[CERT-daily] Tageszusammenfassung - 21.07.2022
Daily end-of-shift report
team at cert.at
Thu Jul 21 18:54:57 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 20-07-2022 18:00 − Donnerstag 21-07-2022 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Apple Patches Everything Day, (Wed, Jul 20th) ∗∗∗
---------------------------------------------
Apple today released its usual "surprise patch day" in updating all of its operating systems. There may still be specific Safari updates, but for currently supported operating systems, the operating system upgrades should include respective Safari/WebKit fixes.
---------------------------------------------
https://isc.sans.edu/diary/rss/28862
∗∗∗ New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems ∗∗∗
---------------------------------------------
A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems.
---------------------------------------------
https://thehackernews.com/2022/07/new-linux-malware-framework-let.html
∗∗∗ Outlook email users alerted to suspicious activity from Microsoft-owned IP address ∗∗∗
---------------------------------------------
People turn amateur sleuths to discover that the source of all those sign-ins seems to be in Redmond Strange things are afoot in the world of Microsoft email with multiple users reporting unusual sign-in notifications for their Outlook accounts.
---------------------------------------------
https://www.theregister.com/2022/07/21/outlook_sign_ins/
∗∗∗ [CVE-2022-34918] A crack in the Linux firewall ∗∗∗
---------------------------------------------
In our previous article Yet another bug into Netfilter, I presented a vulnerability found within the netfilter subsystem of the Linux kernel. During my investigation, I found a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22.04.
---------------------------------------------
https://www.randorisec.fr/crack-linux-firewall/
∗∗∗ Gitlab Project Import RCE Analysis (CVE-2022-2185) ∗∗∗
---------------------------------------------
At the beginning of this month, GitLab released a security patch for versions 14->15. Interestingly in the advisory, there was a mention of a post-auth RCE bug with CVSS 9.9. The bug exists in GitLab’s Project Imports feature, which was found by @vakzz. Incidentally, when I rummaged in the author’s h1 profile. I discovered that four months ago, he also found a bug in the import project feature.
---------------------------------------------
https://starlabs.sg/blog/2022/07-gitlab-project-import-rce-analysis-cve-2022-2185/
∗∗∗ Cybercrime: Industriesteuerungen im Visier ∗∗∗
---------------------------------------------
Ein Passwort-Cracker mit Trojaner an Bord liefert Passwörter für programmierbare Industrie-Steuersysteme frei Haus und wirft damit eine wichtige Frage auf.
---------------------------------------------
https://heise.de/-7185890
∗∗∗ Vorsicht vor Shops mit Abo-Fallen ∗∗∗
---------------------------------------------
Sie suchen nach einem Produkt online – sei es Make-Up, Sportkleidung oder Tiernahrung. Plötzlich stoßen Sie auf ein gutes Angebot und das Produkt ist sogar 60 % billiger, wenn Sie VIP-Mitglied werden. Doch im Kleingedruckten steht: Mit diesem Einkauf schließen Sie eine automatische Clubmitgliedschaft und ein teures Abo ab. Vorsicht vor diesen unseriösen Abo-Fallen!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-shops-mit-abo-fallen/
∗∗∗ Shodan Verified Vulns 2022-07-01 ∗∗∗
---------------------------------------------
Mit Stand 2022-07-01 sieht Shodan in Österreich die folgenden Schwachstellen: Verglichen mit Juni 2022 ist durch die Bank ein leichter Abwärtstrend zu erkennen (insgesamt von 9355 auf 8987 verifizierte Schwachstellen). Spitzenreiter sind noch immer CVE-2015-0204 (SSL FREAK, 4090) und CVE-2015-4000 (Logjam, 3193). Davor schon relativ gering vertreten (35), jedoch auffällig gesunken ist die Schwachstelle CVE-2021-43798 (Grafana Path Traversal Vulnerability, -80%). Ausreißer nach oben oder Neuzugänge gibt es nicht.
---------------------------------------------
https://cert.at/de/aktuelles/2022/7/shodan-verified-vulns-2022-07-01
=====================
= Vulnerabilities =
=====================
∗∗∗ Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability ∗∗∗
---------------------------------------------
Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username "disabledsystemuser."
---------------------------------------------
https://thehackernews.com/2022/07/atlassian-releases-patch-for-critical.html
∗∗∗ Schadcode-Attacken mit Root-Rechten auf Cisco Nexus Dashboard möglich ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für Hard- und Software vom Netzwerkausrüster Cisco.
---------------------------------------------
https://heise.de/-7185582
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Mageia (kernel and kernel-linus), SUSE (dovecot23), and Ubuntu (freetype, libxml-security-java, and linux-oem-5.17).
---------------------------------------------
https://lwn.net/Articles/902011/
∗∗∗ Request Tracker: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Request Tracker ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder Sicherheitsmaßnahmen zu umgehen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0788
∗∗∗ Security Bulletin: IBM Tivoli Network Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2019-1757) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-network-manager-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2019-1757/
∗∗∗ Security Bulletin: Security Vulnerabilities have been fixed in IBM Security Access Manager appliance (CVE-2022-24407, CVE-2020-25709, CVE-2020-25710) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-appliance-cve-2022-24407-cve-2020-25709-cve-2020-25710/
∗∗∗ Security Bulletin: IBM Security Verify Information Queue uses an Oracle JDBC jar with multiple vulnerabilities (CVE-2019-2444, CVE-2019-2619, CVE-2017-10321, CVE-2017-10202) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-an-oracle-jdbc-jar-with-multiple-vulnerabilities-cve-2019-2444-cve-2019-2619-cve-2017-10321-cve-2017-10202/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Security Verify Information Queue connect image (CVE-2020-9493, CVE-2022-23307) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-security-verify-information-queue-connect-image-cve-2020-9493-cve-2022-23307/
∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/
∗∗∗ Security Bulletin: IBM Security Verify Information Queue uses a Wire Schema jar with multiple vulnerabilities (CVE-2020-27853, CVE-2021-41093) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-wire-schema-jar-with-multiple-vulnerabilities-cve-2020-27853-cve-2021-41093/
∗∗∗ Security Bulletin: IBM Security Verify Information Queue uses a Google gRPC framework with multiple vulnerabilities (CVE-2017-7860, CVE-2017-7861, CVE-2017-9431) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-google-grpc-framework-with-multiple-vulnerabilities-cve-2017-7860-cve-2017-7861-cve-2017-9431/
∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-8/
∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-38936) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2021-38936/
∗∗∗ Security Bulletin: Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Governance, Identity Manager virtual appliance component ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-governance-identity-manager-virtual-appliance-component/
∗∗∗ Security Bulletin: OpenSSL vulnerabilities in the IBM Security Verify Information Queue web server (CVE-2021-3711, CVE-2021-3712) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-in-the-ibm-security-verify-information-queue-web-server-cve-2021-3711-cve-2021-3712/
∗∗∗ Security Bulletin: Vulnerability in async opensource package affects IBM VM Recovery Manager HA & DR GUI ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-async-opensource-package-affects-ibm-vm-recovery-manager-ha-dr-gui-2/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-23/
∗∗∗ CVE-2022-0778: Sicherheitslücken mit Denial of Service-Potential in OpenSSL ∗∗∗
---------------------------------------------
https://www.sprecher-automation.com/it-sicherheit/security-alerts
∗∗∗ Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2022-015 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2022-015
∗∗∗ Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2022-014
∗∗∗ Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2022-013
*** Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012 ***
---------------------------------------------
https://www.drupal.org/sa-core-2022-012
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list