[CERT-daily] Tageszusammenfassung - 13.09.2022
Daily end-of-shift report
team at cert.at
Tue Sep 13 18:08:55 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Montag 12-09-2022 18:00 − Dienstag 13-09-2022 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ New PsExec spinoff lets hackers bypass network security defenses ∗∗∗
---------------------------------------------
Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a less monitored port.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-psexec-spinoff-lets-hackers-bypass-network-security-defenses/
∗∗∗ Security pros get ability to manually add incidents to Microsoft Sentinel ∗∗∗
---------------------------------------------
Microsoft is introducing a feature to Sentinel to enable security analysts to manually create an incident report and the ability to manually delete the incident if needed.
---------------------------------------------
https://www.theregister.com/2022/09/12/microsoft_sentinel_manual_siem_reports/
∗∗∗ Letting off steam ∗∗∗
---------------------------------------------
In July alone, CERT-GIB specialists identified more than 150 fraudulent resources mimicking Steam, a major online gaming platform. To steal Steam credentials, hackers have been using a new phishing technique called browser-in-the-browser, which tricks users into thinking that a fake webpage is a legal resource.
---------------------------------------------
https://blog.group-ib.com/steam
∗∗∗ Tool Release – Monkey365 ∗∗∗
---------------------------------------------
Monkey 365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews without the significant overhead of learning tool APIs or complex admin panels from the start.
---------------------------------------------
https://research.nccgroup.com/2022/09/07/tool-release-monkey365/
∗∗∗ OriginLogger: A Look at Agent Tesla’s Successor ∗∗∗
---------------------------------------------
We provide an overview of the OriginLogger keylogger, including info on a dropper lure and OriginLogger’s configuration and infrastructure.
---------------------------------------------
https://unit42.paloaltonetworks.com/originlogger/
∗∗∗ How to tighten your security in Microsoft Edge ∗∗∗
---------------------------------------------
Edge offers several options to help protect you from malicious websites and other online hazards.
---------------------------------------------
https://www.zdnet.com/article/how-to-tighten-your-security-in-microsoft-edge/
∗∗∗ MISP 2.4.162 released with a new periodic notification system, workflow updates and many improvements ∗∗∗
---------------------------------------------
We are pleased to announce the immediate availability of MISP v2.4.162 with a new periodic notification system, workflow updates and many improvements.
---------------------------------------------
https://github.com/MISP/MISP/releases/tag/v2.4.162
=====================
= Vulnerabilities =
=====================
∗∗∗ Trend Micro warns of actively exploited Apex One RCE vulnerability ∗∗∗
---------------------------------------------
Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trend-micro-warns-of-actively-exploited-apex-one-rce-vulnerability/
∗∗∗ Firmware: Etliche HP-Rechner mit Sicherheitslücken, aber ohne Patches ∗∗∗
---------------------------------------------
Gemeldet wurden die Sicherheitslücken vor vielen Monaten, doch etliche Businessgeräte von HP haben noch keine Updates erhalten.
---------------------------------------------
https://www.golem.de/news/firmware-etliche-hp-rechner-mit-sicherheitsluecken-aber-ohne-patches-2209-168255.html
∗∗∗ iPadOS, macOS Monterey und altes iOS: Apple patcht Lücken ∗∗∗
---------------------------------------------
iPadOS 16 ist noch nicht fertig, dafür kommt ein Sicherheitsupdate. Auf dem Mac gibts nun Safari 16 – und ebenfalls viele Patches. Auch iOS 15 wird bedacht.
---------------------------------------------
https://heise.de/-7261410
∗∗∗ Lorenz Ransomware nutzt VoIP-Telefone MiVoice Connect von Mitel als Sprungbrett ∗∗∗
---------------------------------------------
Angreifer nutzen derzeit eine kritische Sicherheitslücke in Telefonsystemen von Mitel aus. Sicherheitsupdates sind verfügbar.
---------------------------------------------
https://heise.de/-7261947
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (connman and python-oslo.utils), Fedora (libapreq2), Red Hat (booth, gnupg2, kernel, kernel-rt, mariadb:10.3, nodejs:14, nodejs:16, python3, ruby:2.7, and ruby:3.0), SUSE (chromium, opera, python2-numpy, and rubygem-kramdown), and Ubuntu (poppler).
---------------------------------------------
https://lwn.net/Articles/907869/
∗∗∗ FBI warns of vulnerabilities in medical devices following several CISA alerts ∗∗∗
---------------------------------------------
The FBI on Monday warned that hundreds of vulnerabilities in widely used medical devices are leaving a door open for cyberattacks.
---------------------------------------------
https://therecord.media/fbi-warns-of-vulnerabilities-in-medical-devices-following-several-cisa-alerts/
∗∗∗ SSA-638652 V1.0: Authentication Bypass Vulnerability in Mendix SAML Module ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-638652.txt
∗∗∗ SSA-637483 V1.0: Third-Party Component Vulnerabilities in SINEC INS before V1.0 SP2 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-637483.txt
∗∗∗ SSA-589975 V1.0: Improper Access Control Vulnerability in CoreShield OWG Software ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-589975.txt
∗∗∗ SSA-518824 V1.0: Multiple File Parsing Vulnerabilities in Simcenter Femap and Parasolid ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-518824.txt
∗∗∗ SSA-459643 V1.0: Denial of Service Vulnerability in RUGGEDCOM ROS before V5.6.0 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-459643.txt
∗∗∗ Security Bulletin: IBM CICS TX Standard is vulnerable to identity spoofing due to IBM WebSphere Application Server Liberty (CVE-2022-22475) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-standard-is-vulnerable-to-identity-spoofing-due-to-ibm-websphere-application-server-liberty-cve-2022-22475/
∗∗∗ Security Bulletin: Vulnerability in MIT Kerberos 5 affects PowerSC (CVE-2021-37750) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-mit-kerberos-5-affects-powersc-cve-2021-37750/
∗∗∗ Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability due to invscout (CVE-2022-36768) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-privilege-escalation-vulnerability-due-to-invscout-cve-2022-36768/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. (CVE-2022-35637) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-after-entering-a-specially-crafted-malformed-sql-statement-into-the-db2expln-tool-cve-2022-35637/
∗∗∗ Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-is-vulnerable-to-cross-site-scripting-in-the-admin-console-cve-2022-34336/
∗∗∗ Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-provision-to-add-https-and-secure-flag-to-bayeux_browser-cookie-for-ibm-control-desk/
∗∗∗ Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing with authenticated user and ability to bypass security restrictions due to Eclipse Paho Java client (CVE-2019-11777, CVE-2022-22476) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-for-ibm-i-is-vulnerable-to-identity-spoofing-with-authenticated-user-and-ability-to-bypass-security-restrictions-due-to-eclipse-paho-java-cl/
∗∗∗ Security Bulletin: IBM CICS TX Advanced is vulnerable to identity spoofing due to IBM WebSphere Application Server Liberty (CVE-2022-22475) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-advanced-is-vulnerable-to-identity-spoofing-due-to-ibm-websphere-application-server-liberty-cve-2022-22475/
∗∗∗ Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2022-29824) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-denial-of-service-due-to-libxml2-cve-2022-29824/
∗∗∗ Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability (CVE-2022-34356) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-privilege-escalation-vulnerability-cve-2022-34356/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-in-some-scenarios-due-to-unauthorized-access-caused-by-improper-privilege-management-when-create-or-replace-command/
∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-txseries-for-multiplatforms-8/
∗∗∗ SAP Patchday September 2022 ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1400
∗∗∗ TYPO3 Core: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1402
∗∗∗ Citrix Hypervisor Security Bulletin for CVE-2020-35498 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX463901/citrix-hypervisor-security-bulletin-for-cve202035498
∗∗∗ AMI MegaRAC SP-X BMC Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500518-AMI-MEGARAC-SP-X-BMC-VULNERABILITIES
∗∗∗ Brocade Fabric OS - Security Update ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500517-BROCADE-FABRIC-OS-SECURITY-UPDATE
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list