[CERT-daily] Tageszusammenfassung - 23.08.2022
Daily end-of-shift report
team at cert.at
Tue Aug 23 18:48:17 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Montag 22-08-2022 18:00 − Dienstag 23-08-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Internet-Kernprotokoll: Das Transmission Control Protocol erhält Update ∗∗∗
---------------------------------------------
TCP ist der Motor des Internet. Mit einem gerade aktualisierten RFC bekommt er eine Generalüberholung. Aber kann er sich gegen neue Konkurrenz behaupten?
---------------------------------------------
https://heise.de/-7239713
∗∗∗ Cyber-Attacken: CISA warnt vor Angriffen auf neu entdeckte Sicherheitslücken ∗∗∗
---------------------------------------------
Die US-Cybersicherheitsbehörde CISA warnt vor einigen erst seit Kurzem bekannten Sicherheitslücken. Cyberkriminelle greifen diese bereits aktiv an.
---------------------------------------------
https://heise.de/-7240372
∗∗∗ Whos Looking at Your security.txt File? ∗∗∗
---------------------------------------------
In April 2022, the RFC related to the small file “security.txt” was released. It was already popular for a while, but an RFC is always a good way to “promote” some best practices! If you're unaware of this file, it helps to communicate security contacts (email addresses, phone, ...) to people who would like to contact you to report an issue with your website or your organization.
---------------------------------------------
https://isc.sans.edu/diary/rss/28972
∗∗∗ Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts ∗∗∗
---------------------------------------------
Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps.
---------------------------------------------
https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html
∗∗∗ New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data ∗∗∗
---------------------------------------------
A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves.
---------------------------------------------
https://thehackernews.com/2022/08/new-air-gap-attack-uses-mems-gyroscope.html
∗∗∗ If you havent patched Zimbra holes by now, assume youre toast ∗∗∗
---------------------------------------------
Heres how to detect an intrusion via vulnerable email systems Organizations that didnt immediately patch their Zimbra email systems should assume miscreants have already found and exploited the bugs, and should start hunting for malicious activity across IT networks, according to Uncle Sam.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2022/08/23/cisa_zimbra_signatures/
∗∗∗ Ransomware Gang Leaks Data Allegedly Stolen From Greek Gas Supplier ∗∗∗
---------------------------------------------
The cybergang behind the Ragnar Locker ransomware has published more than 360 gigabytes of data allegedly stolen from Greece’s largest natural gas supplier Desfa.Established in 2007 as a subsidiary of Depa (Public Gas Corporation of Greece), Desfa operates both the country’s natural gas transmission system and its gas distribution networks.
---------------------------------------------
https://www.securityweek.com/ransomware-gang-leaks-data-allegedly-stolen-greek-gas-supplier
∗∗∗ Online-Marktplatz: Vorsicht, wenn Käufer:innen Links zu Kurierdiensten und Zahlungsplattformen schicken ∗∗∗
---------------------------------------------
Sie verkaufen über willhaben, laendleanzeiger.at, shpock und Co? Nehmen Sie sich vor betrügerischen Käufer:innen in Acht.
---------------------------------------------
https://www.watchlist-internet.at/news/online-marktplatz-vorsicht-wenn-kaeuferinnen-links-zu-kurierdiensten-und-zahlungsplattformen-schic/
∗∗∗ The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware ∗∗∗
---------------------------------------------
Threat actors have been searching for another opportunity – and found one. It's called data exfiltration, or exfil, a type of espionage causing headaches at organizations worldwide. Let's take a look.
---------------------------------------------
https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html
=====================
= Vulnerabilities =
=====================
∗∗∗ GitLab Critical Security Release: 15.3.1, 15.2.3, 15.1.5 ∗∗∗
---------------------------------------------
Today we are releasing versions 15.3.1, 15.2.3, 15.1.5 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version.
---------------------------------------------
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
∗∗∗ SECURITY BULLETIN AVEVA-2022-005 ∗∗∗
---------------------------------------------
Multiple vulnerabilities in AVEVA Edge (formerly known as InduSoft Web Studio). Rating: High
---------------------------------------------
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf
∗∗∗ [CVE-2020-2733] JD Edwards EnterpriseOne Tools admin password not adequately protected ∗∗∗
---------------------------------------------
JD Edwards EnterpriseOne Tools 9.2 or lower versions allow unauthenticated attackers to bypass the authentication and get Administrator rights on the system.
---------------------------------------------
https://redrays.io/cve-2020-2733-jd-edwards/
∗∗∗ Einbruchsgefahr: Über 80.000 Hikvision-Kameras verwundbar ∗∗∗
---------------------------------------------
Hikvision hat zwar Updates für die Kameras veröffentlicht, mehr als 2300 Firmen ignorieren diese jedoch. Angreifer könnten dadurch in deren Netze einbrechen.
---------------------------------------------
https://heise.de/-7239986
∗∗∗ Firefox 104: Verbesserungen am PDF-Viewer und Stromverbrauch-Profiler ∗∗∗
---------------------------------------------
Die neue Version von Firefox bringt neben sechs gefixten Sicherheitslücken auch Re-Snapping sowie die Möglichkeit, im PDF-Viewer zu unterschreiben.
---------------------------------------------
https://heise.de/-7240408
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Oracle (kernel and kernel-container), SUSE (bluez, gimp, rubygem-rails-html-sanitizer, systemd-presets-common-SUSE, and u-boot), and Ubuntu (libxslt).
---------------------------------------------
https://lwn.net/Articles/905730/
∗∗∗ Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-sannav-software-used-by-ibm-b-type-san-directors-and-switches-5/
∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified in dojo library shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2019-10785, CVE-2020-5259, CVE-2020-4051, CVE-2018-15494, CVE-2021-23450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-dojo-library-shipped-with-ibm-security-guardium-key-lifecycle-manager-sklm-gklm-cve-2019-10785-cve-2020-5259-cve-2020/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2021-22931) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-verify-governance-in-response-to-a-security-vulnerability-cve-2021-22931-2/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2022-21824) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-verify-governance-in-response-to-a-security-vulnerability-cve-2022-21824-2/
∗∗∗ Security Bulletin: IBM Security Verify Governance is vulnerable to multiple security issues due to Node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-multiple-security-issues-due-to-node-js-2/
∗∗∗ Security Bulletin: IBM MQ is vulnerable to issues with libcurl (CVE-2022-27780, CVE-2022-30115) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-issues-with-libcurl-cve-2022-27780-cve-2022-30115/
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to Google Gson (CVE-2022-25647) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-is-vulnerable-to-denial-of-service-due-to-google-gson-cve-2022-25647/
∗∗∗ Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104-2/
∗∗∗ Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Apache Commons Compress ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-vulnerable-to-multiple-vulnerabilities-due-to-apache-commons-compress/
∗∗∗ D-LINK Router: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1151
∗∗∗ Trellix Data Loss Prevention: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1149
∗∗∗ xpdf: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1144
∗∗∗ PowerDNS: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1152
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list