[CERT-daily] Tageszusammenfassung - 16.02.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 15-02-2023 18:00 − Donnerstag 16-02-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Emsisoft says hackers are spoofing its certs to breach networks ∗∗∗
---------------------------------------------
​A hacker is using fake code-signing certificates impersonating cybersecurity firm Emsisoft to target customers using its security products, hoping to bypass their defenses.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emsisoft-says-hackers-are-spoofing-its-certs-to-breach-networks/


∗∗∗ Hackers backdoor Microsoft IIS servers with new Frebniis malware ∗∗∗
---------------------------------------------
Hackers are deploying a new malware named Frebniss on Microsofts Internet Information Services (IIS) that stealthily executes commands sent via web requests.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-backdoor-microsoft-iis-servers-with-new-frebniis-malware/


∗∗∗ „Fake Customer Trick“: Kriminelle ergaunern hochwertige Produkte ∗∗∗
---------------------------------------------
Der Name des Halbleiterherstellers Infineon wird derzeit für kriminelle Zwecke missbraucht: Per Mail geben sich Betrüger:innen als Infineon-Mitarbeiter Marcus Schlenker aus und bekunden Interesse an einer Großbestellung. Für die Empfänger:innen klingt das nach einem unkomplizierten und schnellen Geschäft. Doch tatsächlich landen die versendeten Produkte in den Händen von Kriminellen, auf die Bezahlung warten die Opfer vergeblich.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-customer-trick-kriminelle-ergaunern-hochwertige-produkte/


∗∗∗ Malware Reverse Engineering for Beginners – Part 2 ∗∗∗
---------------------------------------------
Often, malware targeting Windows will be packed and delivered as a second stage. There are different ways to “deliver” malware to the endpoint. This blog will cover key concepts and examples regarding how malware is packed, obfuscated, delivered, and executed on the endpoint. 
---------------------------------------------
https://www.intezer.com/blog/incident-response/malware-reverse-engineering-for-beginners-part-2/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patchday bei Intel: Angreifer könnten Server über Root-Lücke attackieren ∗∗∗
---------------------------------------------
Intel hat für verschiedene Firm- und Software wichtige Sicherheitsupdates veröffentlicht. In vielen Fällen könnten sich Angreifer höhere Rechte verschaffen.
---------------------------------------------
https://heise.de/-7517141


∗∗∗ Jetzt patchen! Entwickler des CMS Joomla warnen vor kritischer Sicherheitslücke ∗∗∗
---------------------------------------------
Es ist ein "sehr wichtiger" Sicherheitspatch für Joomla erscheinen.
---------------------------------------------
https://heise.de/-7517312


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr), Fedora (community-mysql, edk2, firefox, and git), Slackware (curl and git), SUSE (apache2-mod_security2, aws-efs-utils, bind, curl, git, ImageMagick, java-11-openjdk, java-17-openjdk, java-1_8_0-openjdk, kernel, libksba, and mozilla-nss), and Ubuntu (golang-golang-x-text, golang-x-text, linux-aws,  linux-intel-iotg, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux linux-ibm-5.4, linux-oracle-5.4, linux-gke, linux-gke-5.15, nss, and xorg-server, xorg-server-hwe-16.04).
---------------------------------------------
https://lwn.net/Articles/923503/


∗∗∗ Splunk Enterprise Updates Patch High-Severity Vulnerabilities ∗∗∗
---------------------------------------------
Splunk updates for Enterprise products resolve multiple high-severity vulnerabilities, including several in third-party packages.
---------------------------------------------
https://www.securityweek.com/splunk-enterprise-updates-patch-high-severity-vulnerabilities/


∗∗∗ Security Vulnerabilities fixed in Thunderbird 102.8 ∗∗∗
---------------------------------------------
CVE-2023-0616: User Interface lockup with messages combining S/MIME and OpenPGP
CVE-2023-25728: Content security policy leak in violation reports using iframes
CVE-2023-25730: Screen hijack via browser fullscreen mode
CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey
CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
CVE-2023-25738: Printing on Windows could potentially crash Thunderbird with some device drivers
CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8
...
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/


∗∗∗ MISP 2.4.168 released with bugs fixed, security fixes and major improvements in STIX support. ∗∗∗
---------------------------------------------
We are pleased to announce the immediate availability of MISP v2.4.168 with bugs fixed and various security fixes.
---------------------------------------------
https://github.com/MISP/MISP/releases/tag/v2.4.168


∗∗∗ ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023 ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN


∗∗∗ ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023 ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy


∗∗∗ WAGO: Exposure of configuration interface in unmanaged switches ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-055/


∗∗∗ IBM App Connect Enterprise is affected by a remote attacker due to the zip4j library [CVE-2023-22899] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6955913


∗∗∗ Multiple vulnerabilities in moment.js affect IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-31129, CVE-2022-24785) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6852667


∗∗∗ IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6850801


∗∗∗ WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6956223


∗∗∗ Intel Ethernet controllers as used in IBM QRadar SIEM are vulnerable to a denial of service (CVE-2021-0197, CVE-2021-0198, CVE-2021-0199, CVE-2021-0200) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6956287

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily