End-of-Day report
Timeframe: Freitag 07-10-2022 18:00 - Montag 10-10-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
News
Fake adult sites push data wipers disguised as ransomware
Malicious adult websites push fake ransomware which, in reality, acts as a wiper that quietly tries to delete almost all of the data on your device.
https://www.bleepingcomputer.com/news/security/fake-adult-sites-push-data-wipers-disguised-as-ransomware/
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
A correction was made to the string in step 6 and step 9 in the URL Rewrite rule mitigation Option 3. Steps 8, 9, and 10 have updated images.
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
That thing to help protect internet traffic from hijacking? Its broken
RPKI is supposed to verify network routes. Instead, heres how it could be subverted. An internet security mechanism called Resource Public Key Infrastructure (RPKI), intended to safeguard the routing of data traffic, is broken, according to security experts from Germanys ATHENE, the National Research Center for Applied Cybersecurity.
https://go.theregister.com/feed/www.theregister.com/2022/10/09/internet_traffic_routing_defense/
Groupware: Kritische Codeschmuggel-Lücke in Zimbra wird angegriffen
Eine Sicherheitslücke in der Groupware Zimbra erlaubt Angreifern, Schadcode einzuschleusen. Die Schwachstelle wird inzwischen angegriffen. Ein Workaround hilft.
https://heise.de/-7289104
Intel-CPU "Alder Lake": BIOS-Quellcode-Leak öffnet potenzielle Einfallstore
Rund 6 GByte BIOS-Daten für die CPU-Generation Core i-12000 sind Intel abhandengekommen. Darin enthalten ist Code für Sicherheitsmechanismen wie Boot Guard.
https://heise.de/-7289262
How to protect your Firefox saved passwords with a Primary Password
For better security, dont rely on browser syncing to manage your passwords. Heres a better way.
https://www.zdnet.com/article/how-to-protect-your-firefox-saved-passwords-with-a-primary-password/
Vulnerabilities
Kritische Sicherheitslücke in Fortinet Produkten - Updates verfügbar
Kritische Schwachstellen in Fortinet Produkten erlauben es Angreifenden, die Authentisierung zu umgehen und Aktionen mit Admin-Rechten auszuführen. CVE-Nummer(n): CVE-2022-40684 CVSS Base Score: 9.6.
https://cert.at/de/warnungen/2022/10/kritische-sicherheitslucken-in-fortinet-firewalls-updates-verfugbar
IBM Security Bulletins 2022-10-07 and 2022-10-08
IBM Partner Engagement Manager, IBM CICS TX Standard, IBM CICS TX Advanced, IBM Cloud, IBM Business Automation Workflow, IBM Security Verify Governance, IBM TXSeries, IBM Security Network Threat Analytics, IBM Security Verify Governance, IBM Jazz.
https://www.ibm.com/blogs/psirt/
Security updates for Monday
Security updates have been issued by Debian (knot-resolver and libpgjava), Fedora (booth, dotnet3.1, expat, nheko, php-twig, php-twig2, php-twig3, poppler, python-joblib, and seamonkey), Mageia (colord, dbus, enlightenment, kitty, libvncserver, php, python3, and unbound), Slackware (libksba), SUSE (cyrus-sasl, ImageMagick, and xmlgraphics-commons), and Ubuntu (nginx and thunderbird).
https://lwn.net/Articles/910724/
Critical Remote Code Execution Vulnerability Found in vm2 Sandbox Library
A critical vulnerability in vm2 may allow a remote attacker to escape the sandbox and execute arbitrary code on the host. A highly popular JavaScript sandbox library with more than 16 million monthly downloads, vm2 supports the execution of untrusted code synchronously in a single process.
https://www.securityweek.com/critical-remote-code-execution-vulnerability-found-vm2-sandbox-library
MISP 2.4.164 released with new tag relationship feature, improvements and a security fix
We are pleased to announce the immediate availability of MISP v2.4.164 with a new tag relationship features, many improvements and a security fix.
https://www.misp-project.org/2022/10/10/MISP.2.4.164.released.html/
Trend Micro Apex One: Mehrere Schwachstellen
Ein lokaler oder entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um seine Privilegien zu erhöhen und Sicherheitsmaßnahmen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1649
ZDI-22-1399: Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-1399/
ZDI-22-1398: Centreon Contact Group SQL Injection Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-1398/