[CERT-daily] Tageszusammenfassung - 15.02.2023

Daily end-of-shift report team at cert.at
Wed Feb 15 18:54:32 CET 2023 

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 14-02-2023 18:00 − Mittwoch 15-02-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Adobe Patchday: Schadcode-Attacken auf After Effects & Co. möglich ∗∗∗
---------------------------------------------
Adobe hat unter anderem für After Effects, InDesign und Photoshop Sicherheitsupdates veröffentlicht.
---------------------------------------------
https://heise.de/-7496102


∗∗∗ Bluetooth-Fehler in Android 13 kann Diabetiker gefährden ∗∗∗
---------------------------------------------
Ein Fehler in Android 13 kann die Kommunikation zwischen Blutzuckersensor und zugehöriger App stören. Dann warnt die App nicht vor gefährlicher Unterzuckerung.
---------------------------------------------
https://heise.de/-7496644


∗∗∗ Angreifer attackieren Microsoft 365 und Windows - Mehrere kritische Lücken ∗∗∗
---------------------------------------------
Es sind wichtige Sicherheitsupdates für unter anderem Azure, Exchange Server und Windows erschienen. Mehrere Lücken sind als "kritisch" eingestuft.
---------------------------------------------
https://heise.de/-7496015


∗∗∗ Abo-Falle beim Kauf von Handyhüllen auf puffcase-official.com ∗∗∗
---------------------------------------------
Wenn Sie auf der Suche nach einer Schutzhülle für Ihr Smartphone sind, nehmen Sie sich vor puffcase-official.com in Acht. Während die „Puffcases“ auf den ersten Blick günstig wirken und zu einem schnellen Kauf verleiten, stellt sich die Seite als Abo-Falle heraus. Davon erfahren Sie erst, wenn die neuerliche Abbuchung auf Ihrer Kreditkarte auftaucht. Bestellen Sie hier nicht!
---------------------------------------------
https://www.watchlist-internet.at/news/abo-falle-beim-kauf-von-handyhuellen-auf-puffcase-officialcom/


∗∗∗ NPM packages posing as speed testers install crypto miners instead ∗∗∗
---------------------------------------------
A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computers resources to mine cryptocurrency for the threat actors.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/npm-packages-posing-as-speed-testers-install-crypto-miners-instead/


∗∗∗ Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack ∗∗∗
---------------------------------------------
Gone in 60 seconds using a USB-A plug and brute force instead of a key Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/02/15/hyundai_kia_software_upgrades/


∗∗∗ PYbot DDoS Malware Being Distributed Disguised as a Discord Nitro Code Generator ∗∗∗
---------------------------------------------
The ASEC analysis team has recently discovered Pybot DDoS being distributed with illegal software. The program used as bait by the threat actor is a token generator called Nitro Generator. Nitro is a paid Discord service with various benefits which can be seen below in Figure 1. Nitro Generator is a tool that generates codes that can be used for free access to Nitro.
---------------------------------------------
https://asec.ahnlab.com/en/47789/


∗∗∗ cURL audit: How a joke led to significant findings ∗∗∗
---------------------------------------------
In fall 2022, Trail of Bits audited cURL, a widely-used command-line utility that transfers data between a server and supports various protocols. [..] the fuzzer quickly uncovered memory corruption bugs, specifically use-after-free issues, double-free issues, and memory leaks. Because the bugs are in libcurl, a cURL development library, they have the potential to affect the many software applications that use libcurl. This blog post describes how we found the following vulnerabilities
---------------------------------------------
https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/


∗∗∗ ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric ∗∗∗
---------------------------------------------
Siemens has published 13 new advisories covering a total of 86 vulnerabilities. [..] Schneider Electric has published three advisories covering 10 vulnerabilities.
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-100-vulnerabilities-addressed-by-siemens-schneider-electric/


∗∗∗ DNS Abuse Techniques Matrix ∗∗∗
---------------------------------------------
The FIRST DNS Abuse SIG has been working on a document for some time, which has now finally been published: a matrix of DNS abuse techniques and their stakeholders. Its intended to help people experiencing DNS abuse, particularly incident responders and security teams.
---------------------------------------------
https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.1.pdf


∗∗∗ Sustained Activity by Threat Actors ∗∗∗
---------------------------------------------
The European Union Agency for Cybersecurity (ENISA) and the CERT of the EU institutions, bodies and agencies (CERT-EU) jointly published a report to alert on sustained activity by particular threat actors. The malicious cyber activities of the presented threat actors pose a significant and ongoing threat to the European Union.
---------------------------------------------
https://www.enisa.europa.eu/news/sustained-activity-by-threat-actors


∗∗∗ Abusing Azure App Service Managed Identity Assignments ∗∗∗
---------------------------------------------
[...] Managed Identities are great and admins should absolutely use them. But admins also need to understand the risks that come with Managed Identities and how to deal with those risks. In this blog post I will explain those risks, demonstrate how an attacker can abuse App Service Managed Identity assignments, and show you how to identify and deal with those risks yourself.
---------------------------------------------
https://posts.specterops.io/abusing-azure-app-service-managed-identity-assignments-c3adefccff95



=====================
=  Vulnerabilities  =
=====================

∗∗∗ AMD: Cross-Thread Return Address Predictions ∗∗∗
---------------------------------------------
AMD internally discovered a potential vulnerability where certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure. AMD believes that due to existing mitigations applied to address other speculation-based issues, theoretical avenues for potential exploit of CVE-2022-27672 may be limited only to select virtualization environments where a virtual machine is given special privileges.
---------------------------------------------
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045


∗∗∗ HAProxy Security Update (CVE-2023-25725) ∗∗∗
---------------------------------------------
A team of security researchers notified me on Thursday evening that they had found a dirty bug in HAProxys headers processing, and that, when properly exploited, this bug allows to build an HTTP content smuggling attack. [..] The issue was fixed in all versions and all modes (HTX and legacy), and all versions were upgraded. [..] Distros were notified (not very long ago admittedly, the delay was quite short for them) and updated packages will appear soon.
---------------------------------------------
https://www.mail-archive.com/haproxy@formilux.org/msg43229.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gnutls28 and haproxy), Fedora (syslog-ng), Mageia (apr-util, chromium-browser-stable, editorconfig-core-c, ffmpeg, libzen, phpmyadmin, tpm2-tss, and webkit2), Oracle (kernel and kernel-container), Slackware (mozilla and php), SUSE (git, haproxy, kernel, nodejs18, phpMyAdmin, and timescaledb), and Ubuntu (APR-util, git, and haproxy).
---------------------------------------------
https://lwn.net/Articles/923364/


∗∗∗ Lenovo Product Security Advisories ∗∗∗
---------------------------------------------
* AMI MegaRAC SP-X BMC Redfish Vulnerabilities 
* AMI MegaRAC SP-X BMC Vulnerabilities 
* Crypto API Toolkit for Intel SGX Advisory 
* Intel Ethernet Controllers and Adapters Advisory 
* Intel Ethernet VMware Drivers Advisory 
* Intel Integrated Sensor Solution Advisory 
* Intel Server Platform Services (SPS) Vulnerabilities 
* Intel SGX SDK Advisory 
* Multi-Vendor BIOS Security Vulnerabilities (February 2023) 
---------------------------------------------
https://support.lenovo.com/at/en/product_security/home


∗∗∗ Released: February 2023 Exchange Server Security Updates ∗∗∗
---------------------------------------------
Microsoft has released Security Updates (SUs) for vulnerabilities found in:Exchange Server 2013Exchange Server 2016Exchange Server 2019SUs are available in a self-extracting auto-elevating .exe package, as well as the original update packages (.msp files), which can be downloaded from the Microsoft Update Catalog.SUs are available for the following specific versions of Exchange Server:Exchange Server 2013 CU23 (note that support and availability of SUs end on April 11, 2023)Exchange Server 2016
---------------------------------------------
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-february-2023-exchange-server-security-updates/ba-p/3741058


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ XSA-426 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-426.html


∗∗∗ Advisory: Impact of Insyde UEFI Boot Issues on B&R Products ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1675931547567-en-original-1.0.pdf


∗∗∗ ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023 ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy


∗∗∗ Cisco Nexus Dashboard Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-dashboard-xss-xc5BcgsQ


∗∗∗ Cisco Nexus Dashboard Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-dnsdos-bYscZOsu


∗∗∗ Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-ubfHG75C


∗∗∗ Cisco Email Security Appliance and Cisco Secure Email and Web Manager Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8


∗∗∗ ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023 ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list