Daily

daily@lists.cert.at

1 participants
3150 discussions

Tageszusammenfassung - 07.12.2022
by Daily end-of-shift report 07 Dec '22

07 Dec '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-12-2022 18:00 − Mittwoch 07-12-2022 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers ∗∗∗ --------------------------------------------- Microsoft, three others release patches to fix a vulnerability in their respective products that enables such manipulation. Other EDR products potentially are affected as well. --------------------------------------------- https://www.darkreading.com/vulnerabilities-threats/cyberattackers-popular-… ∗∗∗ DEV-0139 launches targeted attacks against the cryptocurrency industry ∗∗∗ --------------------------------------------- Microsoft security researchers investigate an attack where the threat actor, tracked DEV-0139, used chat groups to target specific cryptocurrency investment companies and run a backdoor within their network. --------------------------------------------- https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-… ∗∗∗ New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network ∗∗∗ --------------------------------------------- A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. --------------------------------------------- https://thehackernews.com/2022/12/new-go-based-zerobot-botnet-exploiting.ht… ∗∗∗ ChatGPT shows promise of using AI to write malware ∗∗∗ --------------------------------------------- For even the most skilled hackers, it can take at least an hour to write a script to exploit a software vulnerability and infiltrate their target. Soon, a machine may be able to do it in mere seconds. --------------------------------------------- https://www.cyberscoop.com/chatgpt-ai-malware/ ∗∗∗ So schützen Sie sich vor Scams ∗∗∗ --------------------------------------------- Beim Scamming - auch Vorschussbetrug genannt - versuchen Kriminelle, Sie zu einer Vorauszahlung zu drängen. Sie werden beispielsweise mit einem Millionengewinn, einer Erbschaft oder einem günstigen Kreditangebot geködert. --------------------------------------------- https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-scams/ ∗∗∗ OpenSSL punycode – with hindsight ∗∗∗ --------------------------------------------- The next Heartbleeds were about to be announced, two critical vulnerabilities that affect everyone and everything, everywhere. And then they were released. And everyone was let down. --------------------------------------------- https://blog.checkpoint.com/2022/12/07/openssl-punycode-with-hindsight/ ∗∗∗ Malware Distributed with Disguised Filenames (RIGHT-TO-LEFT OVERRIDE) ∗∗∗ --------------------------------------------- In August, the ASEC analysis team made a post on the malware being distributed with filenames that utilize RTLO (Right-To-Left Override). --------------------------------------------- https://asec.ahnlab.com/en/43518/ ∗∗∗ Industry 4.0: CNC Machine Security Risks Part 3 ∗∗∗ --------------------------------------------- This three-part blog series explores the risks associated with CNC machines --------------------------------------------- https://www.trendmicro.com/en_us/research/22/l/cnc-machine-security-risks-p… ===================== = Vulnerabilities = ===================== ∗∗∗ Fortinet schließt Sicherheitslücken in mehreren Produkten ∗∗∗ --------------------------------------------- Für zahlreiche Produkte aus dem Portfolio hat Fortinet Sicherheitsupdates herausgegeben. Sie schließen teils hochriskante Schwachstellen. --------------------------------------------- https://heise.de/-7368520 ∗∗∗ Dienste-Monitoring: Angreifer können Cacti beliebigen Code unterschieben ∗∗∗ --------------------------------------------- In der Webanwendung Cacti, die etwa zur Diensteüberwachung dient, könnten Angreifer beliebigen Code einschleusen und ausführen. Ein Patch ist verfügbar. --------------------------------------------- https://heise.de/-7369455 ∗∗∗ Jetzt patchen: Fehlkonfiguration in Netgear-Router lässt Angreifer auf das Gerät ∗∗∗ --------------------------------------------- Forscher warnen vor Fremdzugriffen auf den Nighthawk WiFi 6 Router von Netgear. Ein Update ist verfügbar, soll sich aber nicht automatisch installieren. --------------------------------------------- https://heise.de/-7369071 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cgal, ruby-rails-html-sanitizer, and xfce4-settings), Red Hat (dbus, grub2, kernel, pki-core, and usbguard), Scientific Linux (pki-core), SUSE (bcel, LibVNCServer, and xen), and Ubuntu (ca-certificates and u-boot). --------------------------------------------- https://lwn.net/Articles/917208/ ∗∗∗ Cross-Site Scripting in Handy Macros for Confluence (SYSS-2022-049) ∗∗∗ --------------------------------------------- Durch eine Cross-Site Scripting-Schwachstelle im "Handy Tip"-Makro in Handy Macros for Confluence kann ausführbarer Schadcode in Seiten eingebaut werden. --------------------------------------------- https://www.syss.de/pentest-blog/cross-site-scripting-in-handy-macros-for-c… ∗∗∗ K35253541: Java vulnerabilities CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14797 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35253541 ∗∗∗ K71522481: Java vulnerability CVE-2021-2163 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K71522481 ∗∗∗ Sprecher SPRECON-E-C/-E-P/-E-T3: Schwachstelle in der Firmwareverifikation ∗∗∗ --------------------------------------------- https://www.sprecher-automation.com/it-sicherheit/security-alerts -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.12.2022
by Daily end-of-shift report 06 Dec '22

