[CERT-daily] Tageszusammenfassung - 17.11.2022

Daily end-of-shift report team at cert.at
Thu Nov 17 18:11:09 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 16-11-2022 18:00 − Donnerstag 17-11-2022 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Evil Maid Attacks - Remediation for the Cheap, (Wed, Nov 16th) ∗∗∗
---------------------------------------------
The so-called evil maid attack is an attack against hardware devices utilizing hard- and/or software. It is carried out when the hardware is left unattended, e.g., in a hotel room when you're out for breakfast. The attacker manipulates the device in a malicious way.
---------------------------------------------
https://isc.sans.edu/diary/rss/29256


∗∗∗ WASP malware stings Python developers ∗∗∗
---------------------------------------------
Researchers from Phylum and Check Point earlier this month reported seeing new malicious packages on PyPI, a package index for Python developers. Analysts at Checkmarx this week connected the same attacker to both reports and said the operator is still releasing malicious packages.
---------------------------------------------
https://www.theregister.com/2022/11/16/wasp_python_malware_checkmarx/


∗∗∗ Disneyland Malware Team: It’s a Puny World After All ∗∗∗
---------------------------------------------
A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.
---------------------------------------------
https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/


∗∗∗ Onlinebetrug-Simulator: Testen Sie Ihr Wissen zu Betrugsmaschen im Internet ∗∗∗
---------------------------------------------
Um Sie für die Gefahren von Fake-Shops und Phishing-Emails zu sensibilisieren und Sie im Bereich der Cyber-Sicherheit zu schulen, hat die AK Niederösterreich in Kooperation mit der Universität Wien den Onlinebetrug-Simulator ins Leben gerufen.
---------------------------------------------
https://www.watchlist-internet.at/news/onlinebetrug-simulator-testen-sie-ihr-wissen-zu-betrugsmaschen-im-internet/


∗∗∗ Domain Controller gegen Angriffe absichern ∗∗∗
---------------------------------------------
Active Directory ist eine kritische Infrastruktur und sollte als solche behandelt werden. Aber wie sichert man als Administrator seine Domain Controller gegen Angriffe?
---------------------------------------------
https://www.borncity.com/blog/2022/11/17/domain-controller-gegen-angriffe-absichern/


∗∗∗ Get a Loda This: LodaRAT meets new friends ∗∗∗
---------------------------------------------
LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild.
---------------------------------------------
https://blog.talosintelligence.com/get-a-loda-this/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Schadcode-Attacken auf Bitbucket Server und Data Center möglich ∗∗∗
---------------------------------------------
Eine Sicherheitslücke bedroht mehrere Versionen von Atlassians Versionsverwaltungssoftware.
---------------------------------------------
https://heise.de/-7343226


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and thunderbird), Fedora (expat, xen, and xorg-x11-server), Oracle (kernel, kernel-container, qemu, xorg-x11-server, and zlib), Scientific Linux (xorg-x11-server), Slackware (firefox, krb5, samba, and thunderbird), SUSE (ant, apache2-mod_wsgi, jsoup, rubygem-nokogiri, samba, and tomcat), and Ubuntu (firefox and linux, linux-aws, linux-aws-hwe, linux-dell300x, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon).
---------------------------------------------
https://lwn.net/Articles/915245/


∗∗∗ Samba Releases Security Updates ∗∗∗
---------------------------------------------
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/11/16/samba-releases-security-updates


∗∗∗ Security Bulletin: IBM Partner Engagement Manager is vulnerable to sensitive data exposure (CVE-2022-34354) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-partner-engagement-manager-is-vulnerable-to-sensitive-data-exposure-cve-2022-34354/


∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by a vulnerability [CVE-2022-31129] ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-a-vulnerability-cve-2022-31129-2/


∗∗∗ Security Bulletin: CVE-2022-3676 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2022-3676-may-affect-ibm-sdk-java-technology-edition/


∗∗∗ Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow – CVE-2022-38390 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-cve-2022-38390/


∗∗∗ Security Bulletin: IBM InfoSphere DataStage is vulnerable to a command injection vulnerability [CVE-2022-40752] ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-datastage-is-vulnerable-to-a-command-injection-vulnerability-cve-2022-40752-3/


∗∗∗ Security Bulletin: Tivoli Business Service Manager is vulnerable to cross-site scripting due to improper validation in Angular (CVE-2022-25869) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-tivoli-business-service-manager-is-vulnerable-to-cross-site-scripting-due-to-improper-validation-in-angular-cve-2022-25869/


∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2022-35721) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-stored-cross-site-scripting-cve-2022-35721-3/


∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2022-35722) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-stored-cross-site-scripting-cve-2022-35722-3/


∗∗∗ Security Bulletin: IBM Urbancode Deploy (UCD) is vulnerable to Insufficiently Protected LDAP Search Credentials ( CVE-2022-40751 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-is-vulnerable-to-insufficiently-protected-ldap-search-credentials-cve-2022-40751/


∗∗∗ Security Bulletin: Apache Tomcat could allow a remote attacker to obtain sensitive information (CVE-2021-43980) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-could-allow-a-remote-attacker-to-obtain-sensitive-information-cve-2021-43980/


∗∗∗ Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163) ∗∗∗
---------------------------------------------
https://research.nccgroup.com/2022/11/17/cve-2022-45163/


∗∗∗ Red Lion Crimson ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-321-01


∗∗∗ Cradlepoint IBR600 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-321-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list