Tageszusammenfassung - 13.10.2022

End-of-Day report

Timeframe: Mittwoch 12-10-2022 18:00 - Donnerstag 13-10-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a


New Alchimist attack framework targets Windows, macOS, Linux

Cybersecurity researchers have discovered a new attack and C2 framework called Alchimist, which appears to be actively used in attacks targeting Windows, Linux, and macOS systems.


SiteCheck Malware Trends Report - Q3 2022

Our free SiteCheck remote website scanner provides immediate insights about malware infections, blocklisting, website anomalies, and errors for millions of webmasters every month. Best of all, conducting a remote website scan is one of the easiest ways to identify security issues.


Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers

Core to the attacks has been the use of implants coined CreepyDrive and CreepyBox for their ability to exfiltrate sensitive data to actor-controlled OneDrive and Dropbox accounts. Also deployed is a PowerShell backdoor dubbed CreepySnail.


VPN-Problem: Apple-Apps leaken Daten unter iOS

Der iPhone-VPN-Dienst scheint noch immer nicht sauber zu laufen. Ein Sicherheitsforscher warnt vor Leaks insbesondere aus Apple-eigenen Apps.


Top 5 ransomware detection techniques: Pros and cons of each

In the fight against ransomware, much of the discussion revolves around prevention and response. Actually detecting the ransomware, however, is just as important to securing your business. To understand why, just consider the following example.


MS Enterprise app management service RCE. CVE-2022-35841

TL;DR A remote command execution and local privilege escalation vulnerability has been fixed by Microsoft as part of September-s patch Tuesday. The vulnerability, filed under CVE-2022-35841, affects the Enterprise App Management Service which handles the installation of enterprise applications deployed via MDM.


Some Vulnerabilities Don-t Have a Name

There is a common assumption that all open source vulnerabilities hold a CVE. Still, others believe that the National Vulnerability Database (NVD) has the final word when deciding what is a vulnerability and what is not. However, can a vulnerability exist that isn-t tracked by a CVE, or is not in the NVD?



Sicherheitsupdates: Kritische Lücken in WAN-Managementsystem von Aruba

Zwei kritische Schwachstellen in Aruba EdgeConnect Orchestrator gefährden Netzwerke.


CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.


Juniper Security Bulletins 2022-10-12

Juniper has released 37 security advisories.


Schwachstelle in JavaScript-Sandbox vm2 erlaubt Ausbruch aus der Isolation

Wer eine Version kleiner 3.9.11 von vm2 verwendet, sollte die Sandbox aktualisieren, da eine Schwachstelle das Ausführen von Remote-Code auf dem Host erlaubt.


Groupware Zimbra: Updates stopfen mehrere Sicherheitslecks

In der Groupware Zimbra beheben die Entwickler mehrere sicherheitsrelevante Fehler. Angreifer könnten die Instanz kompromittieren oder ihre Rechte ausweiten.


Security updates for Thursday

Security updates have been issued by Debian (libreoffice, rexical, ruby-nokogiri, and squid), Fedora (wavpack), Red Hat (expat), SUSE (gdcm, orthanc, orthanc-gdcm, orthanc-webviewer and rubygem-puma), and Ubuntu (GMP and unzip).


Trellix ePolicy Orchestrator: Mehrere Schwachstellen

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trellix ePolicy Orchestrator ausnutzen, um Dateien zu manipulieren oder einen Cross-Site-Scripting-Angriff durchzuführen.


Vulnerability Spotlight: Multiple issues in Robustel R1510 cellular router could lead to code execution, denial of service

Cisco Talos recently discovered nine vulnerabilities in the Robustel R1510 industrial cellular router, several of which could allow an adversary to inject operating system code remotely.


Sonicwall: GMS File Path Manipulation

An unauthenticated attacker can gain access to web directory containing applications binaries and configuration files through file path manipulation vulnerability.


Drupal: Twig Field Value - Moderately critical - Access bypass - SA-CONTRIB-2022-058


Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104)


Security Bulletin: Hortonworks DataFlow product has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities [CVE-2021-44228], [CVE-2021-45105], and [CVE-2021-45046]


Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-44832)


Security Bulletin: Vulnerabilities in Java affect IBM WIoTP MessageGateway (CVE-2021-213)


Dell BIOS: Mehrere Schwachstellen


Grafana: Mehrere Schwachstellen


Mitel MiVoice Connect: Mehrere Schwachstellen ermöglichen Codeausführung


Pulse Secure SA45520 - CVEs (CVE-2022-35254,CVE-2022-35258) may lead to DoS attack