[CERT-daily] Tageszusammenfassung - 08.11.2022

Tue Nov 8 18:13:03 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 07-11-2022 18:00 − Dienstag 08-11-2022 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ How to mimic Kerberos protocol transition using reflective RBCD ∗∗∗
---------------------------------------------
We know that a delegation is dangerous if an account allows delegating third-party user authentication to a privileged resource. In the case of constrained delegation, all it takes is to find a privileged account in one of the SPN (Service Principal Name) set in the msDS-AllowedToDelegateTo attribute of a compromised service account.
---------------------------------------------
https://medium.com/tenable-techblog/how-to-mimic-kerberos-protocol-transition-using-reflective-rbcd-a4984bb7c4cb


∗∗∗ Azov-Malware zerstört Dateien in 666-Byte-Schritten ∗∗∗
---------------------------------------------
Der Windows-Schädling Azov ist ein Wiper und vernichtet Dateien unwiderruflich. Sicherheitsforscher beobachten ein erhöhtes Aufkommen.
---------------------------------------------
https://heise.de/-7333231


∗∗∗ Open Bug Bounty: Eine Million Sicherheitslücken im Web behoben ∗∗∗
---------------------------------------------
Eine offene Plattform für das Offenlegen von Sicherheitslücken im Web hat einen Meilenstein erreicht. Open Bug Bounty verzeichnet über 1,3 Mio. Entdeckungen.
---------------------------------------------
https://heise.de/-7333872


∗∗∗ Achtung Fake-Shop: marktstores.com gibt sich als Media Markt aus ∗∗∗
---------------------------------------------
Die Playstation 5 ist momentan überall ausverkauft. Vorsicht, wenn Sie im Internet dennoch einen Anbieter finden, der sie angeblich liefern kann. Dieser könnte sich als Fake-Shop herausstellen.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-fake-shop-marktstorescom-gibt-sich-als-media-markt-aus/


∗∗∗ LockBit 3.0 Being Distributed via Amadey Bot ∗∗∗
---------------------------------------------
The ASEC analysis team has confirmed that attackers are using Amadey Bot to install LockBit. Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker.
---------------------------------------------
https://asec.ahnlab.com/en/41450/


∗∗∗ Prepare, respond & recover: Battling complex Cybersecurity threats with fundamentals ∗∗∗
---------------------------------------------
The cybersecurity industry has seen a lot of recent trends. For example, the proliferation of multifactor authentication (MFA) to fight against credential harvesting is a common thread.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/prepare-respond-recover-battling-complex-cybersecurity-threats-with-fundamentals


∗∗∗ Cracking 2.3M Attackers-Supplied Credentials: What Can We Learn from RDP Attacks ∗∗∗
---------------------------------------------
To study credentials attacks on RDP, we operate high-interaction honeypots on the Internet. We analyzed over 2.3 million connections that supplied hashed credentials and attempted to crack them.
---------------------------------------------
https://www.gosecure.net/blog/2022/11/08/cracking-2-3m-attackers-supplied-credentials-what-can-we-learn-from-rdp-attacks/


∗∗∗ DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework ∗∗∗
---------------------------------------------
This report provides defenders and security operations center teams with the technical details they need to know should they encounter the DeimosC2 C&C framework.
---------------------------------------------
https://www.trendmicro.com/en_us/research/22/k/deimosc2-what-soc-analysts-and-incident-responders-need-to-know.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins 2022-11-07 ∗∗∗
---------------------------------------------
IBM Tivoli Monitoring, IBM App Connect Enterprise Certified Container, IBM Operations Analytics - Log Analysis
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Siemens Security Advisories 2022-11-08 ∗∗∗
---------------------------------------------
Siemens released 9 new and 8 updated Advisories. (CVSS Scores 5.3-9.9)
---------------------------------------------
https://new.siemens.com/global/en/products/services/cert.html?d=2022-11#SecurityPublications


∗∗∗ Patchday: Angreifer könnten Android-Geräte über Attacken lahmlegen ∗∗∗
---------------------------------------------
Google hat wichtige Sicherheitsupdates für Android 10 bis 13 veröffentlicht. Einige andere Hersteller bieten ebenfalls Patches an.
---------------------------------------------
https://heise.de/-7333334


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (pixman and sudo), Fedora (mingw-binutils and mingw-gdb), Red Hat (bind, bind9.16, container-tools:3.0, container-tools:4.0, container-tools:rhel8, dnsmasq, dotnet7.0, dovecot, e2fsprogs, flatpak-builder, freetype, fribidi, gdisk, grafana, grafana-pcp, gstreamer1-plugins-good, httpd:2.4, kernel, kernel-rt, libldb, libreoffice, libtiff, libxml2, mingw-expat, mingw-zlib, mutt, nodejs:14, nodejs:18, openblas, openjpeg2, osbuild, pcs, php:7.4, php:8.0, [...]
---------------------------------------------
https://lwn.net/Articles/914119/


∗∗∗ ICS Patch Tuesday: Siemens Addresses Critical Vulnerabilities ∗∗∗
---------------------------------------------
Siemens and Schneider Electric have released their Patch Tuesday advisories for November 2022. Siemens has released nine new security advisories covering a total of 30 vulnerabilities, but Schneider has only published one new advisory.
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-critical-vulnerabilities


∗∗∗ Varnish HTTP/2 Request Forgery ∗∗∗
---------------------------------------------
https://docs.varnish-software.com/security/VSV00011/


∗∗∗ Open Source Varnish Request Smuggling ∗∗∗
---------------------------------------------
https://docs.varnish-software.com/security/VSV00010/


∗∗∗ PHOENIX CONTACT: Automationworx BCP File Parsing Vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-048/


∗∗∗ Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516


∗∗∗ McAfee Total Protection: Update fixt Schwachstelle CVE-2022-43751 ∗∗∗
---------------------------------------------
https://www.borncity.com/blog/2022/11/08/mcafee-total-protection-update-fixt-schwachstelle-cve-2022-43751/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily