[CERT-daily] Tageszusammenfassung - 04.11.2022

Daily end-of-shift report team at cert.at
Fri Nov 4 18:28:17 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 03-11-2022 18:00 − Freitag 04-11-2022 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ WLAN-Sicherheitslücke: Für Spezialdrohnen sind Wände wie Glas ∗∗∗
---------------------------------------------
Kanadische Forscher haben eine Funktion entdeckt, die es Angreifern ermöglicht, durch Wände zu sehen - trotz Passwortschutz.
---------------------------------------------
https://www.golem.de/news/wlan-sicherheitsluecke-fuer-eine-spezialdrohne-sind-massive-waende-wie-glas-2211-169475.html


∗∗∗ A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain ∗∗∗
---------------------------------------------
Note: The three vulnerabilities discussed in this blog were all fixed in Samsung’s March 2021 release. They were fixed as CVE-2021-25337, CVE-2021-25369, CVE-2021-25370. To ensure your Samsung device is up-to-date under settings you can check that your device is running SMR Mar-2021 or later. As defenders, in-the-wild exploit samples give us important insight into what attackers are really doing. We get the “ground truth” data about the vulnerabilities and exploit techniques they’re using, which then informs our further research and guidance to security teams on what could have the biggest impact or return on investment. To do this, we need to know that the vulnerabilities and exploit samples were found in-the-wild.
---------------------------------------------
https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html


∗∗∗ What Is Cross-Origin Resource Sharing (CORS)? ∗∗∗
---------------------------------------------
Thanks to the rapid growth of JavaScript frameworks like Angular, React, and Vue, Cross-Origin Resource Sharing (CORS) has become a popular word in the developer’s vocabulary — and for good reason. It’s common practice for modern web applications to load resources from multiple domains. But accessing these website resources from different origins requires a thorough understanding of CORS. In this post, we’ll take a look at what CORS is and why proper implementation is an important component of building secure websites and applications. We’ll also examine some common examples of how to use CORS, dive into preflight requests, and discuss how to protect your website against attacks.
---------------------------------------------
https://blog.sucuri.net/2022/11/what-is-cross-origin-resource-sharing-cors.html


∗∗∗ Multi-factor auth fatigue is real – and its why you may be in the headlines next ∗∗∗
---------------------------------------------
Overwhelmed by waves of push notifications, worn-down users inadvertently let the bad guys in 
Analysis 
The September cyberattack on ride-hailing service Uber began when a criminal bought the stolen credentials of a company contractor on the dark web.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2022/11/03/mfa_fatigue_enterprise_threat/


∗∗∗ Inside the V1 Raccoon Stealer’s Den ∗∗∗
---------------------------------------------
Team Cymru’s S2 Research Team has blogged previously on the initial Raccoon stealer command and control methodology (Raccoon Stealer - An Insight into Victim “Gates”), which utilized “gate” IP addresses to proxy victim traffic / data to static threat actor-controlled infrastructure. Since the publication of our previous blog, the following timeline of events has occurred: [...]
---------------------------------------------
https://www.team-cymru.com/post/inside-the-v1-raccoon-stealer-s-den


∗∗∗ Cisco-Sicherheitsupdates: Angreifer könnten durch Lücken in Netzwerke eindringen ∗∗∗
---------------------------------------------
Die Softwareentwickler von Cisco haben unter anderem in Identity Services Engine und Email Security Appliance Schwachstellen geschlossen.
---------------------------------------------
https://heise.de/-7329978


∗∗∗ UK-Cybersicherheitsbehörde startet landesweites Schwachstellen-Scanning ∗∗∗
---------------------------------------------
Die IT-Sicherheitsbehörde des Vereinigten Königreichs startet einen Schwachstellen-Scanner-Dienst. Der untersucht alle Systeme des Landes auf Sicherheitslücken.
---------------------------------------------
https://heise.de/-7330532


∗∗∗ Apple Rolls Out Xcode Update Patching Git Vulnerabilities ∗∗∗
---------------------------------------------
Apple this week announced a security update for the Xcode macOS development environment, to resolve three Git vulnerabilities, including one leading to arbitrary code execution.
---------------------------------------------
https://www.securityweek.com/apple-rolls-out-xcode-update-patching-git-vulnerabilities



=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins 2022-11-03 ∗∗∗
---------------------------------------------
IBM App Connect Enterprise Certified Container, IBM InfoSphere Information server, IBM Operations Analytics - Log Analysis, IBM Security Verify Governance, IBM WebSphere Application Server Liberty
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Patchday: Big-Data-Spezialist Splunk dichtet zwölf Schwachstellen ab ∗∗∗
---------------------------------------------
Der Big-Data-Experte Splunk aktualisiert die gleichnamige Software Splunk Enterprise und Cloud. Nach den Updates klaffen darin zwölf Schwachstellen weniger.
---------------------------------------------
https://heise.de/-7329933


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (pypy3), Fedora (drupal7, git, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and php), Oracle (kernel, lua, openssl, pcs, php-pear, pki-core, python3.9, and zlib), Red Hat (kernel, kernel-rt, kpatch-patch, lua, openssl-container, pcs, php-pear, pki-core, python3.9, and zlib), Scientific Linux (kernel, pcs, and php-pear), SUSE (EternalTerminal, hsqldb, ntfs-3g_ntfsprogs, privoxy, rubygem-actionview-4_2, sqlite3, and xorg-x11-server), and Ubuntu [...]
---------------------------------------------
https://lwn.net/Articles/913771/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (clickhouse, distro-info-data, and ntfs-3g), Fedora (firefox), Oracle (kernel), Slackware (mozilla), and SUSE (python-Flask-Security-Too).
---------------------------------------------
https://lwn.net/Articles/913849/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010 ∗∗∗
---------------------------------------------
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2022-32888  Versions affected: WebKitGTK and WPE WebKit before 2.38.0. Credit to P1umer (@p1umer). Impact: Processing maliciously crafted web content may lead toarbitrary code execution.
---------------------------------------------
https://webkitgtk.org/security/WSA-2022-0010.html


∗∗∗ CVE Report Published for Spring Tools ∗∗∗
---------------------------------------------
We have released STS 4.16.1 for Eclipse and Spring VSCode extensions 1.40.0 to address the following CVE report: - CVE-2022-31691: Remote Code Execution via YAML editors in STS4 extensions for Eclipse and VSCode 
Please review the information in the CVE report and upgrade immediately.
---------------------------------------------
https://spring.io/blog/2022/11/03/cve-report-published-for-spring-tools

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list