[CERT-daily] Tageszusammenfassung - 15.12.2022
Daily end-of-shift report
team at cert.at
Thu Dec 15 18:30:15 CET 2022
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 14-12-2022 18:00 − Donnerstag 15-12-2022 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ LEGO BrickLink bugs let hackers hijack accounts, breach servers ∗∗∗
---------------------------------------------
Security analysts have discovered two API security vulnerabilities in BrickLink.com, LEGO Groups official second-hand and vintage marketplace for LEGO bricks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lego-bricklink-bugs-let-hackers-hijack-accounts-breach-servers/
∗∗∗ Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems ∗∗∗
---------------------------------------------
Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments.
---------------------------------------------
https://thehackernews.com/2022/12/hacking-using-svg-files-to-smuggle-qbot.html
∗∗∗ Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability ∗∗∗
---------------------------------------------
Dirty Pipe (CVE-2022-0847) proved that there is a new way to exploit Linux syscalls to write to files with a read-only privileges.
---------------------------------------------
https://blog.aquasec.com/deep-analysis-of-the-dirty-pipe-vulnerability
∗∗∗ Digging Inside Azure Functions: HyperV Is the Last Line of Defense ∗∗∗
---------------------------------------------
We investigated Azures serverless architecture and found that a HyperV VM was the remaining defense after a container breakout.
---------------------------------------------
https://unit42.paloaltonetworks.com/azure-serverless-functions-security/
∗∗∗ Patch Tuesday: (zur Abwechslung) Augen auf! ∗∗∗
---------------------------------------------
Manchmal gelangen wir die verzwickte Lage, dass sich in den Patchnotes Updates für Schwachstellen verbergen, aufgrund derer wir zwar keine Warnung veröffentlichen, aber auf die wir dennoch explizit hinweisen wollen. Diesen Monat ist es wieder einmal soweit.
---------------------------------------------
https://cert.at/de/blog/2022/12/patch-tuesday-zur-abwechslung-augen-auf
∗∗∗ Windows Server 2019/2022: Dezember 2022-Sicherheitsupdates verursachen Hyper-V-Probleme ∗∗∗
---------------------------------------------
Die zum Dezember 2022 Patchday von Microsoft ausgerollten Sicherheitsupdates führen in bestimmten Konstellationen zum Problemen mit Hyper-V.
---------------------------------------------
https://www.borncity.com/blog/2022/12/15/windows-server-2019-2022-dezember-2022-sicherheitsupdates-verursachen-hyper-v-probleme/
∗∗∗ Microsoft-Zertifikate zur Signatur von Malware missbraucht (Dez. 2022) ∗∗∗
---------------------------------------------
Sicherheitsforscher sind auf Fälle gestoßen, wo es Cyberkriminellen gelungen ist, Malware durch gültige digitale Zertifikate von Microsoft zu signieren.
---------------------------------------------
https://www.borncity.com/blog/2022/12/15/microsoft-zertifikate-zur-signatur-von-malware-missbraucht-dez-2022/
=====================
= Vulnerabilities =
=====================
∗∗∗ Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as Critical ∗∗∗
---------------------------------------------
Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution.
---------------------------------------------
https://thehackernews.com/2022/12/microsoft-reclassifies-spnego-extended.html
∗∗∗ Typo3: Neue Fassungen schließen hochriskante Sicherheitslücke ∗∗∗
---------------------------------------------
Angreifer könnten in Typo3 etwa eigenen PHP-Code einschleusen. Mit neuen Versionen schließen die Entwickler diese und weitere Sicherheitslücken.
---------------------------------------------
https://heise.de/-7395790
∗∗∗ Microsoft Patch Tuesday, December 2022 Edition ∗∗∗
---------------------------------------------
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software.
---------------------------------------------
https://krebsonsecurity.com/2022/12/microsoft-patch-tuesday-december-2022-edition/
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and git), Slackware (mozilla and xorg), SUSE (apache2-mod_wsgi, capnproto, xorg-x11-server, xwayland, and zabbix), and Ubuntu (emacs24, firefox, linux-azure, linux-azure-5.15, linux-azure-fde, linux-oem-6.0, and xorg-server, xorg-server-hwe-18.04, xwayland).
---------------------------------------------
https://lwn.net/Articles/917947/
∗∗∗ Der unsichtbare Feind: Buffer Overflow Schwachstellen in Zyxel Routern nach wie vor problematisch ∗∗∗
---------------------------------------------
https://sec-consult.com/de/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
∗∗∗ Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/12/15/drupal-releases-security-updates-address-vulnerabilities-h5p-and
∗∗∗ [R1] Tenable.ad Versions 3.29.4, 3.19.12 and 3.11.9 Fix One Vulnerability ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2022-27
∗∗∗ Multiple Vulnerabilities in CloudPak for Watson AIOPs ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848189
∗∗∗ Multiple Vulnerabilities in CloudPak for Watson AIOPs ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848195
∗∗∗ Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848221
∗∗∗ Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848225
∗∗∗ A vulnerability in Python affects IBM Elastic Storage System (CVE-2022-0391) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848229
∗∗∗ IBM Spectrum Control is vulnerable to multiple weaknesses related to Node [CVE-2022-39353] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848213
∗∗∗ Vulnerabilities in IBM Java SDK affect IBM Spectrum Control ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847605
∗∗∗ IBM Spectrum Control is vulnerable to multiple weaknesses related IBM WebSphere Application Server Liberty and FasterXML jackson-databind ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847541
∗∗∗ Security vulnerability is addressed with IBM Cloud Pak for Business Automation iFixes for November 2022 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848295
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list