[CERT-daily] Tageszusammenfassung - 01.09.2022
Daily end-of-shift report
team at cert.at
Thu Sep 1 18:21:34 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 31-08-2022 18:00 − Donnerstag 01-09-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Apple backports fix for actively exploited iOS zero-day to older iPhones ∗∗∗
---------------------------------------------
Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-actively-exploited-ios-zero-day-to-older-iphones/
∗∗∗ Underscores and DNS: The Privacy Story, (Wed, Aug 31st) ∗∗∗
---------------------------------------------
The use of underscores in DNS records can easily trigger DNS purists into a rage. Since the beginning of (DNS) time, only the letters a-z, numbers, and dashes are allowed in DNS labels (RFC 1035 section 2.3.1). After all, we want to remain compatible with ARPANET.
---------------------------------------------
https://isc.sans.edu/diary/rss/29002
∗∗∗ Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021), (Thu, Sep 1st) ∗∗∗
---------------------------------------------
On Tuesday, the Apache project released an update for Geode. The update patches a typical deserialization issue we often see in Java software like Geode (CVE-2022-37021). [...] But the vulnerability has a few dependencies: [...] JMX and RMI are used for the attack.
[...]
And here comes Jolokia. "JMX on Capsaicin," as it calls itself. It provides a simple HTTP to JMX gateway. So it is somewhat interesting that I also saw some scans for Jol[o]kia starting yesterday.
---------------------------------------------
https://isc.sans.edu/diary/rss/29006
∗∗∗ Authority-Scam: Neue Welle von Fake-Mails der Polizei ∗∗∗
---------------------------------------------
Kriminelle geben dem Authority-Scam einen neuen Anstrich: Momentan befinden sich wieder viele gefälschte E-Mails der Polizei im Umlauf. Die Empfänger:innen werden beschuldigt eine Straftat begangen zu haben. Die Anschuldigungen umfassen Pädophilie, Cyberpornographie und Exhibitionismus. Antworten Sie nicht und ignorieren Sie das Schreiben, es ist Fake!
---------------------------------------------
https://www.watchlist-internet.at/news/authority-scam-neue-welle-von-fake-mails-der-polizei/
∗∗∗ Over 900K Kubernetes clusters are misconfigured! Is your cluster a target? ∗∗∗
---------------------------------------------
Kubernetes is an amazing platform for managing containers at scale. However, a recent study found that over 900,000 Kubernetes clusters are vulnerable to attack because they are misconfigured! This means that your Kubernetes cluster could be a target for malicious actors if it is not properly secured. In this blog post, we will discuss how to secure your Kubernetes cluster and protect it from attack.
---------------------------------------------
https://grahamcluley.com/feed-sponsor-teleport-4/
∗∗∗ Android TikTok-App: Microsoft findet 1-Klick-Schwachstelle, die Kontenübernahme erlaubte ∗∗∗
---------------------------------------------
Microsoft hat eine gefährliche Sicherheitslücke in der TikTok-App für Android entdeckt, die es ermöglichte, Benutzerkonten mit einem einzigen Klick zu kompromittieren. Inzwischen wurde diese Schwachstelle in der TikTok-App für Android geschlossen.
---------------------------------------------
https://www.borncity.com/blog/2022/09/01/android-tiktok-app-microsoft-findet-1-klick-schwachstelle-die-kontenbernahme-erlaubte/
∗∗∗ RAT Tool Disguised as Solution File (*.sln) Being Distributed on Github ∗∗∗
---------------------------------------------
The ASEC analysis team has recently discovered the distribution of a RAT Tool disguised as a solution file (*.sln) on GitHub. As shown in Figure 1, the malware distributor is sharing a source code on GitHub titled “Jpg Png Exploit Downloader Fud Cryter Malware Builder Cve 2022”. The file composition looks normal, but the solution file (*.sln) is actually a RAT tool. It is through methods like this that the malware distributor lures users to run the RAT tool by disguising it as a solution file (*.sln). Generally, programmers who receive the code that includes the solution file run the file in order to open the project. Users should take caution against social engineering techniques that take advantage of such a thought process.
---------------------------------------------
https://asec.ahnlab.com/en/38150/
∗∗∗ Azure Synapse: Local Privilege Escalation Vulnerability in Spark ∗∗∗
---------------------------------------------
The story of a simple race condition leading to a Local Privilege Escalation, and how we discovered, in retrospect, that we crossed paths with another researcher and a previous Microsoft case.
---------------------------------------------
https://orca.security/resources/blog/synapse-local-privilege-escalation-vulnerability-spark/
=====================
= Vulnerabilities =
=====================
∗∗∗ Kritische Lücke in zlib-Bibliothek ermöglicht Codeschmuggel ∗∗∗
---------------------------------------------
In der weit verbreiteten Kompressionsbibliothek zlib könnten Angreifer unter Umständen Schadcode einschleusen und ausführen. Erste Patches sind verfügbar.
---------------------------------------------
https://heise.de/-7250044
∗∗∗ Sicherheitsupdate: Präparierte Mails könnten Thunderbird gefährlich werden ∗∗∗
---------------------------------------------
Es ist ein wichtiges Sicherheitsupdate für den Mailclient Thunderbird erschienen. Damit haben die Entwickler vier Lücken geschlossen.
---------------------------------------------
https://heise.de/-7250566
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (pdns-recursor, thunderbird, and vim), Gentoo (firefox, thunderbird-bin, virtualbox, and webkit-gtk), Red Hat (convert2rhel), SUSE (gstreamer-plugins-good, open-vm-tools, postgresql12, rsync, and ucode-intel), and Ubuntu (linux-azure, linux-gcp, linux-hwe).
---------------------------------------------
https://lwn.net/Articles/906778/
∗∗∗ libTIFF: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libTIFF ausnutzen, um einen Denial of Service Angriff durchzuführen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1250
∗∗∗ D-LINK Router: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in D-LINK Router ausnutzen, um Code auszuführen oder einen Denial of Service zu verursachen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1253
∗∗∗ Xerox FreeFlow Print Server: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1251
∗∗∗ Security Advisory - Out-of-bounds Read and Write Vulnerability in Some Huawei Headset Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220826-01-outofboundread-en
∗∗∗ Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletinibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-openssl-pcre2-and-golang-go/
∗∗∗ Security Bulletin: CVE-2021-2163 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2163-may-affect-ibm-sdk-java-technology-edition/
∗∗∗ Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-v1-6-5-contains-fixes-for-multiple-security-vulnerabilities/
∗∗∗ Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing due to Eclipse Paho (CVE-2019-11777) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-liberty-for-java-for-ibm-cloud-is-vulnerable-to-spoofing-due-to-eclipse-paho-cve-2019-11777/
∗∗∗ Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-9/
∗∗∗ Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting (CVE-2022-35714) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-and-the-ibm-maximo-manage-application-in-ibm-maximo-application-suite-are-vulnerable-to-cross-site-scripting-cve-2022-35714-2/
∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-14/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, affect IBM Workload Scheduler. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-8-affect-ibm-workload-scheduler/
∗∗∗ Delta Electronics DOPSoft ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-244-01
∗∗∗ Contec Health CMS8000 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-22-244-01
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list