[CERT-daily] Tageszusammenfassung - 20.09.2022
Daily end-of-shift report
team at cert.at
Tue Sep 20 18:37:37 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Montag 19-09-2022 18:00 − Dienstag 20-09-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches ∗∗∗
---------------------------------------------
Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mfa-fatigue-hackers-new-favorite-tactic-in-high-profile-breaches/
∗∗∗ Handling WebAuthn over remote SSH connections ∗∗∗
---------------------------------------------
Being able to SSH into remote machines and do work there is great. Using hardware security tokens for 2FA is also great. But trying to use them both at the same time doesnt work super well, because if you hit a WebAuthn request on the remote machine it doesnt matter how much you mash your token - its not going to work. But could it?
---------------------------------------------
https://mjg59.dreamwidth.org/61232.html
∗∗∗ LastPass source code breach – incident response report released ∗∗∗
---------------------------------------------
Wondering how youd handle a data breach report if the worst happened to you? Heres a useful example.
---------------------------------------------
https://nakedsecurity.sophos.com/2022/09/19/lastpass-source-code-breach-incident-response-report-released/
∗∗∗ Chainsaw: Hunt, search, and extract event log records, (Mon, Sep 19th) ∗∗∗
---------------------------------------------
Chainsaw is a standalone tool that provides a simple and fast method to triage Windows event logs and identify interesting elements within the logs while applying detection logic (Sigma and Chainsaw) to detect malicious activity.
---------------------------------------------
https://isc.sans.edu/diary/rss/29066
∗∗∗ E-Mail von „GMX Sicherheit“ ist Fake ∗∗∗
---------------------------------------------
GMX-Nutzer:innen aufgepasst: Das E-Mail vom Absender „GMX Sicherheit“ ist nicht von GMX. Im betrügerischen E-Mail werden Sie aufgefordert, Ihre Kontoinformationen zu vervollständigen. Ansonsten wird angeblich Ihr Konto innerhalb von 24 Stunden gelöscht. Verschieben Sie das Mail in Ihren Spam-Ordner und klicken Sie nicht auf den Link!
---------------------------------------------
https://www.watchlist-internet.at/news/e-mail-von-gmx-sicherheit-ist-fake/
∗∗∗ Security Risks in Logistics APIs Used by E-Commerce Platforms ∗∗∗
---------------------------------------------
Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers.
---------------------------------------------
https://www.trendmicro.com/en_us/research/22/i/security-risks-in-logistics-apis-used-by-e-commerce-platforms-.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Most common SAP vulnerabilities attackers try to exploit ∗∗∗
---------------------------------------------
Unpatched vulnerabilities, common misconfigurations and hidden flaws in custom code continue to make enterprise SAP applications a target rich environment for attackers at a time when threats like ransomware and credential theft have emerged as major concerns for organizations.
---------------------------------------------
https://www.csoonline.com/article/3674119/most-common-sap-vulnerabilities-attackers-try-to-exploit.html
∗∗∗ Vulnerabilities Identified in EZVIZ Smart Cams ∗∗∗
---------------------------------------------
As the creator of the world’s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities that might affect customers if left unaddressed. This research paper is part of a broader program that aims to shed light on the security of the world’s best-sellers in the IoT space.
---------------------------------------------
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (dokuwiki and rizin), SUSE (libcontainers-common, permissions, sqlite3, and wireshark), and Ubuntu (tiff, vim, and xen).
---------------------------------------------
https://lwn.net/Articles/908779/
∗∗∗ Moodle: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um beliebigen Programmcode auszuführen, einen Cross-Site-Scripting-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Dateien zu manipulieren.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1475
∗∗∗ Hitachi Energy PROMOD IV ICS Advisory (ICSA-22-263-01) ∗∗∗
---------------------------------------------
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-01
∗∗∗ Hitachi Energy AFF660/665 Series ICS Advisory (ICSA-22-263-02) ∗∗∗
---------------------------------------------
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-02
∗∗∗ Medtronic NGP 600 Series Insulin Pumps ICS Medical Advisory (ICSMA-22-263-01) ∗∗∗
---------------------------------------------
https://www.cisa.gov/uscert/ics/advisories/icsma-22-263-01
∗∗∗ Dataprobe iBoot-PDU ICS Advisory (ICSA-22-263-03) ∗∗∗
---------------------------------------------
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
∗∗∗ Host Engineering Communications Module ICS Advisory (ICSA-22-263-04) ∗∗∗
---------------------------------------------
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-04
∗∗∗ Security Bulletin: A security vulnerability in react-scripts affects IBM Cloud Pak for Multicloud Management Managed Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-react-scripts-affects-ibm-cloud-pak-for-multicloud-management-managed-services/
∗∗∗ Security Bulletin: Due to use of Apache Commons, IBM Cloud PAK for Watson AI Ops is vulnerable to remote code execution (CVE-2022-33980) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-apache-commons-ibm-cloud-pak-for-watson-ai-ops-is-vulnerable-to-remote-code-execution-cve-2022-33980/
∗∗∗ Security Bulletin: A security vulnerability in Nodejs marked affects IBM Cloud Pak for Multicloud Management Managed Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-nodejs-marked-affects-ibm-cloud-pak-for-multicloud-management-managed-services/
∗∗∗ Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-provision-to-add-https-and-secure-flag-to-bayeux_browser-cookie-for-ibm-control-desk-2/
∗∗∗ Security Bulletin: Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-libcurl-affect-ibm-spectrum-protect-plus-sql-file-indexing-and-windows-host-agents/
∗∗∗ Security Bulletin: Multiple vulnerabilities in log4j-1.2.16.jar used by IBM Operations Analytics – Log Analysis ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-log4j-1-2-16-jar-used-by-ibm-operations-analytics-log-analysis-2/
∗∗∗ Security Bulletin: A security vulnerability in Node.js dicer affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Managed Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-dicer-affects-ibm-cloud-pak-for-watson-aiops-infrastructure-automation-managed-services/
∗∗∗ Security Vulnerabilities fixed in Thunderbird 91.13.1 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2022-39/
∗∗∗ Security Vulnerabilities fixed in Firefox ESR 102.3 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/
∗∗∗ Security Vulnerabilities fixed in Firefox 105 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/
∗∗∗ Festo: CPX-CEC-C1 and CPX-CMXX, Missing Authentication for Critical Webpage Function ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-036/
∗∗∗ JetBrains IntelliJ IDEA: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1474
∗∗∗ Apache Kafka: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1473
∗∗∗ Budibase: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1472
∗∗∗ Spring Data REST Vulnerability (CVE-2022-31679) ∗∗∗
---------------------------------------------
https://spring.io/blog/2022/09/19/spring-data-rest-vulnerability-cve-2022-31679
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list