965] ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-busines… ∗∗∗ Security Bulletin: IBM QRadar DNS Analyzer App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-31129, CVE-2022-24785, CVE-2017-18214) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-dns-analyzer-a… ∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2021-40690, CVE-2022-25647, XFID: 233967) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-wo… ∗∗∗ Security Bulletin: IBM HTTP Server is vulnerable to arbitrary code execution due to Expat (CVE-2022-40674) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-http-server-is-vulner… ∗∗∗ K10812540: OpenJDK vulnerability CVE-2019-18197 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10812540?utm_source=f5support&utm_mediu… ∗∗∗ Rockwell Automation FactoryTalk VantagePoint ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-279-01 ∗∗∗ HIWIN Robot System Software (HRSS) ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-279-02 ∗∗∗ Schwachstelle in SPRECON-V460 Visualisierungssoftware ∗∗∗ --------------------------------------------- https://www.sprecher-automation.com/it-sicherheit/security-alerts -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.10.2022
by Daily end-of-shift report 05 Oct '22

05 Oct '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-10-2022 18:00 − Mittwoch 05-10-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Exchange Zero-Day: Microsoft korrigiert Workaround ∗∗∗ --------------------------------------------- Der zuerst vorgeschlagene Workaround für die Zero-Day-Lücke ProxyNotShell in Exchange ließ sich einfach umgehen. Microsoft liefert eine korrigierte Fassung. --------------------------------------------- https://heise.de/-7284241 ∗∗∗ Ende von Basic Auth: Brute-Force-Angriffe auf Microsoft Exchange nehmen zu ∗∗∗ --------------------------------------------- Microsoft berichtet von vielen Angriffen auf E-Mail-Konten, die noch die einfache Authentifizierung nutzen. Kunden sollen rasch handeln. --------------------------------------------- https://www.golem.de/news/ende-von-basic-auth-brute-force-angriffe-auf-micr… ∗∗∗ Post-Exploitation Persistent Email Forwarder in Outlook Desktop ∗∗∗ --------------------------------------------- There is an exploitation method that can automatically forward emails CC’d to external addresses via an Outlook Desktop rule, even when this action is prevented on the corporate Exchange server. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/post-exploi… ∗∗∗ GandCrab bedroht Deutschland ∗∗∗ --------------------------------------------- Die Ransomware GandCrab dominiert in Deutschland, Österreich und der Schweiz die ESET Erkennungsstatistiken. Nahezu jeder vierte Ransomware-Fund geht auf GandCrab zurück. --------------------------------------------- https://www.zdnet.de/88403902/gandcrab-bedroht-deutschland/ ∗∗∗ Vorsicht vor Blackout-Shops wie dyn-amo.de und dynamos.at! ∗∗∗ --------------------------------------------- Immer wieder wird aktuell von der Möglichkeit kurzzeitiger Blackouts, also großflächiger Strom-, Internet- oder Heizungsausfälle berichtet. Unseriöse Online-Shops wie jene von ECOM4YOU, HAPPY SHOPPING oder Shopfactory24 GmbH bauen auf die Ängste ihrer Kundinnen und Kunden und bieten Notfall-Sets für Blackouts an. Vorsicht, wir haben es getestet: Die Produkte sind überteuert, die Lieferzeiten lang, die Qualität teils minderwertig und [...] --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-blackout-shops-wie-dyn-… ∗∗∗ Shadowserver Alliance Launch ∗∗∗ --------------------------------------------- The Shadowserver Foundation today launched its new Alliance to Continue to Build a Safer, More Secure Internet. The new Shadowserver Alliance partner program will accelerate growth and scale up delivery of no cost cybersecurity and cyber threat intelligence services to internet defender organizations and law enforcement. The Alliance represents a significant expansion to Shadowservers freely provided internet security services and enables partners, [...] --------------------------------------------- https://www.shadowserver.org/news/shadowserver-alliance-launch/ ∗∗∗ Credential Harvesting with Telegram API, (Tue, Oct 4th) ∗∗∗ --------------------------------------------- Phishing emails are a daily occurrence and many times it ends with credential harvesting. An email initially lures a user to a website that promised an anticipated file. The landing page taunts a user to click on an additional link and enter their credentials. In this case, the credentials entered by the user