06 Dec '22

===================== = End-of-Day report = ===================== Timeframe: Montag 05-12-2022 18:00 − Dienstag 06-12-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers hijack Linux devices using PRoot isolated filesystems ∗∗∗ --------------------------------------------- Hackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-hijack-linux-devices… ∗∗∗ Sneaky hackers reverse defense mitigations when detected ∗∗∗ --------------------------------------------- A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sneaky-hackers-reverse-defen… ∗∗∗ Mirai Botnet and Gafgyt DDoS Team Up Against SOHO Routers., (Tue, Dec 6th) ∗∗∗ --------------------------------------------- Since 2014, self-replicating variants of DDoS attacks against routers and Linux-based IoT devices have been rampant. Gafgyt botnets target vulnerable IoT devices and use them to launch large-scale distributed denial-of-service attacks. SOHO and IoT devices are ubiquitous, less likely to have secure configurations or routine patches, and more likely to be at the internet edge. --------------------------------------------- https://isc.sans.edu/diary/rss/29304 ∗∗∗ Building A Virtual Machine inside ChatGPT ∗∗∗ --------------------------------------------- Did you know, that you can run a whole virtual machine inside of ChatGPT? --------------------------------------------- https://www.engraved.blog/building-a-virtual-machine-inside/ ∗∗∗ Exploring Prompt Injection Attacks ∗∗∗ --------------------------------------------- Prompt Injection is a new vulnerability that is affecting some AI/ML models and, in particular, certain types of language models using prompt-based learning. --------------------------------------------- https://research.nccgroup.com/2022/12/05/exploring-prompt-injection-attacks/ ∗∗∗ Phishing-Mail „Erneut identifizieren“ im Namen der WKO ignorieren! ∗∗∗ --------------------------------------------- Unternehmerinnen und Unternehmer aufgepasst: Aktuell versenden Kriminelle Phishing-Mails im Namen der Wirtschaftskammer Österreich. Man spielt Ihnen vor, dass eine neuerliche Identifikation notwendig wäre. Ignorieren Sie die Nachricht, denn auf der verlinkten Website eingegebene Daten landen in den Händen Krimineller. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-mail-erneut-identifizieren-… ∗∗∗ Vice Society: Profiling a Persistent Threat to the Education Sector ∗∗∗ --------------------------------------------- Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year. --------------------------------------------- https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/ ∗∗∗ Tractors vs. threat actors: How to hack a farm ∗∗∗ --------------------------------------------- Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat. --------------------------------------------- https://www.welivesecurity.com/2022/12/05/tractors-threat-actors-how-hack-f… ===================== = Vulnerabilities = ===================== ∗∗∗ NETGEAR Nighthawk WiFi6 Router Network Misconfiguration ∗∗∗ --------------------------------------------- A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. --------------------------------------------- https://www.tenable.com/security/research/tra-2022-36 ∗∗∗ Patchday: Schadcode über Bluetooth auf Android-Geräte schieben ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Android 10, 11, 12, 12L und 13. Google hat unter anderem vier kritische Lücken geschlossen. --------------------------------------------- https://heise.de/-7367211 ∗∗∗ Virenschutz: Rechteausweitung durch Schwachstelle in AVG und Avast ∗∗∗ --------------------------------------------- Die Virenscanner von AVG und Avast hätten Angreifern ermöglichen können, ihre Rechte im System auszuweiten. Updates zum Beheben des Fehlers sind verfügbar. --------------------------------------------- https://heise.de/-7367529 ∗∗∗ Schwachstelle in Trend Micros Apex One ermöglicht Rechteausweitung ∗∗∗ --------------------------------------------- Der Virenschutz Apex One von Trend Micro enthält Sicherheitslücken, durch die Angreifer ihre Rechte ausweiten oder Dateien auf dem System löschen lassen können. --------------------------------------------- https://heise.de/-7367824 ∗∗∗ Server-Wartung: Gefährliche BMC-Lücken könnte Supply-Chain-Attacken auslösen ∗∗∗ --------------------------------------------- Sicherheitsforscher sind unter anderem auf eine kritische Sicherheitslücke in Baseboard Management Controllern von American Megatrend gestoßen. --------------------------------------------- https://heise.de/-7367963 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Ubuntu (binutils and ca-certificates). --------------------------------------------- https://lwn.net/Articles/917080/ ∗∗∗ Schwachstelle in Citrix Workspace App for Windows ermöglicht Passwort-Klau ∗∗∗ --------------------------------------------- Der Hersteller Citrix warnt seit September 2022 vor einiger Schwachstelle in seiner Citrix Workspace App. --------------------------------------------- https://www.borncity.com/blog/2022/12/06/schwachstelle-in-citrix-workspace-… ∗∗∗ Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered ∗∗∗ --------------------------------------------- Cisco Talos recently discovered two memory corruption vulnerabilities in shader functionality of an NVIDIA driver. --------------------------------------------- https://blog.talosintelligence.com/vulnerability-spotlight-nvidia-driver-me… ∗∗∗ Multiple critical vulnerabilities in ILIAS eLearning platform ∗∗∗ --------------------------------------------- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulner… ∗∗∗ XSA-424 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-424.html ∗∗∗ XSA-423 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-423.html ∗∗∗ Edge 108.0.1462.42 als Sicherheitsupdate ∗∗∗ --------------------------------------------- https://www.borncity.com/blog/2022/12/06/edge-108-0-1462-41-42-als-sicherhe… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.12.2022
by Daily end-of-shift report 05 Dec '22

