===================== = End-of-Day report = =====================
Timeframe: Dienstag 13-09-2022 18:00 − Mittwoch 14-09-2022 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Securing your IoT devices against cyber attacks in 5 steps ∗∗∗ --------------------------------------------- How is IoT being used in the enterprise, and how can it be secured? We will demonstrate important security best practices and how a secure password policy is paramount to the security of devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/securing-your-iot-devices-aga...
∗∗∗ Easy Process Injection within Python, (Wed, Sep 14th) ∗∗∗ --------------------------------------------- Process injection is a common technique used by malware to cover their tracks. What looks more legit than a process called "notepad.exe" or "explorer.exe"? --------------------------------------------- https://isc.sans.edu/diary/rss/29048
∗∗∗ Neue Phishing-Masche: Fake-Konversationen für mehr Glaubwürdigkeit ∗∗∗ --------------------------------------------- Sicherheitsforscher warnen vor einer neuen Taktik, die Phishing-Mails noch glaubhafter erscheinen lässt. --------------------------------------------- https://heise.de/-7263942
∗∗∗ Passengers Exposed to Hacking via Vulnerabilities in Airplane Wi-Fi Devices ∗∗∗ --------------------------------------------- Researchers have discovered two potentially serious vulnerabilities in wireless LAN devices that they say are often used in airplanes. --------------------------------------------- https://www.securityweek.com/passengers-exposed-hacking-vulnerabilities-airp...
∗∗∗ Malware Infects Magento-Powered Stores via FishPig Distribution Server ∗∗∗ --------------------------------------------- For the past several weeks, Magento stores have been injected with malware via a supply chain attack that targeted the FishPig distribution server. --------------------------------------------- https://www.securityweek.com/malware-infects-magento-powered-stores-fishpig-...
∗∗∗ Mail „Energiekosten: Jetzt 475,00 Euro erhalten“ ist Betrug! ∗∗∗ --------------------------------------------- In Zeiten von 150 Euro Energiegutschein oder 500 Euro Klimabonus kann eine E-Mail mit dem Betreff „Energiekosten: Jetzt 475,00 Euro erhalten“ durchaus für echt gehalten werden. Doch Vorsicht: Die Nachricht leitet auf eine Website zum „Lars Meyer Geld-System“ weiter – eine betrügerische Investment-Plattform, auf der Sie nicht investieren dürfen. --------------------------------------------- https://www.watchlist-internet.at/news/mail-energiekosten-jetzt-47500-euro-e...
∗∗∗ CISA Adds Two Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/09/14/cisa-adds-two-know...
===================== = Vulnerabilities = =====================
∗∗∗ Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs ∗∗∗ --------------------------------------------- Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-t...
∗∗∗ IBM Security Bulletins 2022-09-13 ∗∗∗ --------------------------------------------- IBM WebSphere Application Server, IBM SPSS Statistics, IBM Maximo Asset Management, IBM Maximo Manage, IBM App Connect Enterprise, IBM Integration Bus, IBM App Connect Professional. --------------------------------------------- https://www.ibm.com/blogs/psirt/
∗∗∗ Patchday: Angreifer attackieren Windows 7 bis 11 ∗∗∗ --------------------------------------------- Kritische Lücken bedrohen Microsoft Dynamics 365 und Windows. Sicherheitsupdates stehen zur Installation bereit. --------------------------------------------- https://heise.de/-7263140
∗∗∗ Patchday Adobe: Schadcode-Attacken auf InDesign, Photoshop & Co. möglich ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für verschiedene Anwendungen von Adobe. Derzeit sind keine dokumentierten Attacken bekannt. --------------------------------------------- https://heise.de/-7263205
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (open-vm-tools), Debian (freecad and sqlite3), Fedora (qt5-qtwebengine and vim), SUSE (firefox, kernel, libzapojit, perl, postgresql14, and samba), and Ubuntu (dotnet6, dpdk, gdk-pixbuf, rust-regex, and systemd). --------------------------------------------- https://lwn.net/Articles/907983/
∗∗∗ Zero-day in WPGateway Wordpress plugin actively exploited in attacks ∗∗∗ --------------------------------------------- https://www.bleepingcomputer.com/news/security/zero-day-in-wpgateway-wordpre...
∗∗∗ Atlassian Confluence: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1422
∗∗∗ Delta Industrial Automation DIAEnergie ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-256-03
∗∗∗ Kingspan TMS300 CS ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-256-04
∗∗∗ Honeywell SoftMaster ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-256-02
∗∗∗ Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-256-01
∗∗∗ Multi-Vendor BIOS Security Vulnerabilities (September 2022) ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500519-MULTI-VENDOR-BIOS-SECURI...
∗∗∗ Quectel Wireless WAN Driver Command Injection Vulnerability ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500515
∗∗∗ genua genucenter: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1412
∗∗∗ Zoom Video Communications On-Premise: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1420