[CERT-daily] Tageszusammenfassung - 02.09.2022
Daily end-of-shift report
team at cert.at
Fri Sep 2 18:16:57 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 01-09-2022 18:00 − Freitag 02-09-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Microsoft will disable Exchange Online basic auth next month ∗∗∗
---------------------------------------------
Microsoft warned customers today that it will finally disable basic authentication in random tenants worldwide to improve Exchange Online security starting October 1, 2022.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-will-disable-exchange-online-basic-auth-next-month/
∗∗∗ Sharkbot is back in Google Play ∗∗∗
---------------------------------------------
This new dropper doesn’t rely Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware. Instead, this new version ask the victim to install the malware as a fake update for the antivirus to stay protected against threats.
---------------------------------------------
https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/
∗∗∗ NSA gibt Sicherheitstipps gegen Supply-Chain-Attacken ∗∗∗
---------------------------------------------
Die Cybersecurity and Infrastructure Agency (CISA), die National Security Agency (NSA) und das Office of the Director of National Intelligence (ODNI) haben wichtige Tipps zum Entwickeln von sicherer Software veröffentlicht.
---------------------------------------------
https://heise.de/-7251765
∗∗∗ Unverschlüsselte Access Tokens: Sicherheitslücke in tausenden Apps ∗∗∗
---------------------------------------------
Sicherheitsforscher warnen vor unverschlüsselten Access Tokens in Apps. Oft holen sich Entwickler Probleme ungewollt ins Haus. Besonders betroffen: iOS-Apps.
---------------------------------------------
https://heise.de/-7252134
∗∗∗ When disclosure goes wrong. People ∗∗∗
---------------------------------------------
My experience of vulnerability disclosure is that it is rarely as easy or simple as it could be. I had hoped that bug bounty programmes and vulnerability disclosure programmes (VDPs) would help matters. Broadly that doesn’t seem to be the case, often for unexpected reasons.
---------------------------------------------
https://www.pentestpartners.com/security-blog/when-disclosure-goes-wrong-people/
∗∗∗ Ransomware auf IoT: Anderer Sicherheitsansatz bei IoT-Geräten erforderlich ∗∗∗
---------------------------------------------
Wir haben uns vermutlich an die täglichen Ransomware-Angriffe auf IT-Systeme gewöhnt. Aber mit der Zunahme von IoT-Geräten droht eine wachsende Gefahr für solche Sicherheitsvorfälle. CheckPoint meint, dass IoT-Geräte einen anderen Sicherheitsansatz brauchen, um dieser Gefahr (z.B. Infektionen durch Ransomware) zu begegnen.
---------------------------------------------
https://www.borncity.com/blog/2022/09/02/ransomware-auf-iot-anderer-sicherheitsansatz-bei-iot-gerten-erforderlich/
∗∗∗ Architecting for Extortion: Acting on the IST’s Blueprint for Ransomware Defense ∗∗∗
---------------------------------------------
Last month, the Institute for Security and Technology’s Ransomware Task Force launched the Blueprint for Ransomware Defense.
---------------------------------------------
https://www.rapid7.com/blog/post/2022/09/02/architecting-for-extortion-acting-on-the-ists-blueprint-for-ransomware-defense/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, rsync, systemd, and thunderbird), Debian (chromium, dpdk, and sofia-sip), Fedora (kernel, thunderbird, and zlib), Red Hat (pcs and rh-mariadb103-galera and rh-mariadb103-mariadb), Slackware (poppler), SUSE (cifs-utils, curl, dwarves and elfutils, firefox, flatpak, gnutls, gpg2, harfbuzz, ignition, kernel, ldb, samba, libslirp, libsolv, libzypp, zypper, libtirpc, logrotate, mozilla-nss, ncurses, open-vm-tools, openssl-1_1, p11-kit, pcre, pcre2, podman, postgresql12, postgresql13, postgresql14, python-M2Crypto, python3, rsync, salt, spice, systemd-presets-common-SUSE, tiff, ucode-intel, xen, and zlib), and Ubuntu (curl, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency, linux, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-snapdragon, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, and linux-aws-hwe).
---------------------------------------------
https://lwn.net/Articles/906973/
∗∗∗ NetApp ActiveIQ Unified Manager: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in NetApp ActiveIQ Unified Manager ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1263
∗∗∗ Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2022 CPU plus deferred CVE-2021-2163 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affects-ibm-websphere-application-server-and-ibm-websphere-application-server-liberty-due-to-july-2022-cpu-plus-deferred-cve-2021-2163/
∗∗∗ Security Bulletin: Vulnerabilities with Kernel, GnuTLS affect IBM Cloud Object Storage Systems (August 2022v1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/
∗∗∗ Security Bulletin: IBM DataPower Gateway vulnerable to CSRF attack ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-csrf-attack-2/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list