05 Dec '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-12-2022 18:00 − Montag 05-12-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ BlackProxies proxy service increasingly popular among hackers ∗∗∗ --------------------------------------------- A new residential proxy market is becoming popular among hackers, cybercriminals, phishers, scalpers, and scammers, selling access to a million claimed proxy IP addresses worldwide. --------------------------------------------- https://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-i… ∗∗∗ Hackers use new, fake crypto app to breach networks, steal cryptocurrency ∗∗∗ --------------------------------------------- The North Korean Lazarus hacking group is linked to a new attack spreading fake cryptocurrency apps under the made-up brand, "BloxHolder," to install the AppleJeus malware for initial access to networks and steal crypto assets. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-… ∗∗∗ If one sheep leaps over the ditch… ∗∗∗ --------------------------------------------- In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend. --------------------------------------------- https://securelist.com/crimeware-report-ransomware-tactics-vulnerable-drive… ∗∗∗ OWASP Top 10 CI/CD Security Risks ∗∗∗ --------------------------------------------- This document helps defenders identify focus areas for securing their CI/CD ecosystem. It is the result of extensive research into attack vectors associated with CI/CD, and the analysis of high profile breaches and security flaws. --------------------------------------------- https://owasp.org/www-project-top-10-ci-cd-security-risks/ ∗∗∗ #StopRansomware: Cuba Ransomware Alert (AA22-335A) ∗∗∗ --------------------------------------------- This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. --------------------------------------------- https://www.cisa.gov/uscert/ncas/alerts/aa22-335a ∗∗∗ CryWiper: Fake-Ransomware zerstört Daten insbesondere in Russland ∗∗∗ --------------------------------------------- Die Virenanalysten von Kaspersky haben den Schädling CryWiper entdeckt, der sich als Ransomware ausgibt, Daten aber unwiderbringlich zerstört. --------------------------------------------- https://heise.de/-7366160 ===================== = Vulnerabilities = ===================== ∗∗∗ Severe AMI MegaRAC flaws impact servers from AMD, ARM, HPE, Dell, others ∗∗∗ --------------------------------------------- Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/severe-ami-megarac-flaws-imp… ∗∗∗ Sicherheitsupdate: Schadcode könnte durch Sophos-Firewalls schlüpfen ∗∗∗ --------------------------------------------- Die Entwickler des Sicherheitssoftware-Anbieters Sophos haben in hauseigenen Firewalls sieben Sicherheitslücken geschlossen. Eine gilt als kritisch. --------------------------------------------- https://heise.de/-7366076 ∗∗∗ Sicherheitslücke: Codeschmuggel mit Ping in FreeBSD ∗∗∗ --------------------------------------------- Angreifer könnten FreeBSD mit manipulierten Ping-Anfragen zum Ausführen untergejubelten Schadcodes bringen. Aktualisierungen stehen bereit. --------------------------------------------- https://heise.de/-7366590 ∗∗∗ Notfall-Update: Zero-Day-Sicherheitslücke in Google Chrome unter Beschuss ∗∗∗ --------------------------------------------- Google hat ein ungeplantes Update für Chrome herausgegeben. Damit schließt der Hersteller eine Sicherheitslücke im Webbrowser, die derzeit angegriffen wird. --------------------------------------------- https://heise.de/-7365415 ∗∗∗ Veritas NetBackup: Update schließt teils kritische Scherheitslücken ∗∗∗ --------------------------------------------- In Veritas NetBackup Flex Scale und Access Appliance könnten Angreifer aus dem Netz ohne Anmeldung Befehle einschleusen. Hotfixes beheben die Fehler. --------------------------------------------- https://heise.de/-7365984 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (awstats, chromium, clamav, g810-led, giflib, http-parser, jhead, libpgjava, node-cached-path-relative, node-fetch, and vlc), Fedora (fastnetmon, kernel, librime, qpress, rr, thunderbird, and wireshark), Red Hat (kernel, kernel-rt, and kpatch-patch), Slackware (mozilla), SUSE (cherrytree and chromium), and Ubuntu (libbpf, libxml2, linux-gcp-5.15, linux-gke, linux-gke-5.15, and linux-gke). --------------------------------------------- https://lwn.net/Articles/916979/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.12.2022
by Daily end-of-shift report 02 Dec '22

02 Dec '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 01-12-2022 18:00 − Freitag 02-12-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Unpatched Redis servers targeted in new Redigo malware attacks ∗∗∗ --------------------------------------------- A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution. --------------------------------------------- https://www.bleepingcomputer.com/news/security/unpatched-redis-servers-targ… ∗∗∗ Samsung, Mediatek, LG: Android-Malware mit OEM-Zertifikaten signiert ∗∗∗ --------------------------------------------- Google hat Malware gefunden, die mit den Zertifikaten von Android-Herstellern signiert sind. Das kann für Systemberechtigungen genutzt werden. --------------------------------------------- https://www.golem.de/news/samsung-mediatek-lg-android-malware-mit-oem-zerti… ∗∗∗ obama224 distribution Qakbot tries .vhd (virtual hard disk) images, (Fri, Dec 2nd) ∗∗∗ --------------------------------------------- Qakbot (also called Qbot) is a long-running malware family that has seen wide-spread distribution through malicious spam (malspam) in recent years. During an infection, Qakbot performs different functions as an information stealer, backdoor, and malware downloader. --------------------------------------------- https://isc.sans.edu/diary/rss/29294 ∗∗∗ Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection ∗∗∗ --------------------------------------------- New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool. --------------------------------------------- https://thehackernews.com/2022/11/researchers-find-way-malicious-npm.html ∗∗∗ Flaws in GX Works3 Threaten Mitsubishi Electric Safety PLC Security ∗∗∗ --------------------------------------------- In this blog, we uncover three additional vulnerabilities that affect Mitsubishi Electric GX Works3, tracked under CVE-2022-29831, CVE-2022-29832, and CVE-2022-29833 (Mitsubishi Electric advisory 2022-015, CISA advisory ICSA-22-333-05), and that, in the worst-case scenario, may lead to the compromise of safety PLCs with the only requirement being the possession of associated GX Works3 project files. --------------------------------------------- https://www.nozominetworks.com/blog/flaws-in-gx-works3-threaten-mitsubishi-… ∗∗∗ Jetzt patchen! Angreifer attackieren Firewalls und Proxies von Fortinet ∗∗∗ --------------------------------------------- Sicherheitsforscher warnen vor Attacken auf Firmen. Der Grund ist eine kritische Lücke in Fortinet-Produkten. --------------------------------------------- https://heise.de/-7364286 ∗∗∗ Wordpress: Attackiert schon während der Installation ∗∗∗ --------------------------------------------- Noch bevor das System live geht, haben Angreifer es oft unbemerkt mit Hintertüren versehen. Die stehen nämlich schon nach wenigen Minuten auf der Matte. --------------------------------------------- https://heise.de/-7364588 ∗∗∗ IBM Cloud Vulnerability Exposed Users to Supply Chain Attacks ∗∗∗ --------------------------------------------- IBM recently patched a vulnerability in IBM Cloud Databases for PostgreSQL that could have exposed users to supply chain attacks. The vulnerability has been named Hell’s Keychain by cloud security firm Wiz, whose researchers discovered the issue. It has been described by the company as a “first-of-its-kind supply-chain attack vector impacting a cloud provider’s infrastructure”. --------------------------------------------- https://www.securityweek.com/ibm-cloud-vulnerability-exposed-users-supply-c… ∗∗∗ Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges ∗∗∗ --------------------------------------------- Qualys’ Threat Research Unit has shown how a new Linux vulnerability could be chained with two other apparently harmless flaws to gain full root privileges on an affected system. --------------------------------------------- https://www.securityweek.com/three-innocuous-linux-vulnerabilities-chained-… ∗∗∗ Blowing Cobalt Strike Out of the Water With Memory Analysis ∗∗∗ --------------------------------------------- Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic. --------------------------------------------- https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis/ ∗∗∗ Protecting major events: an incident response blueprint ∗∗∗ --------------------------------------------- Cisco Talos Incident Response (Talos IR) is sharing a white paper on the steps organizations should follow to secure any major event. These ten focus areas should help guide any organizing committee or participating businesses in preparation for securing such events. --------------------------------------------- https://blog.talosintelligence.com/protecting-major-events-an-incident-resp… ∗∗∗ Industry 4.0: CNC Machine Security Risks Part 2 ∗∗∗ --------------------------------------------- This three-part blog series explores the risks associated with CNC machines --------------------------------------------- https://www.trendmicro.com/en_us/research/22/l/cnc-machine-security-risks-p… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins 2022-12-01 ∗∗∗ --------------------------------------------- IBM Watson, IBM App Connect, Rational Functional Tester, IBM Security Guardium, IBM Cloud Object Storage Systems, IBM API Connect. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (snapd), Fedora (firefox, libetpan, ntfs-3g, samba, thunderbird, and xen), SUSE (busybox, emacs, and virt-v2v), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-hwe, linux-gcp, linux-hwe, linux-oracle, and tiff). --------------------------------------------- https://lwn.net/Articles/916658/ ∗∗∗ BD BodyGuard Pumps ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-22-335-01 ∗∗∗ Mitsubishi Electric MELSEC iQ-R Series ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-335-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.12.2022
by Daily end-of-shift report 01 Dec '22

