[CERT-daily] Tageszusammenfassung - 16.12.2022
Daily end-of-shift report
team at cert.at
Fri Dec 16 18:58:48 CET 2022
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 15-12-2022 18:00 − Freitag 16-12-2022 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Phishing attack uses Facebook posts to evade email security ∗∗∗
---------------------------------------------
A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information (PII).
---------------------------------------------
https://www.bleepingcomputer.com/news/security/phishing-attack-uses-facebook-posts-to-evade-email-security/
∗∗∗ Backdoor Targets FreePBX Asterisk Management Portal ∗∗∗
---------------------------------------------
Written in PHP and JavaScript, FreePBX is a web-based open-source GUI that manages Asterisk, a voice over IP and telephony server. This open-source software allows users to build customer phone systems. During a recent investigation, I came across a simple piece of malware targeting FreePBX’s Asterisk Management portal which allowed attackers to arbitrarily add and delete users, as well as modify the website’s .htaccess file. Let’s take a closer look at this backdoor.
---------------------------------------------
https://blog.sucuri.net/2022/12/backdoor-targets-freepbx-asterisk-management-portal.html
∗∗∗ Decentralized Identity Attack Surface – Part 2 ∗∗∗
---------------------------------------------
This is the second part of our Decentralized Identity (DID) blog series. In case you’re not familiar with DID concepts, we highly encourage you to start with the first part. This time we will cover a different DID implementation — Sovrin. We will also see what a critical (CVSS 10) DID vulnerability looks like by reviewing the one we found in this popular implementation.
---------------------------------------------
https://www.cyberark.com/resources/threat-research-blog/decentralized-identity-attack-surface-part-2
∗∗∗ Das Ende vom unsicheren Hash-Algorithmus SHA-1 zieht sich wie Kaugummi ∗∗∗
---------------------------------------------
Das National Institute of Standards and Technology schickt das längst geknackte SHA-1-Verfahren in Rente – endgültig aber erst in acht Jahren.
---------------------------------------------
https://heise.de/-7396973
∗∗∗ Codeschmuggel möglich: Microsoft stuft Sicherheitslücke auf "kritisch" herauf ∗∗∗
---------------------------------------------
Eine Sicherheitslücke, für die Microsoft ein Update bereitgestellt hat, ermöglicht unerwartet Angreifern ohne Anmeldung, Schadcode einzuschleusen.
---------------------------------------------
https://heise.de/-7396879
∗∗∗ The Data Protection Officer, an ubiquitous role nobody really knows. (arXiv:2212.07712v1 [cs.CR]) ∗∗∗
---------------------------------------------
Among all cybersecurity and privacy workers, the Data Protection Officer (DPO) stands between those auditing a company's compliance and those acting as management advisors. A person that must be somehow versed in legal, management, and cybersecurity technical skills. We describe how this role tackles socio-technical risks in everyday scenarios.
---------------------------------------------
http://arxiv.org/abs/2212.07712
∗∗∗ FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food ∗∗∗
---------------------------------------------
The joint CSA analyzes the common tactics, techniques, and procedures (TTPs) utilized by criminal actors to spoof emails and domains to impersonate legitimate employees and order goods that went unpaid and were possibly resold at devalued prices with labeling that lacked industry standard “need-to-knows” (i.e., necessary information about ingredients, allergens, or expiration dates).
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/12/16/fbi-fda-oci-and-usda-release-joint-cybersecurity-advisory
∗∗∗ Agenda Ransomware Uses Rust to Target More Vital Industries ∗∗∗
---------------------------------------------
This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agendas Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works.
---------------------------------------------
https://www.trendmicro.com/en_us/research/22/l/agenda-ransomware-uses-rust-to-target-more-vital-industries.html
=====================
= Vulnerabilities =
=====================
∗∗∗ VMSA-2022-0034 ∗∗∗
---------------------------------------------
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0034.html
*** Cisco Security Advisories 2022-12-16 ***
---------------------------------------------
Cisco has updated 18 security advisories: (4x Critical, 11x High, 3x Medium)
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&lastPublishedStartDate=2022%2F12%2F15&lastPublishedEndDate=2022%2F12%2F15
*** Vulnerabilities in Autodesk Image Processing component used by Autodesk products II ***
---------------------------------------------
Applications and services that utilize Image Processing component used by Autodesk products may be impacted by Out-of-bound Read, Heap-based Overflow, Out-of-bound Write, Memory corruption, and Use-after-free vulnerabilities.
---------------------------------------------
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0025
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, libde265, php7.3, and thunderbird), Fedora (firefox, freeradius, freerdp, and xorg-x11-server), Oracle (firefox, prometheus-jmx-exporter, and thunderbird), Red Hat (firefox, nodejs:16, prometheus-jmx-exporter, and thunderbird), and SUSE (ceph and chromium).
---------------------------------------------
https://lwn.net/Articles/918047/
∗∗∗ Samba Releases Security Updates ∗∗∗
---------------------------------------------
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/12/16/samba-releases-security-updates
∗∗∗ Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT) ∗∗∗
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/remote-code-execution-bypass-eclipse-business-intelligence-reporting-birt/
∗∗∗ IBM Security Guardium is affected by the following vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848317
∗∗∗ Multiple Vulnerabilities in base image packages affect IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848319
∗∗∗ Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848279
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list