[CERT-daily] Tageszusammenfassung - 23.01.2023

Daily end-of-shift report team at cert.at
Mon Jan 23 18:48:28 CET 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 20-01-2023 18:00 − Montag 23-01-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Anmeldung bei ManageEngine ServiceDesk Plus MSP mit beliebigem Passwort möglich ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für die Helpdesk-Software ManageEngine ServiceDesk Plus MSP von Zoho.
---------------------------------------------
https://heise.de/-7467650


∗∗∗ "Cyberkriminelle" verschaffen sich Zugang zu Sky-Kundenkonten ∗∗∗
---------------------------------------------
Der Pay-TV-Anbieter Sky bestätigt, dass sich bösartige Akteure Zugriff zu Kundenkonten verschafft haben. Details gibt es noch nicht, der Schaden ist unklar.
---------------------------------------------
https://heise.de/-7468078


∗∗∗ Vorsicht vor Betrug bei der Wohnungssuche im Ausland ∗∗∗
---------------------------------------------
Sie planen ein Auslandssemester oder suchen für einen befristeten Zeitraum eine Wohnung oder ein WG-Zimmer? Nehmen Sie sich vor günstigen Traumwohnungen in Acht! Dahinter könnte eine Betrugsmasche stecken. Finger weg, wenn Sie ohne Besichtigung eine Zahlung leisten müssen, die angeblich von TripAdvisor, Airbnb oder Booking.com verwaltet wird. Sie verlieren Ihr Geld und stehen ohne Wohnung da.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-der-wohnungssuche-fuer-ihr-auslandssemester/


∗∗∗ Massive ad-fraud op dismantled after hitting millions of iOS devices ∗∗∗
---------------------------------------------
A massive ad fraud operation dubbed Vastflux that spoofed more than 1,700 applications from 120 publishers, mostly for iOS, has been disrupted by security researchers at cybersecurity company HUMAN.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/massive-ad-fraud-op-dismantled-after-hitting-millions-of-ios-devices/


∗∗∗ Whos Resolving This Domain?, (Mon, Jan 23rd) ∗∗∗
---------------------------------------------
Challenge of the day: To find the process that resolved a specific domain. And this is not always easy!
---------------------------------------------
https://isc.sans.edu/diary/rss/29462


∗∗∗ Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks ∗∗∗
---------------------------------------------
The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week.
---------------------------------------------
https://thehackernews.com/2023/01/threat-actors-turn-to-sliver-as-open.html


∗∗∗ ShareFinder: How Threat Actors Discover File Shares ∗∗∗
---------------------------------------------
Many of our reports focus on adversarial Tactics, Techniques, and Procedures (TTPs) along with the tools associated with them. After gaining a foothold in an environment, one challenge for all [...]
---------------------------------------------
https://thedfirreport.com/2023/01/23/sharefinder-how-threat-actors-discover-file-shares/


∗∗∗ Activation Context Cache Poisoning: Exploiting CSRSS for Privilege Escalation ∗∗∗
---------------------------------------------
Starting in July of 2022, the Windows CSRSS process entered the consciousness of the infosec community as the source of several local privilege escalation vulnerabilities in Microsoft Windows. The first public information appeared on July 12 with the release of the patch for CVE-2022-22047, which was being actively exploited. Shortly thereafter, Microsoft published an article providing some technical details [...]
---------------------------------------------
https://www.thezdi.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation


∗∗∗ Inglourious Drivers - A Journey of Finding Vulnerabilities in Drivers ∗∗∗
---------------------------------------------
TL;DR I discovered multiple bugs in OEM vendors for peripheral devices, which affected many users of these OEM vendors (Razer, EVGA, MSI, AMI). Many of the vulnerabilities originated in a [...]
---------------------------------------------
https://www.cyberark.com/resources/threat-research-blog/inglourious-drivers-a-journey-of-finding-vulnerabilities-in-drivers



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Unter Attacke: Sicherheitsleck in GTA V ermöglicht Codeschmuggel ∗∗∗
---------------------------------------------
Angreifer missbrauchen eine Sicherheitslücke im Spiel GTA V, um die Statistiken von Opfern zu verändern. Sie könnten jedoch Schadcode unterzuschieben.
---------------------------------------------
https://heise.de/-7467685


∗∗∗ Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347) ∗∗∗
---------------------------------------------
U-Boot is a popular and feature-rich bootloader for embedded systems. It includes optional support for the USB Device Firmware Update (DFU) protocol, which can be used by devices to download new firmware, or upload their current firmware. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and [...]
---------------------------------------------
https://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (powerline-gitstatus, tiff, and trafficserver), Fedora (dotnet6.0, firefox, git, kernel, libXpm, rust, sudo, upx, and yarnpkg), Mageia (kernel and kernel-linus), Red Hat (firefox, java-11-openjdk, and sudo), Slackware (mozilla and seamonkey), SUSE (cacti, cacti-spine, samba, and tor), and Ubuntu (firefox, php7.2, php7.4, php8.1, and python-setuptools, setuptools).
---------------------------------------------
https://lwn.net/Articles/920829/


∗∗∗ A CVE-2022-21626 vulnerability in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6856759


∗∗∗ Multiple vulnerability affect IBM Business Automation Workflow - CVE-2022-42003, CVE-2022-42004 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6856761

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list