01 Dec '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-11-2022 18:00 − Donnerstag 01-12-2022 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ New Windows malware scans victims’ mobile phones for data to steal ∗∗∗ --------------------------------------------- Security researchers found a previously unknown backdoor they call Dophin thats been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-windows-malware-scans-vi… ∗∗∗ New DuckLogs malware service claims having thousands of ‘customers’ ∗∗∗ --------------------------------------------- A new malware-as-a-service (MaaS) operation named DuckLogs has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-ducklogs-malware-service… ∗∗∗ Making unphishable 2FA phishable ∗∗∗ --------------------------------------------- One of the huge benefits of WebAuthn is that it makes traditional phishing attacks impossible. But what if there was a mechanism for an attacker to direct a user to a legitimate login page, resulting in a happy WebAuthn flow, and obtain valid credentials for that user anyway? --------------------------------------------- https://mjg59.dreamwidth.org/62175.html ∗∗∗ Whats the deal with these router vulnerabilities?, (Thu, Dec 1st) ∗∗∗ --------------------------------------------- Earlier today, I was browser recently made public vulnerabilities for tomorrow's version of our @Risk newsletter. What stuck out was a set of about twenty vulnerabilities in Netgear and DLink routers. --------------------------------------------- https://isc.sans.edu/diary/rss/29288 ∗∗∗ Sirius XM flaw unlocks so-called smart cars thanks to code flaw ∗∗∗ --------------------------------------------- Telematics program doesn't just give you music, but a big security flaw Sirius XMs Connected Vehicle Services has fixed an authorization flaw that would have allowed an attacker to remotely unlock doors and start engines on connected cars knowing only the vehicle identification number (VIN). --------------------------------------------- https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/ ∗∗∗ l+f: Sicherheitsforscher legen aus Versehen gesamtes Botnet KmsdBot lahm ∗∗∗ --------------------------------------------- Wie ein Typo kriminellen Machenschaften das Handwerk legt. --------------------------------------------- https://heise.de/-7363007 ∗∗∗ Vorsicht, wenn Sie ein SMS von Amazon erhalten ∗∗∗ --------------------------------------------- Kriminelle geben sich als Amazon aus und versenden gefälschte Benachrichtigungen. Im SMS steht, dass Ihr Amazon-Konto vorübergehend gesperrt wurde und Sie Informationen aktualisieren müssen. Dafür sollten Sie auf einen Link klicken. Achtung: Der Link führt zu einer gefälschten Login-Seite. Kriminelle stehlen damit Ihre Benutzer- und Kreditkartendaten! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-wenn-sie-ein-sms-von-amazon… ∗∗∗ LastPass-Kundendaten nach Hack eines Cloud-Speicherdiensts abgezogen (Nov. 2022) ∗∗∗ --------------------------------------------- Der Dienst LastPass informierte vor einigen Stunden seine Kunden, dass kürzlich "ungewöhnliche Aktivitäten" bei einem Cloud-Speicherdienst eines Drittanbieters entdeckt wurden. --------------------------------------------- https://www.borncity.com/blog/2022/12/01/lastpass-kundendaten-nach-hack-ein… ∗∗∗ Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities ∗∗∗ --------------------------------------------- Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper. --------------------------------------------- https://blog.talosintelligence.com/vulnerability-spotlight-lansweeper-direc… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical RCE bugs in Android remote keyboard apps with 2M installs ∗∗∗ --------------------------------------------- Three Android applications that allow users to use devices as remote keyboards for their computers have critical vulnerabilities that could expose key presses and enable remote code execution. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-rce-bugs-in-android… ∗∗∗ IBM Security Bulletins 2022-11-30 ∗∗∗ --------------------------------------------- IBM API Connect, IBM MQ Operator and Queue manager container images, IBM Security Guardium, IBM Sterling Control Center, IBM Watson Discovery for IBM Cloud Pak for Data, IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (device-mapper-multipath, firefox, hsqldb, krb5, thunderbird, and xorg-x11-server), Debian (libraw), Fedora (freerdp and grub2), SUSE (bcel, emacs, glib2, glibc, grub2, nodejs10, and tomcat), and Ubuntu (linux-azure-fde and snapd). --------------------------------------------- https://lwn.net/Articles/916443/ ∗∗∗ Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-062 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2022-062 ∗∗∗ Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-061 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2022-061 ∗∗∗ Social Base - Moderately critical - Access bypass - SA-CONTRIB-2022-060 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2022-060 ∗∗∗ Horner Automation Remote Compact Controller ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-335-02 ∗∗∗ Replay Angriffe & Darstellung beliebiger Inhalte in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels) ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/replay-attacks-displa… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.11.2022
by Daily end-of-shift report 30 Nov '22