are not sent back to the bad actor using a simple web form but using the Telegram API [1]. --------------------------------------------- https://isc.sans.edu/diary/rss/29112 ∗∗∗ How to Secure & Harden Your Joomla! Website in 12 Steps ∗∗∗ --------------------------------------------- At Sucuri, we’re often asked how website owners and webmasters can secure their websites. However, advice can often be too broad; different content management systems (CMS) exist in this ecosystem and each require a unique security configuration. --------------------------------------------- https://blog.sucuri.net/2022/10/how-to-secure-harden-your-joomla-website-in… ∗∗∗ Securing Developer Tools: A New Supply Chain Attack on PHP ∗∗∗ --------------------------------------------- Supply chain attacks are a hot topic for development organizations today. Last year, in the largest ever software supply chain attack, a backdoor infected 18,000 SolarWinds customers. Earlier this year, a security researcher was able to breach Apple, Microsoft, Paypal, and other tech giants using a new supply chain attack technique. --------------------------------------------- https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-at… ∗∗∗ Our Fox-IT Dissect framework for forensic data collection, now open source ∗∗∗ --------------------------------------------- Dissect is a framework for collecting and analysing large amounts of forensic data. A game changer in cyber incident response, it enables data acquisition on thousands of systems within hours, regardless of the nature and size of the IT environment to be investigated after an attack. --------------------------------------------- https://www.mynewsdesk.com/nccgroup/pressreleases/our-fox-it-dissect-framew… ∗∗∗ Change in Magniber Ransomware (*.js → *.wsf) – September 28th ∗∗∗ --------------------------------------------- The ASEC analysis team has explained through the blog post on September 8th that the Magniber ransomware has changed from having a CPL extension to a JSE extension. The attacker made another change after September 8th, changing the file extension from JSE to JS on September 16th. And on September 28th, the attacker changed the distribution method once again, changing the file extension from JS to WSF. It seems the attacker is continuously distributing variations to bypass various detection [...] --------------------------------------------- https://asec.ahnlab.com/en/39489/ ∗∗∗ How Water Labbu Exploits Electron-Based Applications ∗∗∗ --------------------------------------------- In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors. --------------------------------------------- https://www.trendmicro.com/en_us/research/22/j/how-water-labbu-exploits-ele… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Angreifer könnten ihre Rechte unter Android 10 bis 13 hochstufen ∗∗∗ --------------------------------------------- Wichtige Sicherheitsupdates schließen zum Teil kritische Lücken in verschiedenen Android-Versionen. --------------------------------------------- https://heise.de/-7284409 ∗∗∗ Aruba: Kritische Sicherheitslücke in Access Points ∗∗∗ --------------------------------------------- Aruba warnt vor kritischen Sicherheitslücken in den eigenen Access Points. --------------------------------------------- https://heise.de/-7284335 ∗∗∗ IBM Security Bulletins 2022-10-04 ∗∗∗ --------------------------------------------- IBM Tivoli Netcool Impact, IBM Tivoli Business Service Manage, IBM Tivoli Monitoring, IBM WebSphere Application Server Liberty, IBM QRadar SIEM, IBM Security Guardium, Rational Business Developer, IBM Cloud Pak for Watson, IBM i Modernization Engine, IBM CICS TX Advanced, IBM Planning Analytics Workspace, IBM Security Guardium. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (barbican, mediawiki, and php-twig), Fedora (bash, chromium, lighttpd, postgresql-jdbc, and scala), Mageia (bash, chromium-browser-stable, and golang), Oracle (bind, bind9.16, and squid:4), Red Hat (bind, bind9.16, RHSSO, and squid:4), Scientific Linux (bind), SUSE (cifs-utils, libjpeg-turbo, nodejs14, and nodejs16), and Ubuntu (jackd2, linux-gke, and linux-intel-iotg). --------------------------------------------- https://lwn.net/Articles/910395/ ∗∗∗ SA45476 - Client Side Desync Attack (Informational) ∗∗∗ --------------------------------------------- The deprecated Pulse Collaboration feature is vulnerable to Client-Side Desync attacks on versions of PCS 9.1R15 and below. --------------------------------------------- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-D… ∗∗∗ OpenSSH: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1621 ∗∗∗ Keycloak: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1624 ∗∗∗ Octopus Deploy: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1625 ∗∗∗ Matomo: Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1626 ∗∗∗ BD Totalys MultiProcessor ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-22-277-01 ∗∗∗ Johnson Controls Metasys ADX Server ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-277-01 ∗∗∗ Hitachi Energy Modular Switchgear Monitoring (MSM) ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-277-02 ∗∗∗ Horner Automation Cscape ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-277-03 ∗∗∗ OMRON CX-Programmer ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-277-04 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.10.2022
by Daily end-of-shift report 04 Oct '22

04 Oct '22

===================== = End-of-Day report = ===================== Timeframe: Montag 03-10-2022 18:00 − Dienstag 04-10-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Live support service hacked to spread malware in supply chain attack ∗∗∗ --------------------------------------------- The official installer for the Comm100 Live Chat application, a widely deployed SaaS (software-as-a-service) that businesses use for customer communication and website visitors, was trojanized as part of a new supply-chain attack. --------------------------------------------- https://www.bleepingcomputer.com/news/security/live-support-service-hacked-… ∗∗∗ Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub ∗∗∗ --------------------------------------------- Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-microsoft-exchange-prox… ∗∗∗ OnionPoison: infected Tor Browser installer distributed through popular YouTube channel ∗∗∗ --------------------------------------------- Kaspersky researchers detected OnionPoison campaign: malicious Tor Browser installer spreading through a popular YouTube channel and targeting Chinese users. --------------------------------------------- https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/1… ∗∗∗ CISA verdonnert US-Behörden zu besserer Netzwerkkontrolle ∗∗∗ --------------------------------------------- Die US-Cybersicherheitsbehörde CISA hat eine verbindliche Direktive erlassen. Nach der müssen alle Bundesbehörden ihre Netzwerke regelmäßig untersuchen. --------------------------------------------- https://heise.de/-7283699 ∗∗∗ Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices ∗∗∗ --------------------------------------------- NXP’s HABv4 API documentation references a now-mitigated defect in ROM-resident High Assurance Boot (HAB) functionality present in devices with HAB version < 4.3.7. I could find no further public documentation on whether this constituted a vulnerability or an otherwise “uninteresting” errata item, so I analyzed it myself! --------------------------------------------- https://research.nccgroup.com/2022/10/03/shining-new-light-on-an-old-rom-vu… ∗∗∗ Mit tragbaren Heizgeräten Strom sparen? Fallen Sie nicht auf dieses Fake-Produkt herein! ∗∗∗ --------------------------------------------- Online-Shops wie ultraheatpro.com und valty-heater.com bewerben aktuell einen Stecker, der Räume in weniger als 2 Minuten aufheizt. Die sehr kleinen und kabellosen Heizgeräte verbrauchen angeblich kaum Strom, reduzieren Heizkosten und verursachen keinen Lärm. Beim Kauf dieser „Wundergeräte“ verschwenden Sie aber Ihr Geld, denn Sie bekommen, wenn überhaupt, ein funktionsloses Gerät zugesendet. --------------------------------------------- https://www.watchlist-internet.at/news/mit-tragbaren-heizgeraeten-strom-spa… ∗∗∗ Developer account body snatchers pose risks to the software supply chain ∗∗∗ --------------------------------------------- Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research. Developer account takeovers present a substantial risk to the software supply chain because attackers who successfully compromise a developer account could conceal malicious code in software packages used by others. --------------------------------------------- http://blog.talosintelligence.com/2022/10/developer-account-body-snatchers-… ∗∗∗ Tracking Earth Aughisky’s Malware and Changes ∗∗∗ --------------------------------------------- For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed. --------------------------------------------- https://www.trendmicro.com/en_us/research/22/j/tracking-earth-aughiskys-mal… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins 2022-10-03 ∗∗∗ --------------------------------------------- IBM Robotic Process Automation, IBM WebSphere Application Server Liberty, IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, IBM FlashSystem, Content Manager OnDemand z/OS, IBM Spectrum Copy Data Management, CloudPak for Watson AIOPs, IBM MaaS360, Tivoli Netcool/OMNIbus WebGUI, CP4D Match 360. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (barbican), Fedora (libdxfrw, librecad, and python-oauthlib), Oracle (bind), Red Hat (bind and rh-python38-python), SUSE (bind, chromium, colord, libcroco, libgit2, lighttpd, nodejs12, python, python3, slurm, slurm_20_02, and webkit2gtk3), and Ubuntu (linux-azure, python-django, strongswan, and wayland). --------------------------------------------- https://lwn.net/Articles/910300/ ∗∗∗ Aruba ArubaOS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um beliebigen Programmcode auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1606 ∗∗∗ MediaWiki: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um Sicherheitsvorkehrungen zu umgehen und vertrauliche Informationen offenzulegen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1604 ∗∗∗ Hitachi Storage: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Hitachi Storage ausnutzen, um seine Privilegien zu erhöhen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1601 ∗∗∗ FasterXML Jackson: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- Ein Angreifer kann mehrere Schwachstellen in FasterXML Jackson ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1608 ∗∗∗ Netgate pfSense: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Netgate pfSense ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1609 ∗∗∗ Android-Sicherheitsbulletin – Oktober 2022 ∗∗∗ --------------------------------------------- https://source.android.com/docs/security/bulletin/2022-10-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.10.2022
by Daily end-of-shift report 03 Oct '22

03 Oct '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-09-2022 18:00 − Montag 03-10-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server ∗∗∗ --------------------------------------------- October 2, 2022 updates: Added to the Mitigations section: we strongly recommend Exchange Server customers to disable remote PowerShell access for non-admin users in your organization. Guidance on how to do this for single user or multiple users is here. Updated Detection section to refer to Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and [...] --------------------------------------------- https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-z… ∗∗∗ Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 ∗∗∗ --------------------------------------------- MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks. --------------------------------------------- https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-… ∗∗∗ Achtung, Phishing boomt! Security-Checkliste zu den 6 meist verbreiteten Methoden ∗∗∗ --------------------------------------------- Dass Phishing derzeit besonders häufig von Cyberkriminellen eingesetzt wird, um in IT-Systeme einzudringen, belegen viele aktuelle Statistiken. --------------------------------------------- https://sec-consult.com/de/blog/detail/6-common-types-of-phishing-attacks/ ∗∗∗ Sicherheitsupdate Drupal: Angreifer könnten auf Zugangsdaten zugreifen ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für das Content Management System Drupal. --------------------------------------------- https://heise.de/-7282401 ∗∗∗ Jetzt patchen! Attacken auf Atlassian Bitbucket Server ∗∗∗ --------------------------------------------- Sicherheitsforscher und eine US-Sicherheitsbehörde warnen davor, dass Angreifer Bitbucket Server im Visier haben. --------------------------------------------- https://heise.de/-7282369 ∗∗∗ Backdoor in Windows-Logo versteckt ∗∗∗ --------------------------------------------- Eine Hackergruppe hat bei Angriffen auf Regierungen Steganografie verwendet, um Schadsoftware über harmlos aussehende Bitmaps nachzuladen. --------------------------------------------- https://heise.de/-7282730 ∗∗∗ Fake-Shops fälschen Klarna-Zahlungsprozess ∗∗∗ --------------------------------------------- Die Online-Shops schmitt-drogerie.com und ohnesorge-fachhandel.com sind betrügerisch. Produkte, die Sie hier bestellen, werden nicht geliefert. Die Bezahlung erfolgt angeblich per „Klarna Sofortüberweisung“. Doch Vorsicht: Der Zahlungsprozess wurde gefälscht. Sie sind nicht auf der echten Klarna-Zahlungsseite, sondern auf einer nachgebauten Website, mit der Ihre Bankdaten gestohlen werden. --------------------------------------------- https://www.watchlist-internet.at/news/fake-shops-faelschen-klarna-zahlungs… ∗∗∗ 11 old software bugs that took way too long to squash ∗∗∗ --------------------------------------------- In 2021, a vulnerability was revealed in a system that lay at the foundation of modern computing. An attacker could force the system to execute arbitrary code. Shockingly, the vulnerable code was almost 54 years old—and there was no patch available, and no expectation that one would be forthcoming. Fortunately, thats because the system in question was Marvin Minskys 1967 implementation of a Universal Turing Machine, [...] --------------------------------------------- https://www.csoonline.com/article/3620948/10-old-software-bugs-that-took-wa… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins 2022-09-30 ∗∗∗ --------------------------------------------- IBM MQ, IBM Tivoli Monitoring Basic Services, IBM Event Streams, The IBM® Engineering Requirements Management, Rational Change Fix Pack, BM Tivoli Monitoring Data Provider, IBM Virtualization Engine, IBM Content Manager OnDemand, IBM Security Identity Governance and Intelligence, IBM Robotic Process Automation, IBM Jazz Technology, IBM Tivoli Composite Application Manager, IBM Case Manager, IBM Cloud Pak for Business Automation, Rational Synergy. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ macOS: Apps können Festplattenvollzugriff des Terminals missbrauchen ∗∗∗ --------------------------------------------- Programme, die nicht in einer Sandbox laufen, können den Systemschutz TCC von macOS umgehen, sobald man dem Terminal Festplattenvollzugriff gestattet. --------------------------------------------- https://heise.de/-7282104 ∗∗∗ Thunderbird: Angreifer könnten Absender verschlüsselter Nachrichten fälschen ∗∗∗ --------------------------------------------- Sicherheitslücken im Matrix-Chat-SDK machen den Mail-Client Thunderbird verwundbar. Eine aktualisierte Version schafft Abhilfe. --------------------------------------------- https://heise.de/-7282339 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, gdal, kernel, libdatetime-timezone-perl, libhttp-daemon-perl, lighttpd, mariadb-10.3, node-thenify, snakeyaml, tinyxml, and tzdata), Fedora (enlightenment, kitty, and thunderbird), Mageia (expat, firejail, libjpeg, nodejs, perl-HTTP-Daemon, python-mako, squid, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (buildah, connman, cosign, expat, ImageMagick, python36, python39, slurm, and webkit2gtk3), and Ubuntu (linux, [...] --------------------------------------------- https://lwn.net/Articles/910161/ ∗∗∗ K21600298: OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21600298?utm_source=f5support&utm_mediu… ∗∗∗ Update - 0-day Exploit Remote Code Execution in Microsoft Exchange On-Premise – Workaround verfügbar ∗∗∗ --------------------------------------------- https://cert.at/de/warnungen/2022/10/0-day-exploit-remote-code-execution-in… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.09.2022
by Daily end-of-shift report 30 Sep '22

30 Sep '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 29-09-2022 18:00 − Freitag 30-09-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Zero-Day-Attacken auf Microsoft Exchange Server – Sicherheitspatches fehlen ∗∗∗ --------------------------------------------- Aufgrund von Angriffen und bislang fehlenden Patches sollten Admins Exchange Server über einen Workaround absichern. --------------------------------------------- https://heise.de/-7280460 ∗∗∗ Microsoft warnt: Angriffe mit Linkedin und präparierter Open-Source-Software ∗∗∗ --------------------------------------------- Laut Microsoft führen staatliche Hacker derzeit Angriffe auf Linkedin durch. Dabei arbeiten sie mit um Schadfunktionen erweiterter Open-Source-Software. --------------------------------------------- https://www.golem.de/news/microsoft-warnt-angriffe-mit-linkedin-und-praepar… ∗∗∗ Hacking group hides backdoor malware inside Windows logo image ∗∗∗ --------------------------------------------- Security researchers have discovered a malicious campaign by the Witchetty hacking group, which uses steganography to hide a backdoor malware in a Windows logo. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hacking-group-hides-backdoor… ∗∗∗ Detecting Mimikatz with Busylight ∗∗∗ --------------------------------------------- In 2015 Raphael Mudge released an article [1] that detailed that versions of mimikatz released after 8th of October, 2015 had a new module that was utilising certain types of external USB devices to flash lights in different colours if mimikatz was executed. The technique presented in the article required certain kind of busylights that [...] --------------------------------------------- https://research.nccgroup.com/2022/09/30/detecting-mimikatz-with-busylight/ ∗∗∗ CISA Publishes User Guide to Prepare for Nov. 1 Move to TLP 2.0 ∗∗∗ --------------------------------------------- CISA has published its Traffic Light Protocol 2.0 User Guide and Traffic Light Protocol: Moving to Version 2.0 fact sheet in preparation for its November 1, 2022 move from Traffic Light Protocol (TLP) Version 1.0 to TLP 2.0. Managed by the Forum of Incident Response and Security Teams (FIRST), TLP is a system of markings that communicates information sharing permissions. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/09/29/cisa-publishes-us… ∗∗∗ Mandiant, VMware und US-CERT warnen vor Malware, die auf VMware ESXi Server zielt ∗∗∗ --------------------------------------------- Der von Google übernommene Sicherheitsanbieter Mandiant ist auf eine neue Malware-Familie (VirtualPITA, VirtualPIE und VirtualGATE) gestoßen, die es auf Virtualisierunglösungen wie VMware ESXi Server abgesehen hat und spezialisierte Techniken zum Eindringen verwendet. VMware hat einen entsprechenden Sicherheitshinweis veröffentlicht, [...] --------------------------------------------- https://www.borncity.com/blog/2022/09/30/mandiant-vmware-und-us-cert-warnen… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-22-1325: SolarWinds Network Performance Monitor UpdateActionsDescriptions SQL Injection Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-1325/ ∗∗∗ IBM Security Bulletins 2022-09-29 ∗∗∗ --------------------------------------------- IBM Robotic Process Automation, Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint, Content Collector for IBM Connections, IBM Spectrum Fusion HCI, IBM MQ, IBM MQ Blockchain bridge, IBM QRadar User Behavior Analytics. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libsndfile and libvncserver), Fedora (bash), Red Hat (httpd24-httpd, java-1.7.1-ibm, and java-1.8.0-ibm), and SUSE (krb5-appl, libjpeg-turbo, python310, and slurm_20_02). --------------------------------------------- https://lwn.net/Articles/909947/ ∗∗∗ GitLab: Mehrere Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1582 ∗∗∗ vim: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in vim ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1584 ∗∗∗ F-Secure und WithSecure Produkte: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter Angreifer kann eine Schwachstelle in F-Secure und WithSecure Produkten ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1591 ∗∗∗ BookStack vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN78862034/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.09.2022
by Daily end-of-shift report 29 Sep '22

29 Sep '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-09-2022 18:00 − Donnerstag 29-09-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ New Royal Ransomware emerges in multi-million dollar attacks ∗∗∗ --------------------------------------------- A new ransomware operation named Royal is quickly ramping up, targeting corporations with ransom demands ranging from $250,000 to over $2 million. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-royal-ransomware-emerges… ∗∗∗ The secrets of Schneider Electric’s UMAS protocol ∗∗∗ --------------------------------------------- Kaspersky ICS CERT report on vulnerabilities in Schneider Electrics engineering software that enables UMAS protocol abuse. --------------------------------------------- https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107… ∗∗∗ Report Shows How Long It Takes Ethical Hackers to Execute Attacks ∗∗∗ --------------------------------------------- A survey of more than 300 ethical hackers conducted by cybersecurity companies Bishop Fox and SANS Institute found that many could execute an end-to-end attack in less than a day. --------------------------------------------- https://www.securityweek.com/report-shows-how-long-it-takes-ethical-hackers… ∗∗∗ Exchange Health Checker – Script-Erweiterungen von Frank Zöchling ∗∗∗ --------------------------------------------- Von Microsoft gibt es den Exchange Health Checker, ein PowerShell-Script zur Überprüfung von On-Premises Exchange-Installationen auf Probleme. Das Script wird durch Microsoft wohl kontinuierlich weiter entwickelt. Frank Zöchling hat sich das Thema jetzt mal vorgenommen und das Ganze um ein Script erweitert, um wichtige Einstellungen beim Prüfen einer Exchange-Installation automatisch vorzunehmen. --------------------------------------------- https://www.borncity.com/blog/2022/09/29/exchange-health-checker-script-erw… ===================== = Vulnerabilities = ===================== ∗∗∗ New malware backdoors VMware ESXi servers to hijack virtual machines ∗∗∗ --------------------------------------------- Hackers have found a new method to establish persistence on VMware ESXi hypervisors to control vCenter servers and virtual machines for Windows and Linux while avoiding detection. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-malware-backdoors-vmware… ∗∗∗ Root-Lücke: Selbstheilungsfunktion gefährdet Cisco-Netzwerkhardware ∗∗∗ --------------------------------------------- Wichtige Sicherheitsupdates schließen mehrere Lücken in Ciscos Netzwerkbetriebssystem IOS und weiterer Software. --------------------------------------------- https://heise.de/-7279116 ∗∗∗ Matrix chat encryption sunk by five now-patched holes ∗∗∗ --------------------------------------------- You take the green pill, youll spend six hours in a dont roll your own crypto debate. Four security researchers have identified five cryptographic vulnerabilities in code libraries that can be exploited to undermine Matrix encrypted chat clients. --------------------------------------------- https://www.theregister.com/2022/09/28/matrix_encryption_flaws/ ∗∗∗ IBM Security Bulletins 2022-09-28 ∗∗∗ --------------------------------------------- IBM Content Manager OnDemand, SPSS Collaboration and Deployment Services, IBM Decision Optimization Center, IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, IBM Spectrum Protect for Virtual Environments, IBM MQ Operator and Queue manager container images, TXSeries, Rational Service Tester, IBM ILOG CPLEX Optimization Studio, IBM CICS TX Standard and Advanced, IBM SDK, Enterprise Content Management System Monitor, AIX, IBM Robotic Process Automation, IBM WebSphere Application Server Liberty. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, lighttpd, and webkit2gtk), Fedora (firefox, gajim, libofx, and python-nbxmpp), Gentoo (bluez, chromium, expat, firefox, go, graphicsmagick, kitty, php, poppler, redis, thunderbird, and zutty), Oracle (firefox and thunderbird), Red Hat (kernel), Slackware (xorg), SUSE (expat, libostree, lighttpd, python3-lxml, rust1.62, slurm, slurm_18_08, and vsftpd), and Ubuntu (libxi, linux-gcp, postgresql-9.5, and sqlite3). --------------------------------------------- https://lwn.net/Articles/909870/ ∗∗∗ Drupal Updates Patch Vulnerability in Twig Template Engine ∗∗∗ --------------------------------------------- Updates announced for Drupal this week address a severe vulnerability in Twig that could lead to the leakage of sensitive information. --------------------------------------------- https://www.securityweek.com/drupal-updates-patch-vulnerability-twig-templa… ∗∗∗ PHP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in PHP ausnutzen, um einen Denial of Service Angriff durchzuführen und um Sicherheitsmechanismen zu umgehen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1567 ∗∗∗ Notepad++: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann eine Schwachstelle in Notepad++ ausnutzen, um beliebigen Programmcode auszuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1559 ∗∗∗ Apache Tomcat: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat ausnutzen, um Informationen offenzulegen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1558 ∗∗∗ xpdf: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in xpdf ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1570 ∗∗∗ Thunderbird 102.3.1 freigegeben ∗∗∗ --------------------------------------------- Die Entwickler des Thunderbird haben zum 28. September 2022 ein weiteres Update des E-Mail Client auf die Version 102.3.1 freigegeben. Es ist ein Bug-Fix-Update, welches eine Reihe an Problemen und Schwachstellen beheben soll. --------------------------------------------- https://www.borncity.com/blog/2022/09/29/thunderbird-102-3-1-freigegeben/ ∗∗∗ CVE-2022-37461: Two Reflected XSS Vulnerabilities in Canon Medical’s Vitrea View ∗∗∗ --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-37… ∗∗∗ Hitachi Energy MicroSCADA Pro X SYS600_8DBD000107 ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-272-02 ∗∗∗ Hitachi Energy MicroSCADA Pro X SYS600_8DBD000106 ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-272-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily