Tageszusammenfassung - 02.11.2022

End-of-Day report

Timeframe: Montag 31-10-2022 18:00 - Mittwoch 02-11-2022 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Sicherheitslücken: OpenSSL korrigiert Fehler im Zertifikatsparser

Zwei Buffer Overflows bei der Verarbeitung von Punycode können OpenSSL zum Absturz bringen - und möglicherweise Codeausführung ermöglichen.

https://www.golem.de/news/sicherheitsluecken-openssl-korrigiert-fehler-im-zertifikatsparser-2211-169402.html


Lenovo kündigt gegen Schadcode-Attacken abgesicherte BIOS-Versionen an

Der Computer-Hersteller Lenovo will mehrere BIOS-Lücken in verschiedenen Laptop-Modellen schließen. Einige Updates sind aber erst für Anfang 2023 angekündigt.

https://heise.de/-7327115


Eine Million Downloads: Bösartige Android-Apps leiten auf Phishing-Seiten

Ein App-Entwickler fällt wiederholt auf, verseuchte Apps in Google Play anzubieten. Die derzeitig problematischen Apps kommen auf über eine Million Downloads.

https://heise.de/-7327239


Ausweiskopien mit Wasserzeichen versehen

Zahlreiche Betrugsmaschen zielen auf eine Kopie Ihres Ausweises ab. Damit können Kriminelle sich bei anderen Betrugsmaschen als Sie ausgeben, in Ihrem Namen Verträge abschließen oder andere Straftaten begehen. Versenden Sie Ausweiskopien daher nur, wenn es unbedingt notwendig ist. Gibt es keine andere Möglichkeit, sollten Sie die Ausweiskopie mit einem Wasserzeichen versehen. Wir zeigen Ihnen, wie Sie unkompliziert ein Wasserzeichen erstellen.

https://www.watchlist-internet.at/news/ausweiskopien-mit-wasserzeichen-versehen-1/


Raspberry Robin Wurm transportiert Malware

Laut den Sicherheitsforschern von Microsoft verbreitet die bisher vor allem auf USB-Laufwerken bekannte Malware Raspberry Robin jetzt auch die Ransomware Clop.

https://www.zdnet.de/88404569/raspberry-robin-wurm-transportiert-malware/


Windows PowerShell-Backdoor entdeckt; gibt sich als Teil des Windows Update-Prozesses aus

Sicherheitsforscher von SafeBreach sind kürzlich auf eine bisher unbekannte PowerShell-Backdoor in Windows gestoßen. Diese verwendet ein bösasartiges Word-Dokument, um die PowerShell-Scripte einzuschleusen. Die Backdoor kann Active Directory-Benutzer und Remote-Desktops auflisten und soll vermutlich zu einem späteren Zeitpunkt zur Ausbreitung in [...]

https://www.borncity.com/blog/2022/11/01/windows-powershell-backdoor-als-teil-des-windows-update-prozesses-entdeckt/


Gregor Samsa: Exploiting Javas XML Signature Verification

Earlier this year, I discovered a surprising attack surface hidden deep inside Java-s standard library: A custom JIT compiler processing untrusted XSLT programs, exposed to remote attackers during XML signature verification. This post discusses CVE-2022-34169, an integer truncation bug in this JIT compiler resulting in arbitrary code execution in many Java-based web applications and identity providers that support the SAML single-sign-on standard.

https://googleprojectzero.blogspot.com/2022/11/gregor-samsa-exploiting-java-xml.html


Server-side attacks, C&C in public clouds and other MDR cases we observed

This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. We hope that it helps you to stay up to date on the modern threat landscape and to be better prepared for attacks.

https://securelist.com/server-side-attacks-cc-in-public-clouds-mdr-cases/107826/


SHA-3 code execution bug patched in PHP - check your version!

As everyone waits for news of a bug in OpenSSL, heres a reminder that other cryptographic code in your life may also need patching!

https://nakedsecurity.sophos.com/2022/11/01/sha-3-code-execution-bug-patched-in-php-check-your-version/


Ransomware: Not enough victims are reporting attacks, and thats a problem for everyone

The true impact of ransomware is unclear because some victims arent disclosing that theyve been attacked.

https://www.zdnet.com/article/ransomware-not-enough-victims-are-reporting-attacks-and-that-increases-the-threat-for-everyone/


A technical analysis of Pegasus for Android - Part 3

Pegasus is a spyware developed by the NSO group that was repeatedly analyzed by Amnesty International and CitizenLab. In this article, we dissect the Android version that was initially analyzed by Lookout in this paper, and we recommend reading it along with this post. During our research about Pegasus for Android, we-ve found out that vendors wrongly attributed [...]

https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/

Vulnerabilities

Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview) reported by Orca Security. Customers not using Jupyter Notebooks (99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks) were not susceptible to this vulnerability. The bug was introduced on August 12th and fully patched worldwide [...]

https://msrc-blog.microsoft.com/2022/11/01/microsoft-mitigates-vulnerability-in-jupyter-notebooks-for-azure-cosmos-db/


Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers.

https://thehackernews.com/2022/11/multiple-vulnerabilities-reported-in.html


Xcode 14.1

This document describes the security content of Xcode 14.1.

https://support.apple.com/kb/HT213496


Cisco Security Advisories 2022-11-02

Security Impact Rating: 4x High, 7x Medium

https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2022%2F11%2F02&firstPublishedEndDate=2022%2F11%2F02


Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022

On November 1, 2022, the OpenSSL Project announced the following vulnerabilities: CVE-2022-3602 - X.509 Email Address 4-byte Buffer Overflow CVE-2022-3786 - X.509 Email Address Variable Length Buffer Overflow For a description of these vulnerabilities, see OpenSSL Security Advisory [Nov 1 2022]. This advisory will be updated as additional information becomes available.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a


IBM Security Bulletins

AIX, IBM CICS TX Advanced, IBM CICS TX Standard, IBM Cloud Object Storage Systems, IBM Cloud Pak for Integration, IBM Cloud Pak for Security, IBM DataPower Gateway, IBM Elastic Storage System, IBM Event Streams, IBM FlashSystem, IBM FlashSystem models FS900 and V9000, IBM InfoSphere Information Server, IBM MQ, IBM QRadar SIEM, IBM SAN Volume Controller, IBM Security Guardium, IBM Security Verify Access, IBM Spectrum Virtualize, IBM Storwize, IBM Voice Gateway, IBM WebSphere Application Server, IBM WebSphere Application Server used by IBM Master Data Management, Platform Navigator and Automation Assets in IBM Cloud Pak for Integration, Power System, Zlib for IBM i

https://www.ibm.com/blogs/psirt/


An Update on the OpenSSL vulnerability CVE-2022-3602

November 1, 2022: IBM is responding to the reported buffer overflow vulnerability that the OpenSSL open-source community disclosed for OpenSSL versions 3.0.0 - 3.0.6. We are taking action as an enterprise, and for IBM products and services that may potentially be impacted, as we do for all vulnerabilities rated High.

https://www.ibm.com/blogs/psirt/ibm-preparing-to-respond-to-the-upcoming-openssl-vulnerability/


FortiGuard PSIRT Advisories 2022-11-01

AV Engine, FortiADC, FortiClient (MAC), FortiDeceptor, FortiEDR CollectorWindows, FortiMail, FortiManager/FortiAnalyzer, FortiOS, FortiSIEM, FortiSOAR, FortiTester

https://fortiguard.fortinet.com/psirt


Xen Security Advisories 2022-11-01

Xen released 10 Security Advisories.

https://xenbits.xen.org/xsa/


Bitdefender: Löschen von Registry-Keys durch Sicherheitslücke möglich

Eine Sicherheitslücke in den Virenscannern von Bitdefender ermöglicht Angreifern, Registry-Schlüssel zu löschen. Bitdefender verteilt Aktualisierungen dagegen.

https://heise.de/-7327061


Kritische Sicherheitslücke in IT-Managementsoftware von Hitachi geschlossen

Admins sollten die aktuellen Versionen von Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer und Hitachi Ops Center Viewpoint installieren.

https://heise.de/-7327825


Security updates for Monday

Security updates have been issued by Debian (batik, chromium, expat, libxml2, ncurses, openvswitch, pysha3, python-django, thunderbird, and tomcat9), Fedora (cacti, cacti-spine, curl, mbedtls, mingw-expat, and xen), Gentoo (apptainer, bind, chromium, exif, freerdp, gdal, gitea, hiredis, jackson-databind, jhead, libgcrypt, libksba, libtirpc, lighttpd, net-snmp, nicotine+, open-vm-tools, openexr, rpm, schroot, shadow, sofia-sip, tiff, and xorg-server), Mageia (libreoffice), Oracle (expat), Red [...]

https://lwn.net/Articles/913261/


Security updates for Tuesday

Security updates have been issued by Debian (python3.7), Gentoo (android-tools, expat, firefox, libjxl, libxml2, pjproject, sqlite, thunderbird, and zlib), Oracle (compat-expat1), Slackware (php8 and vim), SUSE (kernel, libtasn1, podman, and pyenv), and Ubuntu (libtasn1-6).

https://lwn.net/Articles/913352/


Security updates for Wednesday

Security updates have been issued by Debian (ffmpeg and linux-5.10), Fedora (libksba, openssl, and php), Gentoo (openssl), Mageia (curl, gdk-pixbuf2.0, libksba, nbd, php, and virglrenderer), Red Hat (kernel, kernel-rt, libksba, and openssl), SUSE (gnome-desktop, hdf5, hsqldb, kernel, nodejs10, openssl-3, php7, podofo, python-Flask-Security, python-lxml, and xorg-x11-server), and Ubuntu (backport-iwlwifi-dkms, firefox, ntfs-3g, and openssl).

https://lwn.net/Articles/913504/


Nov 3 2022 Security Releases

The Node.js project will release new versions of the 14.x, 16.x, 18.x, 19.xreleases lines on or shortly after Thursday, November 3, 2022 in order to address: One medium severity issues. Two high severity issues that affect OpenSSL as per secadv/20221101.txt These security releases are driven by the OpenSSL security release as announced in OpenSSL November Security Release as well as an additional vulnerability that affects all supported release lines.

https://nodejs.org/en/blog/vulnerability/november-2022-security-releases


Chromium: CVE-2022-3723 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3723


Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers

https://jvn.jp/en/jp/JVN46345126/


Security Advisory - Path Traversal Vulnerability in a Huawei Childrens Watch

http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20221102-01-d002dd8e-en


K44454157: Expat vulnerability CVE-2022-40674

https://support.f5.com/csp/article/K44454157


Citrix Hypervisor Security Bulletin for CVE-2022-42316, CVE-2022-42317 & CVE-2022-42318

https://support.citrix.com/article/CTX472851/citrix-hypervisor-security-bulletin-for-cve202242316-cve202242317-cve202242318


[R1] Nessus Agent Version 10.2.1 Fixes Multiple Vulnerabilities

https://www.tenable.com/security/tns-2022-22