30 Nov '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 29-11-2022 18:00 − Mittwoch 30-11-2022 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ How Stuff Gets eXposed ∗∗∗ --------------------------------------------- Intel's Software Guard Extension (SGX) promises an isolated execution environment, protected from all software running on the machine. In the past few years, however, SGX has come under heavy fire, threatened by numerous side channel attacks. --------------------------------------------- https://sgx.fail/ ∗∗∗ Looting Microsoft Configuration Manager ∗∗∗ --------------------------------------------- Microsoft Endpoint Configuration Manager (CM), also known as System Center Configuration Manager (SCCM), is widely deployed by companies to manage their Windows environments. It enables simple enrollment of servers and workstations, distributing software and generic management of the Windows systems in the environment. --------------------------------------------- https://labs.withsecure.com/publications/looting-microsoft-configuration-ma… ∗∗∗ Was tun, wenn Sie in einem Fake-Shop bestellt haben? ∗∗∗ --------------------------------------------- Sie haben im Internet eingekauft. Das bestellte Produkt kommt aber nicht an, E-Mails an den vermeintlichen Shop bleiben unbeantwortet. Kommt Ihnen das bekannt vor, haben Sie wahrscheinlich in einem Fake-Shop eingekauft. Wir zeigen Ihnen, was Sie tun können, wenn Sie in die Shopping-Falle getappt sind. --------------------------------------------- https://www.watchlist-internet.at/news/was-tun-wenn-sie-in-einem-fake-shop-… ∗∗∗ Industry 4.0: CNC Machine Security Risks Part 1 ∗∗∗ --------------------------------------------- This three-part blog series explores the risks associated with CNC machines. --------------------------------------------- https://www.trendmicro.com/en_us/research/22/k/cnc-machine-security-risks-p… ===================== = Vulnerabilities = ===================== ∗∗∗ NVIDIA releases GPU driver update to fix 29 security flaws ∗∗∗ --------------------------------------------- NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nvidia-releases-gpu-driver-u… ∗∗∗ CISA Releases Seven Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- * ICSA-22-333-01 Mitsubishi Electric GOT2000 * ICSA-22-333-02 Hitachi Energys IED Connectivity Packages and PCM600 Products * ICSA-22-333-03 Hitachi Energys MicroSCADA ProX SYS600 Products * ICSA-22-333-04 Moxa UC Series * ICSA-22-333-05 Mitsubishi Electric FA Engineering Software * ICSA-21-334-02 Mitsubishi MELSEC and MELIPC Series (Update E) * ICSA-19-346-02 Omron PLC CJ --------------------------------------------- https://www.cisa.gov/uscert/ncas/current-activity/2022/11/29/cisa-releases-… ∗∗∗ Kritische Sicherheitslücke in VLC Media Player ∗∗∗ --------------------------------------------- Ein Update steht für den VLC Media Player bereit, mit dem die Entwickler unter anderem eine kritische Sicherheitslücke schließen. --------------------------------------------- https://heise.de/-7362049 ∗∗∗ Webbrowser Chrome 108 dichtet 28 Sicherheitslücken ab ∗∗∗ --------------------------------------------- Das Update auf den Webbrowser Chrome 108 liefert im Wesentlichen Fehlerkorrekturen, die 28 Schwachstellen schließen. --------------------------------------------- https://heise.de/-7361154 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (krb5), Fedora (galera, mariadb, and mingw-python3), Red Hat (389-ds:1.4, kernel, kernel-rt, kpatch-patch, krb5, and usbguard), Scientific Linux (krb5), Slackware (kernel), SUSE (binutils, dbus-1, exiv2, freerdp, git, java-1_8_0-ibm, kernel, libarchive, libdb-4_8, libmspack, nginx, opencc, python, python3, rxvt-unicode, sudo, supportutils, systemd, vim, and webkit2gtk3), and Ubuntu (bind9, gnutls28, libsamplerate, linux-gcp-5.4, perl, pixman, shadow, [...] --------------------------------------------- https://lwn.net/Articles/916346/ ∗∗∗ Delta Electronics Patches Serious Flaws in Industrial Networking Devices ∗∗∗ --------------------------------------------- Taiwan-based Delta Electronics has patched potentially serious vulnerabilities in two of its industrial networking products. The flaws were identified by researchers at CyberDanube, a new industrial cybersecurity company based in Austria, in Delta’s DX-2100-L1-CN 3G cloud router and the DVW-W02W2-E2 industrial wireless access point. --------------------------------------------- https://www.securityweek.com/delta-electronics-patches-serious-flaws-indust… ∗∗∗ Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework ∗∗∗ --------------------------------------------- Developers have been warned that the popular Quarkus framework is affected by a critical vulnerability that could lead to remote code execution. --------------------------------------------- https://www.securityweek.com/developers-warned-critical-remote-code-executi… ∗∗∗ Anker Eufy Door Bell Sicherheitskameras mit Schwachstellen, Daten werden in die Cloud übertragen, Homebase 2 hat auch Schwachstellen ∗∗∗ --------------------------------------------- Anker Eufy Door Bell-Sicherheitskameras werden auch in Deutschland verkauft. Ein Sicherheitsforscher hat nun verschiedene Sicherheitslücken in der Firmware der Eufy-Kameras gefunden. --------------------------------------------- https://www.borncity.com/blog/2022/11/30/anker-eufy-door-bell-sicherheitska… ∗∗∗ Drop What Youre Doing and Update iOS, Android, and Windows ∗∗∗ --------------------------------------------- https://www.wired.com/story/ios-android-windows-vulnerability-patches-novem… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in a Huawei Childrens Watch ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-iaviahcw-… ∗∗∗ Security Bulletin: A Kafka vulnerability affects IBM Operations Analytics Predictive Insights (CVE-2022-34917 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-kafka-vulnerability-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.4ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 – 2022.4.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty profile affects IBM Operations Analytics Predictive Insights(CVE-2022-22393 CVE-2022-22476 CVE-2022-22475) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Netty libraries affect IBM Operations Analytics Predictive Insights (CVE-2021-43797 CVE-2022-24823) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote authenticated attacker to execute arbitrary code on the system due to PostgreSQL (CVE-2022-2625) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Zahlreiche kritische Schwachstellen in Planet Enterprises Ltd - Planet eStream ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/multiple-critical-vul… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.11.2022
by Daily end-of-shift report 29 Nov '22

29 Nov '22

===================== = End-of-Day report = ===================== Timeframe: Montag 28-11-2022 18:00 − Dienstag 29-11-2022 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Malicious Android app found powering account creation service ∗∗∗ --------------------------------------------- A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/malicious-android-app-found-… ∗∗∗ Cyber-Threat Group Targets Critical RCE Vulnerability in Bleed You Campaign ∗∗∗ --------------------------------------------- More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more. --------------------------------------------- https://www.darkreading.com/threat-intelligence/cyber-threat-weak-windows-s… ∗∗∗ Subdomain Enumeration with DNSSEC ∗∗∗ --------------------------------------------- In my previous blog post I described how subdomain enumeration and subdomain bruteforce in particular could be enhanced by taking DNS status code into account, rather than relying on the existence of A or AAAA records only. This follow-up post describes what techniques exist to enumerate subdomains in a DNSSEC-enabled zone and what countermeasures exist to prevent it. --------------------------------------------- https://www.securesystems.de/blog/subdomain-enumeration-with-DNSSEC/ ∗∗∗ Angreifer könnten Secure Boot auf bestimmten Acer-Notebooks deaktivieren ∗∗∗ --------------------------------------------- Acers Entwickler haben eine Sicherheitslücke geschlossen. Unter bestimmten Umständen könnten Angreifer UEFI-Einstellungen manipulieren. Updates sind in Sicht. --------------------------------------------- https://heise.de/-7359874 ∗∗∗ #InvisibleChallenge: Malware sucht Opfer mit TikTok-Challenge ∗∗∗ --------------------------------------------- Cyberkriminelle missbrauchen eine Nackt-Tanz-Challenge auf TikTok, um Opfer zum Installieren ihrer Malware zu bewegen. Diese solle einen Filter entfernen. --------------------------------------------- https://heise.de/-7360626 ∗∗∗ Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587) ∗∗∗ --------------------------------------------- A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. --------------------------------------------- https://www.helpnetsecurity.com/2022/11/29/cve-2021-35587-exploited/ ∗∗∗ Project Zero Flags Patch Gap Problems on Android ∗∗∗ --------------------------------------------- Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to be tardy at delivering security fixes to Android-powered devices. --------------------------------------------- https://www.securityweek.com/project-zero-flags-patch-gap-problems-android ∗∗∗ Booking.com: Vorsicht vor gefälschten Angeboten ∗∗∗ --------------------------------------------- Sie haben auf Booking.com eine verlockende Unterkunft gefunden? Der Buchungsprozess verläuft aber nicht wie gewohnt? Vorsicht! Möglicherweise sind Sie auf ein betrügerisches Angebot gestoßen. Wenn Unterkunftgeber:innen Sie von Booking.com auf eine andere Website verweisen, handelt es sich um eine Betrugsmasche. Wir erklären Ihnen, worauf Sie achten sollten! --------------------------------------------- https://www.watchlist-internet.at/news/bookingcom-vorsicht-vor-gefaelschten… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins 2022-11-28 ∗∗∗ --------------------------------------------- Digital Certificate Manager for IBM i, IBM App Connect Enterprise Certified Container IntegrationServer operands, IBM Operations Analytics Predictive Insights, IBM Planning Analytics Workspace, IBM Sterling Connect:Direct for UNIX, IBM UrbanCode Deploy (UCD), IBM UrbanCode Deploy (UCD) Agents on zOS, IBM WebSphere Application Server Liberty, ISC BIND on IBM i --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ VMSA-2022-0029 ∗∗∗ --------------------------------------------- CVSSv3 Range: 3.3 CVE(s): CVE-2022-31693 Synopsis: VMware Tools for Windows update addresses a denial-of-service vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2022-0029.html ∗∗∗ K11742512: BIND vulnerability CVE-2022-2795 ∗∗∗ --------------------------------------------- By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. --------------------------------------------- https://support.f5.com/csp/article/K11742512 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (frr, gerbv, mujs, and twisted), Fedora (nodejs and python-virtualbmc), Oracle (dotnet7.0, kernel, kernel-container, krb5, varnish, and varnish:6), SUSE (busybox, python3, tiff, and tomcat), and Ubuntu (harfbuzz). --------------------------------------------- https://lwn.net/Articles/916189/ ∗∗∗ Edge 107.0.1418.62 ∗∗∗ --------------------------------------------- Kurzer Nachtrag: Microsoft hat zum 28. November 2022 den Edge-Browser im Stable Stable Channel auf die Version 107.0.1418.52 aktualisiert. Ist ein Sicherheits-Update, welches gemäß den Release Notes die vom Chromium-Team berichtete Schwachstelle CVE-2022-4135 schließt. --------------------------------------------- https://www.borncity.com/blog/2022/11/29/edge-107-0-1418-62/ ∗∗∗ Festo: Incomplete documentation of remote accessible functions and protocols in Festo products ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-041/ ∗∗∗ Festo: Multiple Festo products contain an unsafe default Codesys configuration ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-037/ ∗∗∗ Mitsubishi Electric GOT2000 ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-333-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.11.2022
by Daily end-of-shift report 28 Nov '22

28 Nov '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 25-11-2022 18:00 − Montag 28-11-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Win32.Ransom.Conti / Crypto Logic Flaw ∗∗∗ --------------------------------------------- Conti ransomware FAILS to encrypt non PE files that have a ".exe" in the filename. --------------------------------------------- https://cxsecurity.com/issue/WLB-2022110044 ∗∗∗ Bring Your Own Key — A Placebo? ∗∗∗ --------------------------------------------- BYOK was envisioned to reduce the risk of using a cloud service provider processing sensitive data, yet there are several deficiencies. --------------------------------------------- https://www.darkreading.com/cloud/bring-your-own-key-a-placebo- ∗∗∗ All You Need to Know About Emotet in 2022 ∗∗∗ --------------------------------------------- For 6 months, the infamous Emotet botnet has shown almost no activity, and now its distributing malicious spam. Lets dive into details and discuss all you need to know about the notorious malware to combat it. --------------------------------------------- https://thehackernews.com/2022/11/all-you-need-to-know-about-emotet-in.html ∗∗∗ Hacking Smartwatches for Spear Phishing ∗∗∗ --------------------------------------------- In this article we explain how to hack into a SmartWatch and show a custom text message. --------------------------------------------- https://cybervelia.com/?p=1380 ∗∗∗ Exploiting an N-day vBulletin PHP Object Injection Vulnerability ∗∗∗ --------------------------------------------- vBulletin is one of the most popular proprietary forum solutions over the Internet. It is used by some major websites, and according to the BuildWith website, vBulletin currently ranks at the second place on the Forum Software Usage Distribution in the Top 1 Million Sites, with over 2.000 websites using it among the “top 1 million”. --------------------------------------------- https://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injecti… ∗∗∗ Poking a mobile hotspot ∗∗∗ --------------------------------------------- Ive been playing with an Orbic Speed, a relatively outdated device that only speaks LTE Cat 4, but the towers I can see from here are, uh, not well provisioned so throughput really isnt a concern (and refurbs are $18, so). As usual Im pretty terrible at just buying devices and using them for their intended purpose, and in this case it has the irritating behaviour that if theres a power cut and the battery runs out it doesnt boot again when power returns, so heres what Ive learned so far. --------------------------------------------- https://mjg59.dreamwidth.org/61725.html ∗∗∗ Vorsicht vor gefälschtem FinanzOnline-E-Mail ∗∗∗ --------------------------------------------- „Sie erhalten einen Betrag“ lautet der Betreff eines betrügerischen E-Mail, das angeblich von FinanzOnline kommt. Sie werden informiert, dass Sie eine Rückerstattung von 578,99 Euro erhalten. Um das Geld zu bekommen, müssen Sie auf den Link im E-Mail klicken. Vorsicht: Dieser führt auf eine gefälschte FinanzOnline-Seite. Kriminelle stehlen Ihre Daten. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschtem-finanzonli… ∗∗∗ Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware ∗∗∗ --------------------------------------------- The intrusion began when a user double clicked a LNK file, which then executed encoded Powershell commands to download an Emotet DLL onto the computer. Once executed, Emotet setup a Registry Run Key to maintain persistence on the beachhead host. --------------------------------------------- https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to… ∗∗∗ LockBit Ransomware Being Mass-distributed With Similar Filenames ∗∗∗ --------------------------------------------- The ASEC analysis team had written about LockBit ransomware being distributed through emails over three blog posts. Through consistent monitoring, we hereby let you know that LockBit 2.0 and LockBit 3.0 are being distributed again with only a change to their filenames. --------------------------------------------- https://asec.ahnlab.com/en/42890/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, commons-configuration2, graphicsmagick, heimdal, inetutils, ini4j, jackson-databind, and varnish), Fedora (drupal7-i18n, grub2, kubernetes, and python-slixmpp), Mageia (botan, golang, kernel, kernel-linus, radare2/rizin, and xterm), Red Hat (krb5, varnish, and varnish:6), SUSE (busybox, chromium, erlang, exiv2, firefox, freerdp, ganglia-web, java-1_8_0-openj9, nodejs12, nodejs14, opera, pixman, python3, sudo, tiff, and xen), [...] --------------------------------------------- https://lwn.net/Articles/916135/ ∗∗∗ Cisco ISE Vulnerabilities Can Be Chained in One-Click Exploit ∗∗∗ --------------------------------------------- Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow remote attackers to inject arbitrary commands, bypass existing security protections, or perform cross-site scripting (XSS) attacks. --------------------------------------------- https://www.securityweek.com/cisco-ise-vulnerabilities-can-be-chained-one-c… ∗∗∗ Google Projekt Zero legt Schwachstelle in Mali GPU offen, Millionen Android-Geräte betroffen ∗∗∗ --------------------------------------------- Google Sicherheitsforscher haben im Project Zero eine Schwachstelle (CVE-2022-33917) im Kerneltreiber der in vielen Android-Geräten mit ARM CPU verwendeten Mali GPU offen gelegt. --------------------------------------------- https://www.borncity.com/blog/2022/11/27/google-projekt-zero-legt-schwachst… ∗∗∗ Security Bulletin: IBM Maximo Mobile is vulnerable to Information Disclosure (CVE-2022-41732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-mobile-is-vuln… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect App Connect Professional. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to X-Force 237819 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ MISP v2.4.166 ∗∗∗ --------------------------------------------- https://github.com/MISP/MISP/releases/tag/v2.4.166 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.11.2022
by Daily end-of-shift report 25 Nov '22

25 Nov '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 24-11-2022 18:00 − Freitag 25-11-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Docker Hub repositories hide over 1,650 malicious containers ∗∗∗ --------------------------------------------- Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors. --------------------------------------------- https://www.bleepingcomputer.com/news/security/docker-hub-repositories-hide… ∗∗∗ Redacted Documents Are Not as Secure as You Think ∗∗∗ --------------------------------------------- Popular redaction tools don’t always work as promised, and new attacks can reveal hidden information, researchers say. --------------------------------------------- https://www.wired.com/story/redact-pdf-online-privacy/ ∗∗∗ Alte Social-Media-Konten löschen: Sicherheit durch weniger eigener Daten im Netz ∗∗∗ --------------------------------------------- Ungenutzte Social-Media-Accounts beinhalten persönliche Daten und bergen Sicherheitsrisiken. Unser Ratgeber zeigt, wie Sie veraltete Konten finden und löschen. --------------------------------------------- https://heise.de/-7321954 ∗∗∗ UEFI-BIOS mit bekannt unsicherem Code gespickt ∗∗∗ --------------------------------------------- In einem BIOS-Update fanden Experten mehrere OpenSSL-Versionen, teils mit uralten Sicherheitslücken. Das wirft ein Schlaglicht auf Risiken von PC-Firmware. --------------------------------------------- https://heise.de/-7351884 ∗∗∗ Word Documents Disguised as Normal MS Office URLs Being Distributed ∗∗∗ --------------------------------------------- Recently, there has been a case of malware disguised as a Word document being distributed through certain paths (e.g. KakaoTalk group chats). The ASEC analysis team has discovered during our additional monitoring process that the URL used in the fake Word document is becoming very cleverly disguised to closely resemble the normal URL, and we wish to advise caution on the part of users. --------------------------------------------- https://asec.ahnlab.com/en/42554/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (firefox), Mageia (dropbear, freerdp, java, libx11, and tumbler), Slackware (ruby), SUSE (erlang, grub2, libdb-4_8, and tomcat), and Ubuntu (exim4, jbigkit, and tiff). --------------------------------------------- https://lwn.net/Articles/915984/ ∗∗∗ Chrome 107.0.5304.121/122 Sicherheitsupdates ∗∗∗ --------------------------------------------- Google hat zum 24. November 2022 einen Schwung an Sicherheitsupdates des Google Chrome im 107er Zweig im Stable Channel für Mac, Linux und Windows sowie für Android freigegeben. Es werden dabei bereits ausgenutzte Schwachstellen geschlossen. --------------------------------------------- https://www.borncity.com/blog/2022/11/25/chrome-107-0-5304-121-122-sicherhe… ∗∗∗ Canon: Regarding vulnerability measure against buffer overflow for Laser Printers and Small Office Multifunction Printers (CVE-2022-43608) – 25 November 2022 ∗∗∗ --------------------------------------------- Multiple cases of buffer overflow vulnerabilities have been identified with Canon Laser Printers and Small Office Multifunctional Printers. A list of affected models is given below. --------------------------------------------- https://www.canon-europe.com/support/product-security-latest-news/ ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2022-3676) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. (CVE-2022-35637) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2021-28167) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2021-41041) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.11.2022
by Daily end-of-shift report 24 Nov '22

24 Nov '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-11-2022 18:00 − Donnerstag 24-11-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Investigating a backdoored PyPi package targeting FastAPI applications ∗∗∗ --------------------------------------------- On November 23rd, 2022, the Datadog Security Labs team identified a utility Python package on PyPI related to FastAPI, fastapi-toolkit, that has likely been compromised by a malicious actor. --------------------------------------------- https://securitylabs.datadoghq.com/articles/malicious-pypi-package-fastapi-… ∗∗∗ THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies ∗∗∗ --------------------------------------------- In this threat alert, the Cybereason team describes one attack scenario that started from a QBot infection, resulting in multiple key machines loading Cobalt Strike, which finally led to the global deployment of Black Basta ransomware. --------------------------------------------- https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and… ∗∗∗ MSI Afterburner: Vorsicht vor Fake-Software mit Trojaner im Gepäck ∗∗∗ --------------------------------------------- Immer wieder versuchen Kriminelle Opfern Schadcode unter dem Deckmantel von legitimen Tools, wie aktuell dem GPU-Tool MSI Afterburner, unterzuschieben. --------------------------------------------- https://heise.de/-7351380 ∗∗∗ In eine Phishing-Falle getappt? Das können Sie tun: ∗∗∗ --------------------------------------------- Wurden Sie über ein betrügerisches E-Mail oder SMS auf eine gefälschte Login-Seiten gelockt? Haben Sie dort Ihre Daten eingetippt? Dann haben Kriminelle Zugriff auf Ihr Konto. Wir zeigen Ihnen, was Sie tun können, wenn Sie Ihre Benutzerdaten preisgegeben haben. --------------------------------------------- https://www.watchlist-internet.at/news/in-eine-phishing-falle-getappt-das-k… ∗∗∗ Neue Betrugsmasche: Kriminelle stehlen Kreditkartendaten und hinterlegen sie für Apple Pay ∗∗∗ --------------------------------------------- Kriminelle erschleichen sich mit Phishing-Nachrichten per SMS oder E-Mail Kreditkartendaten und hinterlegen diese für Apple Pay. Betroffene werden dann unter falschen Vorwänden verleitet, den Aktivierungscode für Apple Pay an die Kriminellen weiterzugeben. --------------------------------------------- https://www.watchlist-internet.at/news/neue-betrugsmasche-kriminelle-stehle… ∗∗∗ Bahamut cybermercenary group targets Android users with fake VPN apps ∗∗∗ --------------------------------------------- Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram. --------------------------------------------- https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targ… ∗∗∗ IBM: RansomExx becomes latest ransomware group to create Rust variant ∗∗∗ --------------------------------------------- The RansomExx ransomware group has become the latest gang to create a variant in the Rust programming language, according to IBM Security X-Force Threat researchers. --------------------------------------------- https://therecord.media/ibm-ransomexx-becomes-latest-ransomware-group-to-cr… ===================== = Vulnerabilities = ===================== ∗∗∗ TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input ∗∗∗ --------------------------------------------- tdpServer of TP-Link RE300 V1 improperly processes its input, possibly resulting to crash. --------------------------------------------- https://jvn.jp/en/jp/JVN29657972/ ∗∗∗ Security update available in Foxit PDF Editor for Mac 11.1.4 ∗∗∗ --------------------------------------------- Foxit has released Foxit PDF Editor for Mac 11.1.4, which addresses potential security and stability issues. --------------------------------------------- https://www.foxit.com/support/security-bulletins.html ∗∗∗ SolarWinds Security Advisories 2022-11-22 ∗∗∗ --------------------------------------------- SolarWinds published 7 Security Advisories (3 High, 1 Medium, 3 Low Severity). --------------------------------------------- https://www.solarwinds.com/trust-center/security-advisories ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (vim), Fedora (drupal7-context, drupal7-link, firefox, xen, xorg-x11-server, and xorg-x11-server-Xwayland), Oracle (container-tools:ol8, device-mapper-multipath, dotnet7.0, firefox, hsqldb, keylime, podman, python3.9, python39:3.9, thunderbird, and xorg-x11-server), SUSE (exiv2-0_26, keylime, libarchive, net-snmp, nginx, opensc, pixman, python-joblib, strongswan, and webkit2gtk3), and Ubuntu (expat, imagemagick, mariadb-10.3, mariadb-10.6, [...] --------------------------------------------- https://lwn.net/Articles/915929/ ∗∗∗ Security Bulletin: IBM Sterling Control Center vulnerable to multiple issues to due IBM Cognos Analystics (CVE-2022-4160, CVE-2021-3733) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-cent… ∗∗∗ Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service due to Websphere Liberty (CVE-2022-24839) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-cent… ∗∗∗ Security Bulletin: IBM Sterling Control Center is vulnerable to HTTP header injection due to Websphere Liberty (CVE-2022-34165) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-cent… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affects Cloud Pak System [CVE-2021-28167] ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM Sterling Control Center is vulnerable to unauthenticated data manipulation due to Java SE (CVE-2021-2163) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-cent… ∗∗∗ Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-for-ibm-cloudpak-for-wats… ∗∗∗ Security Bulletin: Vulnerabilities with MariaDB affect IBM Cloud Object Storage Systems (Nov 2022v1) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mari… ∗∗∗ Pilz: PAS 4000 prone to ZipSlip ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-045/ ∗∗∗ Pilz: Multiple products affected by ZipSlip ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-044/ ∗∗∗ Pilz: PASvisu and PMI affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-033/ ∗∗∗ 2022-18Multiple vulnerabilities in BAT-C2 ∗∗∗ --------------------------------------------- https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/15087-sour… ∗∗∗ 2022-21Authenticated Command Injection in Hirschmann BAT-C2 ∗∗∗ --------------------------------------------- https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/15088-sour… ∗∗∗ 2022-20TinyXML vulnerability in Hirschmann HiLCOS products ∗∗∗ --------------------------------------------- https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/15089-sour… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily