Daily

daily@lists.cert.at

1 participants
3182 discussions

Tageszusammenfassung - 02.08.2022
by Daily end-of-shift report 02 Aug '22

02 Aug '22

===================== = End-of-Day report = ===================== Timeframe: Montag 01-08-2022 18:00 − Dienstag 02-08-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Microsoft announces new solutions for threat intelligence and attack surface management ∗∗∗ --------------------------------------------- Defenders are up against the most sophisticated threat landscape we’ve ever seen. Today, we’re proud to execute our threat intelligence vision behind that acquisition and announce several new solutions to help security teams get ahead of adversaries and catch what others miss. --------------------------------------------- https://www.microsoft.com/security/blog/2022/08/02/microsoft-announces-new-… ∗∗∗ Raccoon Stealer v2: The Latest Generation of the Raccoon Family ∗∗∗ --------------------------------------------- In this blog, ThreatLabz will analyze Raccoon Stealer v2 in the exe format, and highlight key differences from its predecessors. --------------------------------------------- https://www.zscaler.com/blogs/security-research/raccoon-stealer-v2-latest-g… ∗∗∗ Analyzing Attack Data and Trends Targeting Log4J ∗∗∗ --------------------------------------------- The Log4j vulnerability, initially reported in November 2021, has affected millions of devices and applications around the world. --------------------------------------------- https://www.wordfence.com/blog/2022/08/analyzing-attack-data-and-trends-tar… ∗∗∗ Die Watchlist Internet ist jetzt auf Instagram ∗∗∗ --------------------------------------------- Wir versorgen Sie ab sofort auch auf Instagram mit Warnungen vor Internetbetrug. In den Beiträgen und Storys zeigen wir Ihnen, wie Sie sich vor Internetbetrug schützen, Fallen rasch erkennen und sicher im Internet surfen. --------------------------------------------- https://www.watchlist-internet.at/news/die-watchlist-internet-ist-jetzt-auf… ∗∗∗ giesler-drogerie.com ist Fake ∗∗∗ --------------------------------------------- Bei giesler-drogerie.com finden Sie günstige Parfums, Styling-Produkte und Kosmetikartikel. Das vollständige Impressum sowie die angeführten Kontaktmöglichkeiten vermitteln einen seriösen Eindruck. Die Angaben sind aber gefälscht. Wenn Sie dort einkaufen, verlieren Sie Ihr Geld und erhalten keine Lieferung. --------------------------------------------- https://www.watchlist-internet.at/news/giesler-drogeriecom-ist-fake/ ∗∗∗ Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities ∗∗∗ --------------------------------------------- The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area. --------------------------------------------- http://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misus… ∗∗∗ Manjusaka: A Chinese sibling of Sliver and Cobalt Strike ∗∗∗ --------------------------------------------- Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. --------------------------------------------- http://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html ===================== = Vulnerabilities = ===================== ∗∗∗ VMware urges admins to patch critical auth bypass bug immediately ∗∗∗ --------------------------------------------- VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-patch… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl and jetty9), Fedora (dovecot), Gentoo (vault), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, and squid), SUSE (booth, dovecot22, dwarves and elfutils, firefox, gimp, java-11-openjdk, kernel, and oracleasm), and Ubuntu (linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, net-snmp, and samba). --------------------------------------------- https://lwn.net/Articles/903555/ ∗∗∗ Go-Based Apps Vulnerable to Attacks Due to URL Parsing Issue ∗∗∗ --------------------------------------------- Israeli cloud-native application security testing firm Oxeye discovered that the way URL parsing is implemented in some Go-based applications creates vulnerabilities that could allow threat actors to conduct unauthorized actions. --------------------------------------------- https://www.securityweek.com/go-based-apps-vulnerable-attacks-due-url-parsi… ∗∗∗ GnuTLS patches memory mismanagement bug – update now! ∗∗∗ --------------------------------------------- https://nakedsecurity.sophos.com/2022/08/01/gnutls-patches-memory-mismanage… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by arbitrary code executiondue to GNU cpio (CVE-2021-38185) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ VMSA-2022-0021 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2022-0021.html ∗∗∗ vim: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0880 ∗∗∗ FastStone ImageViewer: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.08.2022
by Daily end-of-shift report 01 Aug '22

01 Aug '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-07-2022 18:00 − Montag 01-08-2022 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Sicherheitslücken als Türöffner in Nuki Smart Lock entdeckt und geschlossen ∗∗∗ --------------------------------------------- Angreifer könnten an zahlreichen Schwachstellen in verschiedenen smarten Türschlössern Nuki Smart Lock ansetzen. Die WLAN Bridge Nuki Bridge ist auch betroffen. --------------------------------------------- https://heise.de/-7194709 ∗∗∗ Adware-Apps aus Google Play tarnen sich auf Android-Geräten als Gestaltenwandler ∗∗∗ --------------------------------------------- Werbung auf Facebook für Fake-Apps zur Android-Systemoptimierung führt zu rund 7 Millionen Installationen. Opfer werden mit Werbeanzeigen belästigt. --------------------------------------------- https://heise.de/-7194655 ∗∗∗ Post-Quanten-Kryptographie: Verschlüsselung mit Isogenien ist unsicher ∗∗∗ --------------------------------------------- Ein Angriff auf den Schlüsselaustausch SIDH zeigt erneut, wie riskant experimentelle kryptographische Algorithmen sein können. --------------------------------------------- https://www.golem.de/news/post-quanten-kryptographie-verschluesselung-mit-i… ∗∗∗ BlackCat ransomware claims attack on European gas pipeline ∗∗∗ --------------------------------------------- The ransomware group known as ALPHV (aka BlackCat) has assumed over the weekend responsibility for the cyberattack that hit Creos Luxembourg last week, a natural gas pipeline and electricity network operator in the central European country. --------------------------------------------- https://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-a… ∗∗∗ A Detailed Analysis of the RedLine Stealer ∗∗∗ --------------------------------------------- RedLine is a stealer distributed as cracked games, applications, and services. The malware steals information from web browsers, cryptocurrency wallets, and applications such as FileZilla, Discord, Steam, Telegram, and VPN clients. The binary also gathers data about the infected machine, such as the running processes, antivirus products, installed programs, the Windows product name, the processor architecture, etc. --------------------------------------------- https://securityscorecard.com/research/detailed-analysis-redline-stealer ∗∗∗ Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys ∗∗∗ --------------------------------------------- Researchers have uncovered a list of 3,207 apps, some of which can be utilized to gain unauthorized access to Twitter accounts. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm CloudSEK said in a report exclusively shared with The Hacker News. --------------------------------------------- https://thehackernews.com/2022/08/researchers-discover-nearly-3200-mobile.h… ∗∗∗ A Little DDoS In the Morning, (Mon, Aug 1st) ∗∗∗ --------------------------------------------- Friday morning (at least it wasn't Friday afternoon), we got an alert that our database and web servers exceeded the expected load. Sometimes, this "happens." Often it is just some user innocently flooding our API with requests. We do use quite a bit of caching and such for requests, but it can happen that things pile up at the wrong time. So I took a look at the logs. In these cases, I first look at the top IPs sending requests to our API. --------------------------------------------- https://isc.sans.edu/diary/rss/28900 ∗∗∗ Month of PowerShell - PowerShell Remoting, Part 2 ∗∗∗ --------------------------------------------- In this article we finish up our look at PowerShell remoting by examining several options to run PowerShell commands on multiple remote systems. --------------------------------------------- https://www.sans.org/blog/powershell-remoting-part-2/ ∗∗∗ Month of PowerShell - Offensive PowerShell with Metasploit Meterpreter ∗∗∗ --------------------------------------------- In this article we look at how Metasploit Meterpreter can integrate PowerShell for extensible attacks in a red team or pen test engagement. --------------------------------------------- https://www.sans.org/blog/offensive-powershell-metasploit-meterpreter/ ∗∗∗ Month of PowerShell - Keyboard Shortcuts Like a Boss ∗∗∗ --------------------------------------------- In this article we look at several keyboard shortcuts to speed up your PowerShell sessions. --------------------------------------------- https://www.sans.org/blog/keyboard-shortcuts-boss/ ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress Vulnerabilities & Patch Roundup — July 2022 ∗∗∗ --------------------------------------------- Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month. --------------------------------------------- https://blog.sucuri.net/2022/07/wordpress-vulnerabilities-patch-roundup-jul… ∗∗∗ Arris / Arris-variant DSL/Fiber router critical vulnerability exposure ∗∗∗ --------------------------------------------- Multiple vulnerabilities exist in the MIT-licensed muhttpd web server. This web server is widely used in ISP customer premise equipment (CPE), most notably in Arris firmware used in router models (at least, possibly other) NVG443, NVG599, NVG589, NVG510, as well as ISP-customized variants such as BGW210 and BGW320 (Arris has declined to confirm affected models). --------------------------------------------- https://derekabdine.com/blog/2022-arris-advisory ∗∗∗ IBM Security Bulletins 2022-07-29 ∗∗∗ --------------------------------------------- IBM CICS TX Advanced, IBM CICS TX Standard, IBM PowerVM Novalink, IBM Sterling Secure Proxy, IBM DataPower Gateway, Rational Performance Tester, Rational Service Tester, Urbancode Deploy, IBM Robotic Process Automation, Cloud Pak System, IBM PowerVM Novalink, IBM Secure External Authentication Server. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Sicherheitsupdates: Schadcode-Attacken auf Thunderbird vorstellbar ∗∗∗ --------------------------------------------- Die Entwickler von Mozilla haben im E-Mail-Client Thunderbird mehrere Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-7194671 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (booth, libpgjava, and thunderbird), Fedora (3mux, act, age, antlr4-project, apache-cloudstack-cloudmonkey, apptainer, aquatone, aron, asnip, assetfinder, astral, bettercap, buildah, butane, caddy, cadvisor, cheat, chisel, clash, clipman, commit-stream, containerd, cri-o, darkman, deepin-gir-generator, direnv, dnscrypt-proxy, dnsx, docker-distribution, doctl, douceur, duf, ffuf, fzf, geoipupdate, git-lfs, git-octopus, git-time-metric, glide, gmailctl, [...] --------------------------------------------- https://lwn.net/Articles/903455/ ∗∗∗ HPE ProLiant und HP Integrated Lights-Out: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer oder ein Angreifer aus dem angrenzenden Netzwerk kann mehrere Schwachstellen in HPE ProLiant und HPE Integrated Lights-Out ausnutzen, um beliebigen Programmcode auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0870 ∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in D-LINK Router ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0867 ∗∗∗ HCL Commerce: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann eine Schwachstelle in HCL Commerce ausnutzen, um Informationen offenzulegen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0866 ∗∗∗ Multiple Vulnerabilities in BF-OS ∗∗∗ --------------------------------------------- BOSCH-SA-013924-BT: Multiple vulnerabilities were identified in BF-OS version 3.x up to and including 3.83 used by Bigfish V3 and PR21 (Energy Platform) devices and Bigfish VM image, which are part of the data collection infrastructure of the Energy Platform solution. The most critical vulnerability may allow an unauthenticated remote attacker to gain administrative privileges to the device by brute-forcing a weak password. --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-013924-bt.html ∗∗∗ K21192332: Apache HTTP Server vulnerability CVE-2022-31813 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21192332 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.07.2022
by Daily end-of-shift report 29 Jul '22

29 Jul '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-07-2022 18:00 − Freitag 29-07-2022 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Web-Portale: Seit sechs Jahren kostenlose Hilfe für Ransomware-Opfer ∗∗∗ --------------------------------------------- Mit etwas Glück findet man auf den Websites von ID Ransomware und No More Ransom Infos zu kostenlosen Entschlüsselungstools für einige Erpressungstrojaner. --------------------------------------------- https://heise.de/-7193953 ∗∗∗ Jetzt patchen! Attacken auf Atlassian Confluence ∗∗∗ --------------------------------------------- Nachdem ein Standard-Passwort auf Social-Media-Plattformen aufgetaucht ist, nehmen Angreifer Confluence ins Visier. Aber nicht alle Instanzen sind verwundbar. --------------------------------------------- https://heise.de/-7193458 ∗∗∗ LockBit operator abuses Windows Defender to load Cobalt Strike ∗∗∗ --------------------------------------------- Security analysts have observed an affiliate of the LockBit 3.0 ransomware operation abusing a Windows Defender command line tool to decrypt and load Cobalt Strike beacons on the target systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lockbit-operator-abuses-wind… ∗∗∗ Month of PowerShell - Renaming Groups of Files ∗∗∗ --------------------------------------------- In this article we look at how to automate a massive file-rename task using PowerShell. --------------------------------------------- https://www.sans.org/blog/renaming-groups-files?msc=rss ∗∗∗ Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network ∗∗∗ --------------------------------------------- The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. --------------------------------------------- https://thehackernews.com/2022/07/researchers-warns-of-increase-in.html ∗∗∗ ENISA: Telecom Security Incidents 2021 ∗∗∗ --------------------------------------------- This report provides anonymised and aggregated information about major telecom security incidents in 2021. The 2021 annual summary contains reports of 168 incidents submitted by national authorities from 26 EU Member States (MS) and 2 EFTA countries. --------------------------------------------- https://www.enisa.europa.eu/publications/telecom-security-incidents-2021 ∗∗∗ UEFI rootkits and UEFI secure boot ∗∗∗ --------------------------------------------- Kaspersky describes a UEFI-implant used to attack Windows systems. Based on it appearing to require patching of the system firmware image, they hypothesise that its propagated by manually dumping the contents of the system flash, modifying it, and then reflashing it back to the board. [..] But lets think about why this is in the firmware at all. --------------------------------------------- https://mjg59.dreamwidth.org/60654.html ∗∗∗ Microsoft has blocked hackers favourite trick. So now they are looking for a new route of attack ∗∗∗ --------------------------------------------- Microsofts default block on Office macro malware is working, which means hackers need to find a new way to carry out their attacks. --------------------------------------------- https://www.zdnet.com/article/microsoft-has-blocked-hackers-favourite-trick… ∗∗∗ Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products ∗∗∗ --------------------------------------------- Recently, I was performing some research on a wireless router and noticed the following piece of code: This unescape function will revert the URL encoded bytes to its original form. But something specifically caught my attention: There was no size check for the performed operations and the function assumes that after a ‘%’ there are always two bytes. So, what would happen if after ‘%’, only one character existed? --------------------------------------------- https://blog.talosintelligence.com/2022/07/vulnerability-spotlight-how-code… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-22-1031: OPC Labs QuickOPC Connectivity Explorer Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-22-1031/ ∗∗∗ ABB Cyber Security Advisory: ABB Ability TM Operations Data Management Zenon Log Server file access control ∗∗∗ --------------------------------------------- These vulnerabilities affect the ABB Ability™ Operations Data Management Zenon. Subsequently, a successful exploit could allow attackers to log additional messages and access files from the Zenon system. While the passwords in the INI files are not stored in clear text, they can be subjected to further attacks against the hash algorithm. --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2NGA001479&Language… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (xorg-x11-server and xorg-x11-server-Xwayland), SUSE (aws-iam-authenticator, ldb, samba, libguestfs, samba, and u-boot), and Ubuntu (firefox, intel-microcode, libtirpc, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-bluefield, linux-gcp-5.4, linux-gke-5.4, mysql-5.7, and mysql-5.7, mysql-8.0). --------------------------------------------- https://lwn.net/Articles/902913/ ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2022-0007 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. [...] Impact: Processing maliciously crafted web content may lead to arbitrary code execution. --------------------------------------------- https://webkitgtk.org/security/WSA-2022-0007.html ∗∗∗ Synology-SA-22:10 Samba ∗∗∗ --------------------------------------------- CVE-2022-32742 allows remote authenticated users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM) and SMB Service. CVE-2022-2031, CVE-2022-32744, and CVE-2022-32746 allow remote authenticated users to bypass security constraint and conduct denial-of-service attacks via a susceptible version of Synology Directory Server. None of Synologys products are affected by CVE-2022-32745 as [...] --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_22_10 ∗∗∗ JetBrains IntelliJ IDEA: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in JetBrains IntelliJ IDEA ausnutzen, um beliebigen Programmcode auszuführen oder Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0860 ∗∗∗ Foxit Reader und Foxit PDF Editor: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Foxit Reader und Foxit PDF Editor ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0862 ∗∗∗ GitLab: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen und vertrauliche Informationen offenzulegen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0861 ∗∗∗ Rockwell Products Impacted by Chromium Type Confusion ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-209-01 ∗∗∗ Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to arbitrary code execution due to node.js minimist module ( CVE-2021-44906) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ Security Bulletin: IBM PowerVM VIOS could allow a remote attacker to tamper with system configuration or cause a denial of service (CVE-2022-35643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-powervm-vios-could-al… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Apache Log4j (CVE-2021-44228) vulnerability in IBM Engineering Systems Design Rhapsody (Rhapsody) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-cve-2021-442… ∗∗∗ Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to bypass security restrictions and obtain sensitive information due to multiple vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-http-server-powered-b… ∗∗∗ Security Bulletin: AIX is affected by multiple vulnerabilities in Python ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-affected-by-multip… ∗∗∗ Security Bulletin: Denial of service vulnerability in OpenSSL as shipped with IBM Security Verify Bridge Docker image (CVE-2022-0778) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnera… ∗∗∗ Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization – Publishing ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-remote-attack-vulnerabi… ∗∗∗ Security Bulletin: AIX is vulnerable to cache poisoning due to ISC BIND (CVE-2021-25220) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-cach… ∗∗∗ Security Bulletin: IBM Db2® Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2® ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-rel… ∗∗∗ Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, CVE-2021-46708) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.07.2022
by Daily end-of-shift report 28 Jul '22

28 Jul '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-07-2022 18:00 − Donnerstag 28-07-2022 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ LofyLife: malicious npm packages steal Discord tokens and bank card data ∗∗∗ --------------------------------------------- This week, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. --------------------------------------------- https://securelist.com/lofylife-malicious-npm-packages/107014/ ∗∗∗ Month of PowerShell - PowerShell Remoting, Part 1 ∗∗∗ --------------------------------------------- In this article, we discuss perhaps the most immediately-valuable feature in PowerShell for Windows administrators, the ability to run PowerShell commands on remote systems. --------------------------------------------- https://www.sans.org/blog/powershell-remoting-part-1?msc=rss ∗∗∗ Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack ∗∗∗ --------------------------------------------- In this blog post, we explore another remotely reachable attack surface: ESXi’s TCP/IP stack implemented as a VMkernel module. The most interesting outcome of this analysis is that ESXi’s TCP/IP stack is based on FreeBSD 8.2 and does not include security patches for the vulnerabilities disclosed over the years since that release of FreeBSD. This result also prompted us to analyze the nature of vulnerabilities disclosed in other open-source components used by VMware, such as OpenSLP and ISC-DHCP. --------------------------------------------- https://www.zerodayinitiative.com/blog/2022/7/25/looking-at-patch-gap-vulne… ∗∗∗ Vorsicht vor Fake Last-Minute-Angeboten auf Mallorca und Ibiza! ∗∗∗ --------------------------------------------- Die Hitze schlägt zu und Kurzentschlossene suchen nach den letzten verfügbaren Ferienhäusern, um ein paar Tage am Meer zu verbringen. Doch Vorsicht: Kriminelle versuchen Sie mit attraktiven Angeboten in die Falle zu locken! Wird eine Vorauszahlung für ein Ferienhaus verlangt, brechen Sie den Kontakt ab, Ihr Geld ist sonst verloren! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-fake-last-minute-angebo… ∗∗∗ MFA hilft gegen Ransomware ∗∗∗ --------------------------------------------- Die Multi-Faktor-Authentifizierung (MFA) funktioniert. Die europäische Polizeibehörde Europol erklärt, wie Ransomware-Banden ihre Angriffe aufgegeben haben, als sie auf die MFA-Sicherheit trafen. --------------------------------------------- https://www.zdnet.de/88402613/mfa-hilft-gegen-ransomware/ ∗∗∗ IIS-Attacken auf Exchange Server ∗∗∗ --------------------------------------------- Microsoft warnt vor heimlichen Backdoor-Angriffen auf Exchange Server mittels bösartiger IIS-Erweiterungen. --------------------------------------------- https://www.zdnet.de/88402615/iis-attacken-auf-exchange-server/ ∗∗∗ CISA Releases Log4Shell-Related MAR ∗∗∗ --------------------------------------------- >From May through June 2022, CISA responded to an organization that was compromised by an exploitation of an unpatched and unmitigated Log4Shell vulnerability in a VMware Horizon server. CISA analyzed five malware samples obtained from the organization’s network and released a Malware Analysis Report of the findings. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/07/28/cisa-releases-log… ∗∗∗ SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT” ∗∗∗ --------------------------------------------- One frequently encountered—that often results in forensics investigations on compromised systems—is tracked by Volexity as SharpTongue. [..] Volexity frequently observes SharpTongue targeting and victimizing individuals working for organizations in the United States, Europe and South Korea ... --------------------------------------------- https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-st… ===================== = Vulnerabilities = ===================== ∗∗∗ "JustSystems JUST Online Update for J-License" starts a program with an unquoted file path ∗∗∗ --------------------------------------------- "JustSystems JUST Online Update for J-License" bundled with multiple JustSystems products for corporate users starts another program with an unquoted file path. --------------------------------------------- https://jvn.jp/en/jp/JVN57073973/ ∗∗∗ Tagify - Moderately critical - Access bypass - SA-CONTRIB-2022-051 ∗∗∗ --------------------------------------------- Project: Tagify Security risk: Moderately critical Description: This module provides a widget to transform entity reference fields into a more user-friendly tags input component with a great performance.The module doesnt sufficiently check access for the add operation. --------------------------------------------- https://www.drupal.org/sa-contrib-2022-051 ∗∗∗ PDF generator API - Moderately critical - Remote Code Execution - SA-CONTRIB-2022-050 ∗∗∗ --------------------------------------------- Project: PDF generator API Security risk: Moderately critical Description: This module enables you to generate PDF versions of content.Some installations of the module make use of the dompdf/dompdf third-party dependency.Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes. --------------------------------------------- https://www.drupal.org/sa-contrib-2022-050 ∗∗∗ Context - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-049 ∗∗∗ --------------------------------------------- Project: Context Security risk: Moderately critical Description: This module enables you to conditionally display blocks in particular theme regions. The module doesn't sufficiently sanitize the title of a block as displayed in the admin UI when a site administrator edits a context block reaction. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks". --------------------------------------------- https://www.drupal.org/sa-contrib-2022-049 ∗∗∗ Sicherheitsupdates: Angreifer könnten Veritas NetBackup vielfältig attackieren ∗∗∗ --------------------------------------------- Die Entwickler haben in aktuellen Versionen der Backuplösung NetBackup von Veritas unter anderem kritische Lücken geschlossen. --------------------------------------------- https://heise.de/-7192562 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (chromium, gnupg1, java-17-openjdk, osmo, and podman), Oracle (grafana and java-17-openjdk), Red Hat (389-ds:1.4, container-tools:rhel8, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, kernel-rt, kpatch-patch, pandoc, squid, and squid:4), Slackware (samba), and SUSE (crash, mariadb, pcre2, python-M2Crypto, virtualbox, and xen). --------------------------------------------- https://lwn.net/Articles/902795/ ∗∗∗ Trend Micro Produkte: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro Apex One und Trend Micro Worry-Free Business Security ausnutzen, um seine Privilegien zu erhöhen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0850 ∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Atlassian Jira Software ausnutzen, um Informationen offenzulegen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0849 ∗∗∗ McAfee Agent: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann eine Schwachstelle im McAfee Agent ausnutzen, um seine Privilegien zu erhöhen und beliebigen Code mit Administratorrechten auszuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0848 ∗∗∗ Jenkins: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um einen Cross Site Scripting oder CSRF Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Daten zu manipulieren --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0852 ∗∗∗ Security Bulletin: OpenSSL for IBM i is vulnerable to arbitrary command execution (CVE-2022-2068) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-… ∗∗∗ Security Bulletin: Vulnerability in Golang Go affects IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-29526) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-golang-g… ∗∗∗ Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.07.2022
by Daily end-of-shift report 27 Jul '22

27 Jul '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 26-07-2022 18:00 − Mittwoch 27-07-2022 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 15 Minuten nach Bekanntwerden einer Lücke starten Scans nach verwundbaren PCs ∗∗∗ --------------------------------------------- Einem aktuellen Bericht über IT-Sicherheitsvorfälle zufolge verschärft sich das Katz-und-Maus-Spiel zwischen Admins und Cyberkriminellen. --------------------------------------------- https://heise.de/-7191301 ∗∗∗ Cyberkriminalität: Weniger Ransomware, aber wieder mehr Malware ∗∗∗ --------------------------------------------- 2022 stieg das Malware-Volumen erstmals wieder, bei gleichzeitig weniger Ransomware-Attacken - zumindest global, denn in Europa gilt der gegensätzliche Trend. --------------------------------------------- https://heise.de/-7191680 ∗∗∗ Student:innen aufgepasst: akademischeslektorat.com ist unseriös! ∗∗∗ --------------------------------------------- Wenn Sie auf der Suche nach einem Lektorat, einer Plagiatsprüfung oder Übersetzungsarbeiten für wissenschaftliche Arbeiten sind, stoßen Sie bei Ihrer Suche womöglich auf akademischeslektorat.com. Wir raten dazu, Abstand von den Angeboten zu nehmen, denn die Leistungen werden Erfahrungsberichten nach minderwertig oder gar nicht erbracht und auch frühere Mitarbeiter:innen sowie die Bewertungsseite Trustpilot warnen vor dem Angebot. --------------------------------------------- https://www.watchlist-internet.at/news/studentinnen-aufgepasst-akademisches… ∗∗∗ Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits ∗∗∗ --------------------------------------------- MSTIC and MSRC disclose technical details of a private-sector offensive actor (PSOA) tracked as KNOTWEED using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and Central American customers. --------------------------------------------- https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-euro… ∗∗∗ Month of PowerShell: Fileless Malware with Get-Clipboard ∗∗∗ --------------------------------------------- In this article we look at using PowerShell maliciously while evading detection. --------------------------------------------- https://www.sans.org/blog/fileless-malware-get-clipboard/ ∗∗∗ DHL Phishing Page Uses Telegram Bot for Exfiltration ∗∗∗ --------------------------------------------- One of the quickest ways for an attacker to harvest financial data, credentials, and sensitive personal information is through phishing. These social engineering attacks can typically be found masquerading as a trusted or recognizable service, intent on tricking unsuspecting users into submitting sensitive information on the attacker’s customized web page. --------------------------------------------- https://blog.sucuri.net/2022/07/dhl-phishing-page-uses-telegram-bot-for-exf… ∗∗∗ Inside Matanbuchus: A Quirky Loader ∗∗∗ --------------------------------------------- This blog post will shed light on Matanbuchus’ main stage, the second stage of the loader. From our point of view, the second stage is the more interesting component of the loader, as it involves many payload loading techniques. By dissecting the loader’s features and capabilities, we will attempt to answer whether Matanbuchus is a loader malware, as it markets itself, or if it is more like a bot service. --------------------------------------------- https://www.cyberark.com/resources/threat-research-blog/inside-matanbuchus-… ∗∗∗ Top 10 Awesome Open-Source Adversary Simulation Tools ∗∗∗ --------------------------------------------- Cyberattack simulation, aka Threat Simulation, is an emerging IT security technology that can help discover gaps, vulnerabilities, and misconfigurations in your security infrastructure. We will take a look at the need for adversary simulation and the top ten open-source adversary simulation tools. --------------------------------------------- https://fourcore.io/blogs/top-10-open-source-adversary-emulation-tools ∗∗∗ Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack ∗∗∗ --------------------------------------------- Over the last few years, multiple VMware ESXi remote, unauthenticated code execution vulnerabilities have been publicly disclosed. Some were also found to be exploited in the wild. Since these bugs were found in ESXi’s implementation of the SLP service, VMware provided workarounds to turn off the service. VMware also disabled the service by default starting with ESX 7.0 Update 2c. In this blog post, we explore another remotely reachable attack surface: ESXi’s TCP/IP stack --------------------------------------------- https://www.thezdi.com/blog/2022/7/25/looking-at-patch-gap-vulnerabilities-… ∗∗∗ What Talos Incident Response learned from a recent Qakbot attack hijacking old email threads ∗∗∗ --------------------------------------------- In a recent malspam campaign delivering the Qakbot banking trojan, Cisco Talos Incident Response (CTIR) observed the adversary using aggregated, old email threads from multiple organizations that we assess were likely harvested during the 2021 ProxyLogon-related compromises targeting vulnerable Microsoft Exchange servers. This campaign relies on external thread hijacking, whereby the adversary is likely using a bulk aggregation of multiple organizations’ harvested emails to launch focused phishing campaigns against previously uncompromised organizations. This differs from the more common approach to thread hijacking, in which attackers use a single compromised organization’s emails to deliver their threat. --------------------------------------------- http://blog.talosintelligence.com/2022/07/what-talos-incident-response-lear… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel and openjdk-17), Fedora (ceph, lua, and moodle), Oracle (java-1.8.0-openjdk), Red Hat (grafana), SUSE (git, kernel, libxml2, nodejs16, and squid), and Ubuntu (imagemagick, protobuf-c, and vim). --------------------------------------------- https://lwn.net/Articles/902642/ ∗∗∗ Samba: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, einen Denial of Service Zustand zu verursachen oder seine Rechte zu erweitern. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0842 ∗∗∗ MOXA NPort 5110 ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Out-of-bounds Write vulnerability in MOXA NPort 5110, a device server. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-207-04 ∗∗∗ Honeywell Saia Burgess PG5 PCD ∗∗∗ --------------------------------------------- This advisory contains mitigations for Authentication Bypass and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in Honeywell Saia Burgess PG5 PCD, a PLC. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-207-03 ∗∗∗ Honeywell Safety Manager ∗∗∗ --------------------------------------------- This advisory contains mitigations for Insufficient Verification of Data Authenticity, Missing Authentication for Critical Function, and Use of Hard-coded Credentials vulnerabilities in Honeywell Safety Manager, a safety solution of the Experion Process Knowledge System. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-207-02 ∗∗∗ Inductive Automation Ignition ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in versions of Inductive Automation Ignition software. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-207-01 ∗∗∗ CVE-2022-35629..35632 Velociraptor Multiple Vulnerabilities (FIXED) ∗∗∗ --------------------------------------------- This advisory covers a number of issues identified in Velociraptor and fixed as of Version 0.6.5-2, released July 26, 2022. --------------------------------------------- https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velocirapt… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest (CVE-2021-35561, CVE-2022-21299, CVE-2022-21496) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2022 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to local privilege escalation (CVE-2021-39088) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2022-0778, CVE-2022-1292) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openss… ∗∗∗ Security Bulletin: OpenSSL as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2022-0778) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qr… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-applicati… ∗∗∗ Security Bulletin: Apache Commons Email as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2017-9801, CVE-2018-1294) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-email-as-u… ∗∗∗ Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to a denial of service due to jackson-databind (CVE-2020-36518) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-i… ∗∗∗ Security Bulletin: IBM Maximo Asset Management, IBM Maximo Manage in IBM Maximo Application Suite and IBM Maximo Manage in IBM Maximo Application Suite as a Service may be affected by XML External Entity (XXE) attacks (CVE-2021-33813) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Multiple vulnerabilites affect IBM Engineering Test Management product due to XStream ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-a… ∗∗∗ Security Bulletin: Apache Derby security vulnerabilities in IBM System Dashboard for Enterprise Content Manager (affected, not vulnerable) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-derby-security-vul… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.07.2022
by Daily end-of-shift report 26 Jul '22

26 Jul '22

===================== = End-of-Day report = ===================== Timeframe: Montag 25-07-2022 18:00 − Dienstag 26-07-2022 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Betrugsmasche nimmt auf Willhaben zu: Konsumentenschützer warnen ∗∗∗ --------------------------------------------- Wer im auf Handelsplattformen wie Willhaben unterwegs ist, sollte vorsichtig mit seinen persönlichen Daten umgehen. --------------------------------------------- https://futurezone.at/digital-life/phishing-willhaben-betrug-opfer-sicherhe… ∗∗∗ Sicherheit: Forscher greifen Smartphones über Ladebuchse an ∗∗∗ --------------------------------------------- Ghost Touches sind erzwungene Berührungen auf Touchscreens von Smartphones und Tablets - Forscher konnten diese über ein Ladekabel auslösen. --------------------------------------------- https://www.golem.de/news/sicherheit-forscher-greifen-smartphones-ueber-lad… ∗∗∗ How is Your macOS Security Posture?, (Tue, Jul 26th) ∗∗∗ --------------------------------------------- Many people who use Apple devices daily often have a wrong sense of security. A few years ago, Apple devices were left aside of many security issues that Windows users faced for a long time. Also, based on a BSD layer, the OS wasn' a juicy target for attackers. Today, the landscape changed: Apple devices, especially Macbooks, are used not only by "creators" (musicians, designers, ...) and geeks but by many interesting profiles like managers and security researchers. --------------------------------------------- https://isc.sans.edu/diary/rss/28882 ∗∗∗ Month of PowerShell - PowerShell Version of Keeper (Save Useful Command Lines) ∗∗∗ --------------------------------------------- In this article we build a useful PowerShell function to save useful commands for later reference: Save-Keeper! --------------------------------------------- https://www.sans.org/blog/powershell-version-keeper?msc=rss ∗∗∗ How to analyze Linux malware – A case study of Symbiote ∗∗∗ --------------------------------------------- Symbiote is a Linux threat that hooks libc and libpcap functions to hide the malicious activity. The malware hides processes and files that are used during the activity by implementing two functions called hidden_proc and hidden_file. It can also hide network connections based on a list of ports and by hijacking any injected packet filtering bytecode. The malware’s purpose is to steal credentials from the SSH and SCP processes by hooking the libc read function. --------------------------------------------- https://cybergeeks.tech/how-to-analyze-linux-malware-a-case-study-of-symbio… ∗∗∗ CVE-2022-31813: Forwarding addresses is hard ∗∗∗ --------------------------------------------- A few weeks ago, version 2.4.54 of Apache HTTPD server was released. It includes a fix for CVE-2022-31813, a vulnerability we identified in mod_proxy that could affect unsuspecting applications served by an Apache reverse proxy. Lets see why it is rated as low in the software changelog and why it still matters. TL;DR: when in doubt, patch! --------------------------------------------- https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-… ∗∗∗ Brennholz, Pellets, Photovoltaik & Co: Vorsicht vor Fake-Shops ∗∗∗ --------------------------------------------- Zahlreichen Fake-Shops mit Brennholz, lassen Kriminelle nun Photovoltaik-Shops wie solanex.de und solarnetz.at folgen. Die aktuelle Energiekrise soll offenbar maximal ausgenützt werden. Wechselrichter, Solaranlagen und Stromspeicher – all jene Produkte, die am Markt momentan schwer zu erhalten sind, sind bei solanex.de und solarnetz.at nicht nur lagernd, sondern teils weit unter Marktpreis zu haben. Kaufen Sie hier nichts, denn die Vorkassezahlungen sind verloren! --------------------------------------------- https://www.watchlist-internet.at/news/brennholz-pellets-photovoltaik-co-vo… ∗∗∗ Ransomware: 1.5 million people have got their files back without paying the gangs. Heres how ∗∗∗ --------------------------------------------- No More Ransom project now offers free tools for decrypting 165 families of ransomware as the fight against extortion groups continues. --------------------------------------------- https://www.zdnet.com/article/ransomware-1-5-million-people-have-got-their-… ===================== = Vulnerabilities = ===================== ∗∗∗ Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores ∗∗∗ --------------------------------------------- The issue in question is an SQL injection vulnerability affecting versions 1.6.0.10 or greater, and is being tracked as CVE-2022-36408. ... The PrestaShop maintainers also said they found a zero-day flaw in its service that they said has been addressed in version 1.7.8.7, although they cautioned that "we cannot be sure that it's the only way for them to perform the attack." --------------------------------------------- https://thehackernews.com/2022/07/hackers-exploit-prestashop-zero-day-to.ht… ∗∗∗ Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers ∗∗∗ --------------------------------------------- FileWaves mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it."The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty security researcher Noam Moshe said in a Monday report. --------------------------------------------- https://thehackernews.com/2022/07/critical-filewave-mdm-flaws-open.html ∗∗∗ Xen XSA-408 - insufficient TLB flush for x86 PV guests in shadow mode ∗∗∗ --------------------------------------------- For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-408.html ∗∗∗ Weitere Lücken in Videokonferenz-Hardware Meeting Owl geschlossen ∗∗∗ --------------------------------------------- Owl Labs hat seine Geräte mit zusätzlichen Sicherheitsupdates gegen mögliche Attacken abgesichert. --------------------------------------------- https://heise.de/-7189904 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (spip), Mageia (libtiff and logrotate), Oracle (java-1.8.0-openjdk and java-11-openjdk), SUSE (gpg2, logrotate, and phpPgAdmin), and Ubuntu (python-bottle). --------------------------------------------- https://lwn.net/Articles/902547/ ∗∗∗ LibreOffice: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in LibreOffice ausnutzen, um Sicherheitsvorkehrungen zu umgehen und vertrauliche Informationen offenzulegen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0821 ∗∗∗ Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27509 ∗∗∗ --------------------------------------------- A vulnerability has been discovered in Citrix ADC and Citrix Gateway which enables an attacker to create a specially crafted URL that redirects to a malicious website. Pre-conditions: - Appliance must be configured as a VPN (Gateway) or AAA virtual server - A victim user must use an attacker-crafted link --------------------------------------------- https://support.citrix.com/article/CTX457836/citrix-adc-and-citrix-gateway-… ∗∗∗ Security Bulletin: Vulnerability in libcURL affect IBM Rational ClearCase ( CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27782, CVE-2022-30115, CVE-2022-27774 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libcurl-… ∗∗∗ Security Bulletin: IBM Security Verify Information Queue web UI is vulnerable to cross-site request forgery (CVE-2022-35286) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-infor… ∗∗∗ Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework and Apache Commons(CVE-2022-22970,CVE-2022-22971,CVE-2022-33980) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-common-licensing-is-v… ∗∗∗ Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficiently protected access tokens (CVE-2022-22412) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-autom… ∗∗∗ Security Bulletin: A security vulnerability in Node.js nconf affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to arbitrary code execution due to node.js minimist module ( CVE-2021-44906) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ Security Bulletin: A security vulnerability in Node.js node-forge affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2021-45960, CVE-2021-46143 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25315 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: WebSphere network security vulnerability in IBM Content Foundation on Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-network-securit… ∗∗∗ Security Bulletin: A security vulnerability in Node.js node-forge affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Slowloris HTTP DOS attack (CVE-2022-35639) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-partner-enga… ∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A security vulnerability in Node.js node-forge affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2022-1292, CVE-2022-0778) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: IBM Cloud Pak for Security is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-securit… ∗∗∗ Security Bulletin: Java SE as used by IBM Cloud Pak For Security is vulnerable to information disclosure and denial of service. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-java-se-as-used-by-ibm-cl… ∗∗∗ Security Bulletin: IBM Robotic Process Automation is vulnerable to arbitrary code execution due to async (CVE-2021-43138) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-autom… ∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Sterling Control Center vulnerable to arbitrary file upload and sensitive information exposure due to IBM Cognos Analytics (CVE-2021-38945, CVE-2021-29768) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-cent… ∗∗∗ Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining and could allow a local attacker to execute arbitrary code on the system (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-spring-f… ∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase ( CVE-2021-35578, CVE-2021-35603, CVE-2021-35550, CVE-2021-35561, CVE-2022-21299 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.07.2022
by Daily end-of-shift report 25 Jul '22

25 Jul '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-07-2022 18:00 − Montag 25-07-2022 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows-Sicherheit: Microsoft härtet RDP, MS-Office und geschützte Prozesse ∗∗∗ --------------------------------------------- Automatische Login-Sperren, Schutz vor Makros und Passwortklau - hinter den Kulissen tut sich einiges. Mit der Kommunikation tut sich Microsoft jedoch schwer. --------------------------------------------- https://heise.de/-7189313 ∗∗∗ Vorsicht vor gefälschten Post und DHL-Mails ∗∗∗ --------------------------------------------- Kriminelle geben sich als Post oder DHL aus und versenden wahllos betrügerische E-Mails. In den E-Mails mit dem Betreff „Ihr Paket wartet auf die Zustellung“ oder „Ihr Paket ist gerade bei der örtlichen Post angekommen“ wird behauptet, dass ein Paket angekommen sei, es aber nicht zugestellt werden kann, weil noch Zoll- bzw. Lieferkosten offen seien. Sie werden aufgefordert, auf einen Link zu klicken. Ignorieren Sie derartige E-Mails. Es handelt sich um Fake! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-post-und-d… ∗∗∗ CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit ∗∗∗ --------------------------------------------- In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. --------------------------------------------- https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/ ∗∗∗ Month of PowerShell: Process Threat Hunting, Part 1 ∗∗∗ --------------------------------------------- PowerShell is a powerful tool for threat hunting. Here we look at PowerShell threat hunting steps by assessing processes on Windows. --------------------------------------------- https://www.sans.org/blog/process-threat-hunting-part-1/ ∗∗∗ Month of PowerShell - The Curious Case of AD User Properties ∗∗∗ --------------------------------------------- Where are all of the user properties for Active Directory users for Get-ADUSer? --------------------------------------------- https://www.sans.org/blog/curious-case-ad-user-properties/ ∗∗∗ Month of PowerShell: Process Threat Hunting, Part 2 ∗∗∗ --------------------------------------------- We continue our look at PowerShell threat hunting through process analysis, identifying Command & Control/C2 threats on a Windows system. --------------------------------------------- https://www.sans.org/blog/process-threat-hunting-part-2/ ∗∗∗ Defeating Javascript Obfuscation ∗∗∗ --------------------------------------------- To make a long story short, I’m releasing a Javascript deobfuscation tool called REstringer. To make a short story long - I want to share my incentive for creating the tool, some design decisions, and the process through which I’m adding new capabilities to it - so you can join in on the fun! --------------------------------------------- https://www.perimeterx.com/tech-blog/2022/defeating-javascript-obfuscation/ ∗∗∗ A repository of Windows persistence mechanisms ∗∗∗ --------------------------------------------- The repository tries to gather an information about Windows persistence mechanisms to make the protection/detection more efficient. Most of the information is well known for years, being actively used within various scenarios. --------------------------------------------- https://persistence-info.github.io/ ∗∗∗ IAM-Deescalate: An Open Source Tool to Help Users Reduce the Risk of Privilege Escalation ∗∗∗ --------------------------------------------- We developed an open source tool, IAM-Deescalate, to help mitigate the privilege escalation risks of overly permissive identities in AWS. --------------------------------------------- https://unit42.paloaltonetworks.com/iam-deescalate/ ∗∗∗ Case closed: DIVD-2022-00009 - SolarMan backend administrator account/password ∗∗∗ --------------------------------------------- DIVD researcher Jelle Ursem found the password of the super user of the web backend for all SolarMan / Solis / Omnik / Ginlong inverters, loggers, and batteries. The password has been changed now, and the repository containing the password has been deleted. --------------------------------------------- https://csirt.divd.nl/cases/DIVD-2022-00009/ ∗∗∗ Cases of Attacks Targeting Vulnerable Atlassian Confluence Servers ∗∗∗ --------------------------------------------- The ASEC analysis team has been monitoring attacks that are targeting vulnerable systems. This post will discuss cases of attacks targeting vulnerable Atlassian Confluence Servers that are not patched. --------------------------------------------- https://asec.ahnlab.com/en/36820/ ===================== = Vulnerabilities = ===================== ∗∗∗ Google Chrome: Update schließt Hochrisiko-Sicherheitslöcher ∗∗∗ --------------------------------------------- Google veröffentlicht ein Update für Chrome, das elf potenzielle Sicherheitsschwachstellen schließt - fünf davon sind mit High Risk bewertet. --------------------------------------------- https://www.golem.de/news/google-chrome-update-schliesst-hochrisiko-sicherh… ∗∗∗ Angreifer könnten Scan-Engine von F-Secure und WithSecure crashen lassen ∗∗∗ --------------------------------------------- Patches schließen mehrere Lücken in Sicherheitsprodukten von WithSecure ehemals F-Secure. --------------------------------------------- https://heise.de/-7189082 ∗∗∗ Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505) ∗∗∗ --------------------------------------------- The following vulnerabilities were found as part of a research project looking at the state of security of the different Nuki (smart lock) products. The main goal was to look for vulnerabilities which could affect to the availability, integrity or confidentiality of the different devices, from hardware to software. Eleven vulnerabilities were discovered. --------------------------------------------- https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulner… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, djangorestframework, gsasl, and openjdk-11), Fedora (giflib, openssl, python-ujson, and xen), Mageia (virtualbox), SUSE (git, gpg2, java-1_7_1-ibm, java-1_8_0-ibm, java-1_8_0-openjdk, mozilla-nspr, mozilla-nss, mozilla-nss, python-M2Crypto, and s390-tools), and Ubuntu (php8.1). --------------------------------------------- https://lwn.net/Articles/902400/ ∗∗∗ WordPress Plugin "Newsletter" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN77850327/ ∗∗∗ Multiple vulnerabilities in untangle ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN30454777/ ∗∗∗ K08152433: Intel processors MMIO stale data vulnerability CVE-2022-21166 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K08152433/ ∗∗∗ Unify OpenScape Branch: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0814 ∗∗∗ Security Bulletin: A failed attempt to regenerate an IBM Security Verify Information Queue API token reveals sensitive data (CVE-2022-35288) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-failed-attempt-to-regen… ∗∗∗ Security Bulletin: A security vulnerability in Node.js node-forge affects IBM Cloud Pak for Multicloud Management Managed Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Vulnerabilities from log4j affect IBM Operations Analytics – Log Analysis (CVE-2019-17571, CVE-2020-9488) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-from-log4… ∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: IBM Security Verify Information Queue distributes configuration files with hard-coded credentials (CVE-2022-35287) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-infor… ∗∗∗ Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2022-23307). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson… ∗∗∗ Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics – Log Analysis (CVE-2021-44832, CVE-2021-45105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-from-log4… ∗∗∗ Security Bulletin: Multiple vulnerabilities in log4j-1.2.16.jar used by IBM Operations Analytics – Log Analysis ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Audit events query facility in IBM Security Verify Information Queue is vulnerable to SQL injection (CVE-2022-35285) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-audit-events-query-facili… ∗∗∗ Security Bulletin: Session cookie used by IBM Security Verify Information Queue is not properly secured (CVE-2022-35284) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-session-cookie-used-by-ib… ∗∗∗ Security Bulletin: A security vulnerability in Node.js node-forge affects IBM Cloud Pak for Multicloud Management Managed Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.07.2022
by Daily end-of-shift report 22 Jul '22

22 Jul '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-07-2022 18:00 − Freitag 22-07-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SATAn-Attacke: Zweckentfremdetes SATA-Kabel funkt geheime Infos ∗∗∗ --------------------------------------------- Sicherheitsforscher, die auf Attacken auf abgeschottete Air-Gap-Systeme spezialisiert sind, haben eine neue Methode vorgestellt. --------------------------------------------- https://heise.de/-7186463 ∗∗∗ Confluence Security Advisory 2022-07-20 ∗∗∗ --------------------------------------------- Confluence hat zum 20. Juli 2022 das Security Advisory 2022-07-20 veröffentlicht und heute aktualisiert. Im Sicherheitshinweis geht es um Confluence-Konten mit fest kodierten Anmeldeinformationen, die von Questions for Confluence erstellt wurden. Das betrifft die Confluence-App für Confluence Server und Confluence Data Center. --------------------------------------------- https://www.borncity.com/blog/2022/07/21/confluence-security-advisory-2022-… ∗∗∗ Zero-day used to infect Chrome users could pose threat to Edge and Safari users, too ∗∗∗ --------------------------------------------- After laying low, exploit seller Candiru rears its ugly head once more. --------------------------------------------- https://arstechnica.com/?p=1868594 ∗∗∗ Maldoc: non-ASCII VBA Identifiers, (Thu, Jul 21st) ∗∗∗ --------------------------------------------- I found a malicious Office document with VBA code where most of the identifiers (variables, function names, ...) consist solely out of characters that are not ASCII (.e.g, these characters have values between 128 and 255). --------------------------------------------- https://isc.sans.edu/diary/rss/28866 ∗∗∗ An Analysis of a Discerning Phishing Website , (Fri, Jul 22nd) ∗∗∗ --------------------------------------------- Cybercriminals and adversaries have long used phishing websites to obtain credentials and access systems they usually would not have access to. Indeed, it could be more cost-effective than other methods, such as buying zero-day vulnerabilities and weaponizing them. I was alerted to a phishing attempt and requested further details. After doing some analysis, I observed several differences and technological improvements that the adversaries had made as compared to the usual phishing attempts. --------------------------------------------- https://isc.sans.edu/diary/rss/28870 ∗∗∗ Month of PowerShell - Recording Your Session with Start-Transcript ∗∗∗ --------------------------------------------- PowerShell allows us to create a transaction file of all commands entered and output received, perfect for pentests, incident response, and more! --------------------------------------------- https://www.sans.org/blog/recording-your-session-with-start-transcript ∗∗∗ Cryptominers & WebAssembly in Website Malware ∗∗∗ --------------------------------------------- WebAssembly (also referred to as Wasm) is a binary instruction format that runs in the browser to enable high-performance applications on web pages and can be executed much faster than traditional JavaScript. WebAssembly can be executed in a variety of environments, including servers, IoT devices, and mobile or desktop apps — but was originally designed to run on the web. --------------------------------------------- https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware… ∗∗∗ An Easier Way to Keep Old Python Code Healthy and Secure ∗∗∗ --------------------------------------------- Python has its pros and cons, but its nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Pythons inherent approachability also creates a couple of problems. --------------------------------------------- https://thehackernews.com/2022/07/an-easier-way-to-keep-old-python-code.html ∗∗∗ Sh*Load Exploits (Episode V: Return of the Error) ∗∗∗ --------------------------------------------- Our first post in the Firmware Developers Need To Know blog series, Episode I: The Last Error, pointed out the benefits of adopting clean error codes. And then two weeks later, TLStorm, bam. Armis’ research engineers announced the discovery of three vulnerabilities in APC devices –the key problem – ignoring error codes! Unfortunately, little attention or thought is paid to error codes within firmware code (and many critical open source projects). --------------------------------------------- https://dellfer.com/shload-exploits-episode-v-return-of-the-error/ ∗∗∗ PART 1: How I Met Your Beacon – Overview ∗∗∗ --------------------------------------------- During this research we will outline a number of effective strategies for hunting for beacons, supported by our BeaconHunter tool that we developed to execute these strategies and which we intend to open source in due course. --------------------------------------------- https://www.mdsec.co.uk/2022/07/part-1-how-i-met-your-beacon-overview/ ∗∗∗ Cloud Threat Detection: To Agent or Not to Agent? ∗∗∗ --------------------------------------------- Should you be using agents to secure cloud applications, or not? The answer depends on what exactly youre trying to secure. --------------------------------------------- https://www.rapid7.com/blog/post/2022/07/22/cloud-threat-detection-to-agent… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins 2022-07-21 ∗∗∗ --------------------------------------------- IBM Cloud App Management, IBM Cloud Pak for Multicloud Management Monitoring, IBM Rational Build Forge, IBM Rational Build Forge, IBM Cloud App Management, IBM Tivoli Netcool Manager. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (gnupg2, oci-seccomp-bpf-hook, suricata, and vim), Oracle (java-11-openjdk), Slackware (net), and SUSE (kernel, nodejs16, rubygem-rack, and webkit2gtk3). --------------------------------------------- https://lwn.net/Articles/902184/ ∗∗∗ Moodle: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0797 ∗∗∗ Veritas NetBackup: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Veritas NetBackup ausnutzen, um beliebigen Programmcode auszuführen oder seine Privilegien zu erweitern. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0801 ∗∗∗ Veritas NetBackup: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann eine Schwachstelle in Veritas NetBackup ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen, seine Privilegien zu erweitern und Verzeichnisse zu manipulieren. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0802 ∗∗∗ F-Secure Linux Security: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in F-Secure Linux Security und F-Secure Internet Gatekeeper ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0803 ∗∗∗ AutomationDirect Stride Field I/O ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Cleartext Transmission of Sensitive Information vulnerability in AutomationDirect products. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-202-05 ∗∗∗ ICONICS Suite and Mitsubishi Electric MC Works64 Products ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Path Traversal, Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere, Out-of-Bounds Read vulnerabilities in the SCADA products. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-202-04 ∗∗∗ Rockwell Automation ISaGRAF Workbench ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in the ISaGRAF Workbench. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-202-03 ∗∗∗ Johnson Controls Metasys ADS, ADX, OAS ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Missing Authentication for Critical Function vulnerability in the Metasys ADS, ADX, OAS. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-202-02 ∗∗∗ ABB Drive Composer, Automation Builder, Mint Workbench ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Improper Privilege Management vulnerabilities in the ABB products. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-202-01 ∗∗∗ Unauthenticated SQL Injection in SonicWall GMS and Analytics ∗∗∗ --------------------------------------------- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.07.2022
by Daily end-of-shift report 21 Jul '22

21 Jul '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-07-2022 18:00 − Donnerstag 21-07-2022 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Apple Patches Everything Day, (Wed, Jul 20th) ∗∗∗ --------------------------------------------- Apple today released its usual "surprise patch day" in updating all of its operating systems. There may still be specific Safari updates, but for currently supported operating systems, the operating system upgrades should include respective Safari/WebKit fixes. --------------------------------------------- https://isc.sans.edu/diary/rss/28862 ∗∗∗ New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems ∗∗∗ --------------------------------------------- A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems. --------------------------------------------- https://thehackernews.com/2022/07/new-linux-malware-framework-let.html ∗∗∗ Outlook email users alerted to suspicious activity from Microsoft-owned IP address ∗∗∗ --------------------------------------------- People turn amateur sleuths to discover that the source of all those sign-ins seems to be in Redmond Strange things are afoot in the world of Microsoft email with multiple users reporting unusual sign-in notifications for their Outlook accounts. --------------------------------------------- https://www.theregister.com/2022/07/21/outlook_sign_ins/ ∗∗∗ [CVE-2022-34918] A crack in the Linux firewall ∗∗∗ --------------------------------------------- In our previous article Yet another bug into Netfilter, I presented a vulnerability found within the netfilter subsystem of the Linux kernel. During my investigation, I found a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22.04. --------------------------------------------- https://www.randorisec.fr/crack-linux-firewall/ ∗∗∗ Gitlab Project Import RCE Analysis (CVE-2022-2185) ∗∗∗ --------------------------------------------- At the beginning of this month, GitLab released a security patch for versions 14->15. Interestingly in the advisory, there was a mention of a post-auth RCE bug with CVSS 9.9. The bug exists in GitLab’s Project Imports feature, which was found by @vakzz. Incidentally, when I rummaged in the author’s h1 profile. I discovered that four months ago, he also found a bug in the import project feature. --------------------------------------------- https://starlabs.sg/blog/2022/07-gitlab-project-import-rce-analysis-cve-202… ∗∗∗ Cybercrime: Industriesteuerungen im Visier ∗∗∗ --------------------------------------------- Ein Passwort-Cracker mit Trojaner an Bord liefert Passwörter für programmierbare Industrie-Steuersysteme frei Haus und wirft damit eine wichtige Frage auf. --------------------------------------------- https://heise.de/-7185890 ∗∗∗ Vorsicht vor Shops mit Abo-Fallen ∗∗∗ --------------------------------------------- Sie suchen nach einem Produkt online – sei es Make-Up, Sportkleidung oder Tiernahrung. Plötzlich stoßen Sie auf ein gutes Angebot und das Produkt ist sogar 60 % billiger, wenn Sie VIP-Mitglied werden. Doch im Kleingedruckten steht: Mit diesem Einkauf schließen Sie eine automatische Clubmitgliedschaft und ein teures Abo ab. Vorsicht vor diesen unseriösen Abo-Fallen! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-shops-mit-abo-fallen/ ∗∗∗ Shodan Verified Vulns 2022-07-01 ∗∗∗ --------------------------------------------- Mit Stand 2022-07-01 sieht Shodan in Österreich die folgenden Schwachstellen: Verglichen mit Juni 2022 ist durch die Bank ein leichter Abwärtstrend zu erkennen (insgesamt von 9355 auf 8987 verifizierte Schwachstellen). Spitzenreiter sind noch immer CVE-2015-0204 (SSL FREAK, 4090) und CVE-2015-4000 (Logjam, 3193). Davor schon relativ gering vertreten (35), jedoch auffällig gesunken ist die Schwachstelle CVE-2021-43798 (Grafana Path Traversal Vulnerability, -80%). Ausreißer nach oben oder Neuzugänge gibt es nicht. --------------------------------------------- https://cert.at/de/aktuelles/2022/7/shodan-verified-vulns-2022-07-01 ===================== = Vulnerabilities = ===================== ∗∗∗ Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability ∗∗∗ --------------------------------------------- Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username "disabledsystemuser." --------------------------------------------- https://thehackernews.com/2022/07/atlassian-releases-patch-for-critical.html ∗∗∗ Schadcode-Attacken mit Root-Rechten auf Cisco Nexus Dashboard möglich ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Hard- und Software vom Netzwerkausrüster Cisco. --------------------------------------------- https://heise.de/-7185582 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (kernel and kernel-linus), SUSE (dovecot23), and Ubuntu (freetype, libxml-security-java, and linux-oem-5.17). --------------------------------------------- https://lwn.net/Articles/902011/ ∗∗∗ Request Tracker: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Request Tracker ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder Sicherheitsmaßnahmen zu umgehen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0788 ∗∗∗ Security Bulletin: IBM Tivoli Network Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2019-1757) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-network-manage… ∗∗∗ Security Bulletin: Security Vulnerabilities have been fixed in IBM Security Access Manager appliance (CVE-2022-24407, CVE-2020-25709, CVE-2020-25710) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Verify Information Queue uses an Oracle JDBC jar with multiple vulnerabilities (CVE-2019-2444, CVE-2019-2619, CVE-2017-10321, CVE-2017-10202) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-infor… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Security Verify Information Queue connect image (CVE-2020-9493, CVE-2022-23307) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: IBM Security Verify Information Queue uses a Wire Schema jar with multiple vulnerabilities (CVE-2020-27853, CVE-2021-41093) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-infor… ∗∗∗ Security Bulletin: IBM Security Verify Information Queue uses a Google gRPC framework with multiple vulnerabilities (CVE-2017-7860, CVE-2017-7861, CVE-2017-9431) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-infor… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-38936) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Governance, Identity Manager virtual appliance component ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: OpenSSL vulnerabilities in the IBM Security Verify Information Queue web server (CVE-2021-3711, CVE-2021-3712) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-i… ∗∗∗ Security Bulletin: Vulnerability in async opensource package affects IBM VM Recovery Manager HA & DR GUI ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-async-op… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ CVE-2022-0778: Sicherheitslücken mit Denial of Service-Potential in OpenSSL ∗∗∗ --------------------------------------------- https://www.sprecher-automation.com/it-sicherheit/security-alerts ∗∗∗ Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2022-015 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2022-015 ∗∗∗ Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2022-014 ∗∗∗ Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2022-013 *** Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012 *** --------------------------------------------- https://www.drupal.org/sa-core-2022-012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.07.2022
by Daily end-of-shift report 20 Jul '22

20 Jul '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-07-2022 18:00 − Mittwoch 20-07-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücken in GPS-Tracker von MiCODUS können Menschenleben gefährden ∗∗∗ --------------------------------------------- Sicherheitsforscher warnen davor, dass Angreifer unter anderem PKWs der Regierung aus der Ferne stoppen könnten. Sicherheitspatches gibt es bislang nicht. --------------------------------------------- https://heise.de/-7184324 ∗∗∗ Phishing-Mail zu „unbefugten Aktivitäten“ ignorieren! ∗∗∗ --------------------------------------------- Aktuell kursiert eine Phishing Nachricht im Namen der Raiffeisen Bank, die nach einer Authentifizierung verlangt. Angeblich wurde eine Zahlung in Höhe von 1259,00 EUR vorgenommen, die blockiert wurde. Achtung: Es handelt sich lediglich um einen erfundenen Grund, mit dem Kriminelle Sie zum Klick auf eine Phishing-Seite bewegen wollen. Löschen Sie die Nachricht einfach! --------------------------------------------- https://www.watchlist-internet.at/news/phishing-mail-zu-unbefugten-aktivita… ∗∗∗ Breaking down CISs new software supply chain security guidance ∗∗∗ --------------------------------------------- Securing the software supply chain continues to be one of the most discussed topics currently among IT and cybersecurity leaders. A study by In-Q-Tel researchers shows a rapid rise in software supply chain attacks starting around 2016, going from almost none in 2015 to about 1,500 in 2020. The Cloud Native Computing Foundation’s (CNCF’s) catalog of software supply chain attacks also supports a rise in this attack vector. --------------------------------------------- https://www.csoonline.com/article/3666742/breaking-down-ciss-new-software-s… ∗∗∗ Luna and Black Basta — new ransomware for Windows, Linux and ESXi ∗∗∗ --------------------------------------------- This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta. --------------------------------------------- https://securelist.com/luna-black-basta-ransomware/106950/ ∗∗∗ PrestaShop Skimmer Concealed in One Page Checkout Module ∗∗∗ --------------------------------------------- PrestaShop is a popular freemium open source e-commerce platform used by hundreds of thousands of webmasters to sell products and services to website visitors. While PrestaShop’s CMS market share is only 0.8%, it should still come as no surprise that attackers have been crafting malware to specifically target environments who use this software. --------------------------------------------- https://blog.sucuri.net/2022/07/prestashop-skimmer-concealed-in-one-page-ch… ∗∗∗ LockBit: Ransomware Puts Servers in the Crosshairs ∗∗∗ --------------------------------------------- LockBit affiliates using servers to spread ransomware throughout networks. --------------------------------------------- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lo… ∗∗∗ Analysis of a trojanized jQuery script: GootLoader unleashed ∗∗∗ --------------------------------------------- In this blog post, we will perform a deep analysis into GootLoader, malware which is known to deliver several types of payloads, such as Kronos trojan, REvil, IcedID, GootKit payloads and in this case Cobalt Strike. --------------------------------------------- https://blog.nviso.eu/2022/07/20/analysis-of-a-trojanized-jquery-script-goo… ∗∗∗ 4 Strategies for Achieving Greater Visibility in the Cloud ∗∗∗ --------------------------------------------- Here are four ways to put visibility at the center of your cloud security approach and better understand whats going on in your environment. --------------------------------------------- https://www.rapid7.com/blog/post/2022/07/20/4-strategies-for-achieving-grea… ===================== = Vulnerabilities = ===================== ∗∗∗ Jetzt patchen! Oracle sichert seine Produkte mit 349 Updates ab ∗∗∗ --------------------------------------------- Wichtige Sicherheitspatches schließen unter anderem kritische Lücken in Oracle-Anwendungen. --------------------------------------------- https://heise.de/-7184179 ∗∗∗ Sicherheitsupdates: Root-Lücke bedroht Zyxel-Firewalls ∗∗∗ --------------------------------------------- Mehrere Firewall-Modelle von Zyxel sind über Sicherheitslücken attackierbar. --------------------------------------------- https://heise.de/-7184526 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (golang-github-gosexy-gettext, golang-github-hub, oci-seccomp-bpf-hook, and popub), Oracle (kernel and kernel-container), SUSE (python2-numpy), and Ubuntu (check-mk and pyjwt). --------------------------------------------- https://lwn.net/Articles/901879/ ∗∗∗ Chrome 103 Update Patches High-Severity Vulnerabilities ∗∗∗ --------------------------------------------- Google this week announced a Chrome update that resolves a total of 11 vulnerabilities in the browser, including six reported by external researchers. Of these, five are use-after-free issues, including four that are considered “high severity.” --------------------------------------------- https://www.securityweek.com/chrome-103-update-patches-high-severity-vulner… ∗∗∗ HCL BigFix: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0733 ∗∗∗ OpenJDK: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenJDK ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0746 ∗∗∗ Arista EOS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Arista EOS ausnutzen, um Sicherheitsvorkehrungen zu umgehen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0761 ∗∗∗ Red Hat OpenShift (Logging Subsystem): Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift (Logging Subsystem) ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0707 ∗∗∗ Security Bulletin: IBM Resilient Platform could allow formula injection in Excel (CVE-2020-4633) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-platform-co… ∗∗∗ Security Bulletin: IBM InfoSphere Information Analyzer is affected by a cross-site scripting vulnerability in jQuery-UI(CVE-2021-41184) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: Multiple cross-site scripting vulnerabilities in JQuery affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-cross-site-scrip… ∗∗∗ Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization – Apache Log4j – CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-security-vul… ∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Expact library. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-securi… ∗∗∗ Security Bulletin: IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to improper certificate validation (CVE-2021-29755) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-securi… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to infomation disclosured due to incorrect file permissions (CVE-2022-22424) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to infomarion discosure (CVE-2021-38936) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: Vulnerability in Java SE related to the JSSE component affects DB2 Recovery Expert for Linux, Unix and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-java-se-… ∗∗∗ Security Bulletin: A security vulnerability in Node.js nconf affects IBM Cloud Pak for Multicloud Management Managed Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-2773) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-usi… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily