[CERT-daily] Tageszusammenfassung - 04.10.2022
Daily end-of-shift report
team at cert.at
Tue Oct 4 19:01:38 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Montag 03-10-2022 18:00 − Dienstag 04-10-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Live support service hacked to spread malware in supply chain attack ∗∗∗
---------------------------------------------
The official installer for the Comm100 Live Chat application, a widely deployed SaaS (software-as-a-service) that businesses use for customer communication and website visitors, was trojanized as part of a new supply-chain attack.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/live-support-service-hacked-to-spread-malware-in-supply-chain-attack/
∗∗∗ Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub ∗∗∗
---------------------------------------------
Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-microsoft-exchange-proxynotshell-exploits-for-sale-on-github/
∗∗∗ OnionPoison: infected Tor Browser installer distributed through popular YouTube channel ∗∗∗
---------------------------------------------
Kaspersky researchers detected OnionPoison campaign: malicious Tor Browser installer spreading through a popular YouTube channel and targeting Chinese users.
---------------------------------------------
https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/
∗∗∗ CISA verdonnert US-Behörden zu besserer Netzwerkkontrolle ∗∗∗
---------------------------------------------
Die US-Cybersicherheitsbehörde CISA hat eine verbindliche Direktive erlassen. Nach der müssen alle Bundesbehörden ihre Netzwerke regelmäßig untersuchen.
---------------------------------------------
https://heise.de/-7283699
∗∗∗ Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices ∗∗∗
---------------------------------------------
NXP’s HABv4 API documentation references a now-mitigated defect in ROM-resident High Assurance Boot (HAB) functionality present in devices with HAB version < 4.3.7. I could find no further public documentation on whether this constituted a vulnerability or an otherwise “uninteresting” errata item, so I analyzed it myself!
---------------------------------------------
https://research.nccgroup.com/2022/10/03/shining-new-light-on-an-old-rom-vulnerability/
∗∗∗ Mit tragbaren Heizgeräten Strom sparen? Fallen Sie nicht auf dieses Fake-Produkt herein! ∗∗∗
---------------------------------------------
Online-Shops wie ultraheatpro.com und valty-heater.com bewerben aktuell einen Stecker, der Räume in weniger als 2 Minuten aufheizt. Die sehr kleinen und kabellosen Heizgeräte verbrauchen angeblich kaum Strom, reduzieren Heizkosten und verursachen keinen Lärm. Beim Kauf dieser „Wundergeräte“ verschwenden Sie aber Ihr Geld, denn Sie bekommen, wenn überhaupt, ein funktionsloses Gerät zugesendet.
---------------------------------------------
https://www.watchlist-internet.at/news/mit-tragbaren-heizgeraeten-strom-sparen-fallen-sie-nicht-auf-dieses-fake-produkt-herein/
∗∗∗ Developer account body snatchers pose risks to the software supply chain ∗∗∗
---------------------------------------------
Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research. Developer account takeovers present a substantial risk to the software supply chain because attackers who successfully compromise a developer account could conceal malicious code in software packages used by others.
---------------------------------------------
http://blog.talosintelligence.com/2022/10/developer-account-body-snatchers-pose.html
∗∗∗ Tracking Earth Aughisky’s Malware and Changes ∗∗∗
---------------------------------------------
For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed.
---------------------------------------------
https://www.trendmicro.com/en_us/research/22/j/tracking-earth-aughiskys-malware-and-changes.html
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins 2022-10-03 ∗∗∗
---------------------------------------------
IBM Robotic Process Automation, IBM WebSphere Application Server Liberty, IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, IBM FlashSystem, Content Manager OnDemand z/OS, IBM Spectrum Copy Data Management, CloudPak for Watson AIOPs, IBM MaaS360, Tivoli Netcool/OMNIbus WebGUI, CP4D Match 360.
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (barbican), Fedora (libdxfrw, librecad, and python-oauthlib), Oracle (bind), Red Hat (bind and rh-python38-python), SUSE (bind, chromium, colord, libcroco, libgit2, lighttpd, nodejs12, python, python3, slurm, slurm_20_02, and webkit2gtk3), and Ubuntu (linux-azure, python-django, strongswan, and wayland).
---------------------------------------------
https://lwn.net/Articles/910300/
∗∗∗ Aruba ArubaOS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um beliebigen Programmcode auszuführen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1606
∗∗∗ MediaWiki: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um Sicherheitsvorkehrungen zu umgehen und vertrauliche Informationen offenzulegen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1604
∗∗∗ Hitachi Storage: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Hitachi Storage ausnutzen, um seine Privilegien zu erhöhen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1601
∗∗∗ FasterXML Jackson: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
Ein Angreifer kann mehrere Schwachstellen in FasterXML Jackson ausnutzen, um einen Denial of Service Angriff durchzuführen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1608
∗∗∗ Netgate pfSense: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Netgate pfSense ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1609
∗∗∗ Android-Sicherheitsbulletin – Oktober 2022 ∗∗∗
---------------------------------------------
https://source.android.com/docs/security/bulletin/2022-10-01
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list