===================== = End-of-Day report = =====================

Timeframe: Mittwoch 28-12-2022 18:00 − Donnerstag 29-12-2022 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer

===================== = News = =====================

∗∗∗ Google Home speakers allowed hackers to snoop on conversations ∗∗∗ --------------------------------------------- A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed. --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-home-speakers-allowed-...

∗∗∗ WordPress Vulnerability & Patch Roundup December 2022 ∗∗∗ --------------------------------------------- Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. --------------------------------------------- https://blog.sucuri.net/2022/12/wordpress-vulnerability-patch-roundup-decemb...

∗∗∗ The Worst Hacks of 2022 ∗∗∗ --------------------------------------------- The year was marked by sinister new twists on cybersecurity classics, including phishing, breaches, and ransomware attacks. --------------------------------------------- https://www.wired.com/story/worst-hacks-2022/

∗∗∗ New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection ∗∗∗ --------------------------------------------- We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses. --------------------------------------------- https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hij...

∗∗∗ One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware. (arXiv:2212.13716v1 [cs.CR]) ∗∗∗ --------------------------------------------- Currently, the development of IoT firmware heavily depends on third-partycomponents (TPCs) to improve development efficiency. Nevertheless, TPCs are notsecure, and the vulnerabilities in TPCs will influence the security of IoTf irmware. --------------------------------------------- http://arxiv.org/abs/2212.13716

∗∗∗ A survey and analysis of TLS interception mechanisms and motivations. (arXiv:2010.16388v2 [cs.CR] UPDATED) ∗∗∗ --------------------------------------------- TLS is an end-to-end protocol designed to provide confidentiality andintegrity guarantees that improve end-user security and privacy. While TLShelps defend against pervasive surveillance of intercepted unencrypted traffic,it also hinders several common beneficial operations typically performed bymiddleboxes on the network traffic. --------------------------------------------- http://arxiv.org/abs/2010.16388

∗∗∗ HardCIDR – Network CIDR and Range Discovery Tool ∗∗∗ --------------------------------------------- HardCIDR is a Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test. --------------------------------------------- https://www.darknet.org.uk/2022/12/hardcidr-network-cidr-and-range-discovery...

===================== = Vulnerabilities = =====================

∗∗∗ Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting ∗∗∗ --------------------------------------------- The router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5743.php

∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (multipath-tools), Fedora (containerd and trafficserver), Gentoo (libksba and openssh), and SUSE (webkit2gtk3). --------------------------------------------- https://lwn.net/Articles/918715/

∗∗∗ Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers ∗∗∗ --------------------------------------------- Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities. --------------------------------------------- https://www.securityweek.com/several-dos-code-execution-vulnerabilities-foun...

∗∗∗ Ungepatchte Citrix-Server zu Tausenden über kritische Schwachstellen angreifbar ∗∗∗ --------------------------------------------- Citrix hat in den letzten Monaten Sicherheitsupdates für kritische Schwachstellen in Citrix ADC- und Gateway-Produkten freigegeben und entsprechende Sicherheitswarnungen veröffentlicht. --------------------------------------------- https://www.borncity.com/blog/2022/12/29/ungepatchte-citrix-server-zu-tausen...

∗∗∗ (Non-US) DIR-825/EE : H/W Rev. R2 & DIR-825/AC Rev. G1A:: F/W 1.0.9 :: Multiple Vulnerabilities by Trend Micro, the Zero Day Initiative (ZDI) ∗∗∗ --------------------------------------------- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=...

∗∗∗ AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6851445

∗∗∗ IBM Synthetic Playback Agent is vulnerable due to its use of Apache Commons Text [CVE-2022-42889] ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/node/6852105