[CERT-daily] Tageszusammenfassung - 07.11.2022
Daily end-of-shift report
team at cert.at
Mon Nov 7 18:10:44 CET 2022
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 04-11-2022 18:00 − Montag 07-11-2022 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Windows Malware with VHD Extension, (Sat, Nov 5th) ∗∗∗
---------------------------------------------
Windows 10 supports various virtual drives natively and can recognize and use ISO, VHD and VHDX files. The file included as an attachment with this email, when extracted appears in the email as a PDF but is is in fact a VHD file.
---------------------------------------------
https://isc.sans.edu/diary/rss/29222
∗∗∗ IPv4 Address Representations, (Sun, Nov 6th) ∗∗∗
---------------------------------------------
A reader asked for help with this maldoc. Not with the analysis itself, but how to understand where the URL is pointing to.
---------------------------------------------
https://isc.sans.edu/diary/rss/29224
∗∗∗ Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data ∗∗∗
---------------------------------------------
Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein, said in a report published on November 2, 2022.
---------------------------------------------
https://thehackernews.com/2022/11/experts-find-urlscan-security-scanner.html
∗∗∗ AWS Organizations Defaults ∗∗∗
---------------------------------------------
[...] These things combined mean that, should an attacker compromise the management account, the default behavior of AWS Organizations provides a path to compromise every account in the organization as an administrator. For offensive security professionals, identifying paths into the management account can be an incredibly fruitful exercise, and may result in an entire organization compromise.
---------------------------------------------
https://hackingthe.cloud/aws/general-knowledge/aws_organizations_defaults/
∗∗∗ Kommentar: Angriffe lassen sich nicht vermeiden – übernehmt die Verantwortung! ∗∗∗
---------------------------------------------
Shit happens, ebenso wie Sicherheitsvorfälle. Die Frage kann also nur sein, wie damit umzugehen ist - vorher wie nachher.
---------------------------------------------
https://heise.de/-7328918
∗∗∗ Versteckte Kosten für Kündigungen auf stornierenbei.de ∗∗∗
---------------------------------------------
Wenn Sie einen Vertrag kündigen wollen und dazu über Ihre Suchmaschine recherchieren, stoßen Sie womöglich auf stornierenbei.de. Dort wird eine einfache Kündigung von Verträgen unterschiedlichster Anbieter als Dienstleistung angeboten. Achtung: Statt der Kündigung des angegebenen Vertrages, kommen versteckte Kosten auf Sie zu, die auch eingemahnt werden! Bezahlen Sie nichts. Es besteht kein gültiger Vertrag mit stornierenbei.de.
---------------------------------------------
https://www.watchlist-internet.at/news/versteckte-kosten-fuer-kuendigungen-auf-stornierenbeide/
∗∗∗ BYODC - Bring Your Own Domain Controller ∗∗∗
---------------------------------------------
BYODC or bring your own domain controller is a post-exploitation technique and another option for performing a DCSync in a more opsec safe manner.
---------------------------------------------
https://blog.zsec.uk/byodc-attack/
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins 2022-11-04 ∗∗∗
---------------------------------------------
AIX LPARs in IBM PureData System for Operational Analytics, IBM App Connect Enterprise, IBM MQ, IBM WebSphere Application Server Liberty / CICS Transaction Gateway
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ffmpeg, libxml2, python-django, python-scciclient, and xen), Fedora (ghc-cmark-gfm, java-latest-openjdk, and vim), Mageia (expat, ntfs-3g, and wkhtmltopdf), Oracle (kernel), Slackware (sudo), and SUSE (expat, libxml2, rubygem-loofah, and xmlbeans).
---------------------------------------------
https://lwn.net/Articles/914012/
∗∗∗ Shodan Verified Vulns 2022-11-01 ∗∗∗
---------------------------------------------
Mit Stand 2022-11-01 sieht Shodan in Österreich die folgenden Schwachstellen: [...]
---------------------------------------------
https://cert.at/de/aktuelles/2022/11/shodan-verified-vulns-2022-11-01
∗∗∗ Nov 3 2022 Security Releases ∗∗∗
---------------------------------------------
(Update 04-November-2022) Security releases available
Updates are now available for v14,x, v16.x, v18.x and v19.x Node.jsrelease lines for the following issues. [...]
---------------------------------------------
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases
∗∗∗ WebKit HTMLSelectElement Use-After-Free ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2022110007
∗∗∗ TRUMPF: Multiple products prone to X.Org server vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-049/
∗∗∗ Wiesemann &Theis: Multiple Vulnerabilities in the Com-Server Family ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-043/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list