End-of-Day report
Timeframe: Montag 31-10-2022 18:00 - Mittwoch 02-11-2022 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Sicherheitslücken: OpenSSL korrigiert Fehler im Zertifikatsparser
Zwei Buffer Overflows bei der Verarbeitung von Punycode können OpenSSL zum Absturz bringen - und möglicherweise Codeausführung ermöglichen.
https://www.golem.de/news/sicherheitsluecken-openssl-korrigiert-fehler-im-zertifikatsparser-2211-169402.html
Lenovo kündigt gegen Schadcode-Attacken abgesicherte BIOS-Versionen an
Der Computer-Hersteller Lenovo will mehrere BIOS-Lücken in verschiedenen Laptop-Modellen schließen. Einige Updates sind aber erst für Anfang 2023 angekündigt.
https://heise.de/-7327115
Eine Million Downloads: Bösartige Android-Apps leiten auf Phishing-Seiten
Ein App-Entwickler fällt wiederholt auf, verseuchte Apps in Google Play anzubieten. Die derzeitig problematischen Apps kommen auf über eine Million Downloads.
https://heise.de/-7327239
Ausweiskopien mit Wasserzeichen versehen
Zahlreiche Betrugsmaschen zielen auf eine Kopie Ihres Ausweises ab. Damit können Kriminelle sich bei anderen Betrugsmaschen als Sie ausgeben, in Ihrem Namen Verträge abschließen oder andere Straftaten begehen. Versenden Sie Ausweiskopien daher nur, wenn es unbedingt notwendig ist. Gibt es keine andere Möglichkeit, sollten Sie die Ausweiskopie mit einem Wasserzeichen versehen. Wir zeigen Ihnen, wie Sie unkompliziert ein Wasserzeichen erstellen.
https://www.watchlist-internet.at/news/ausweiskopien-mit-wasserzeichen-versehen-1/
Raspberry Robin Wurm transportiert Malware
Laut den Sicherheitsforschern von Microsoft verbreitet die bisher vor allem auf USB-Laufwerken bekannte Malware Raspberry Robin jetzt auch die Ransomware Clop.
https://www.zdnet.de/88404569/raspberry-robin-wurm-transportiert-malware/
Windows PowerShell-Backdoor entdeckt; gibt sich als Teil des Windows Update-Prozesses aus
Sicherheitsforscher von SafeBreach sind kürzlich auf eine bisher unbekannte PowerShell-Backdoor in Windows gestoßen. Diese verwendet ein bösasartiges Word-Dokument, um die PowerShell-Scripte einzuschleusen. Die Backdoor kann Active Directory-Benutzer und Remote-Desktops auflisten und soll vermutlich zu einem späteren Zeitpunkt zur Ausbreitung in [...]
https://www.borncity.com/blog/2022/11/01/windows-powershell-backdoor-als-teil-des-windows-update-prozesses-entdeckt/
Gregor Samsa: Exploiting Javas XML Signature Verification
Earlier this year, I discovered a surprising attack surface hidden deep inside Java-s standard library: A custom JIT compiler processing untrusted XSLT programs, exposed to remote attackers during XML signature verification. This post discusses CVE-2022-34169, an integer truncation bug in this JIT compiler resulting in arbitrary code execution in many Java-based web applications and identity providers that support the SAML single-sign-on standard.
https://googleprojectzero.blogspot.com/2022/11/gregor-samsa-exploiting-java-xml.html
Server-side attacks, C&C in public clouds and other MDR cases we observed
This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. We hope that it helps you to stay up to date on the modern threat landscape and to be better prepared for attacks.
https://securelist.com/server-side-attacks-cc-in-public-clouds-mdr-cases/107826/
SHA-3 code execution bug patched in PHP - check your version!
As everyone waits for news of a bug in OpenSSL, heres a reminder that other cryptographic code in your life may also need patching!
https://nakedsecurity.sophos.com/2022/11/01/sha-3-code-execution-bug-patched-in-php-check-your-version/
Ransomware: Not enough victims are reporting attacks, and thats a problem for everyone
The true impact of ransomware is unclear because some victims arent disclosing that theyve been attacked.
https://www.zdnet.com/article/ransomware-not-enough-victims-are-reporting-attacks-and-that-increases-the-threat-for-everyone/
A technical analysis of Pegasus for Android - Part 3
Pegasus is a spyware developed by the NSO group that was repeatedly analyzed by Amnesty International and CitizenLab. In this article, we dissect the Android version that was initially analyzed by Lookout in this paper, and we recommend reading it along with this post. During our research about Pegasus for Android, we-ve found out that vendors wrongly attributed [...]
https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
Vulnerabilities
Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB
Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview) reported by Orca Security. Customers not using Jupyter Notebooks (99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks) were not susceptible to this vulnerability. The bug was introduced on August 12th and fully patched worldwide [...]
https://msrc-blog.microsoft.com/2022/11/01/microsoft-mitigates-vulnerability-in-jupyter-notebooks-for-azure-cosmos-db/
Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers.
https://thehackernews.com/2022/11/multiple-vulnerabilities-reported-in.html
Xcode 14.1
This document describes the security content of Xcode 14.1.
https://support.apple.com/kb/HT213496
Cisco Security Advisories 2022-11-02
Security Impact Rating: 4x High, 7x Medium
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2022%2F11%2F02&firstPublishedEndDate=2022%2F11%2F02
Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
On November 1, 2022, the OpenSSL Project announced the following vulnerabilities: CVE-2022-3602 - X.509 Email Address 4-byte Buffer Overflow CVE-2022-3786 - X.509 Email Address Variable Length Buffer Overflow For a description of these vulnerabilities, see OpenSSL Security Advisory [Nov 1 2022]. This advisory will be updated as additional information becomes available.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a
IBM Security Bulletins
AIX, IBM CICS TX Advanced, IBM CICS TX Standard, IBM Cloud Object Storage Systems, IBM Cloud Pak for Integration, IBM Cloud Pak for Security, IBM DataPower Gateway, IBM Elastic Storage System, IBM Event Streams, IBM FlashSystem, IBM FlashSystem models FS900 and V9000, IBM InfoSphere Information Server, IBM MQ, IBM QRadar SIEM, IBM SAN Volume Controller, IBM Security Guardium, IBM Security Verify Access, IBM Spectrum Virtualize, IBM Storwize, IBM Voice Gateway, IBM WebSphere Application Server, IBM WebSphere Application Server used by IBM Master Data Management, Platform Navigator and Automation Assets in IBM Cloud Pak for Integration, Power System, Zlib for IBM i
https://www.ibm.com/blogs/psirt/
An Update on the OpenSSL vulnerability CVE-2022-3602
November 1, 2022: IBM is responding to the reported buffer overflow vulnerability that the OpenSSL open-source community disclosed for OpenSSL versions 3.0.0 - 3.0.6. We are taking action as an enterprise, and for IBM products and services that may potentially be impacted, as we do for all vulnerabilities rated High.
https://www.ibm.com/blogs/psirt/ibm-preparing-to-respond-to-the-upcoming-openssl-vulnerability/
FortiGuard PSIRT Advisories 2022-11-01
AV Engine, FortiADC, FortiClient (MAC), FortiDeceptor, FortiEDR CollectorWindows, FortiMail, FortiManager/FortiAnalyzer, FortiOS, FortiSIEM, FortiSOAR, FortiTester
https://fortiguard.fortinet.com/psirt
Xen Security Advisories 2022-11-01
Xen released 10 Security Advisories.
https://xenbits.xen.org/xsa/
Bitdefender: Löschen von Registry-Keys durch Sicherheitslücke möglich
Eine Sicherheitslücke in den Virenscannern von Bitdefender ermöglicht Angreifern, Registry-Schlüssel zu löschen. Bitdefender verteilt Aktualisierungen dagegen.
https://heise.de/-7327061
Kritische Sicherheitslücke in IT-Managementsoftware von Hitachi geschlossen
Admins sollten die aktuellen Versionen von Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer und Hitachi Ops Center Viewpoint installieren.
https://heise.de/-7327825
Security updates for Monday
Security updates have been issued by Debian (batik, chromium, expat, libxml2, ncurses, openvswitch, pysha3, python-django, thunderbird, and tomcat9), Fedora (cacti, cacti-spine, curl, mbedtls, mingw-expat, and xen), Gentoo (apptainer, bind, chromium, exif, freerdp, gdal, gitea, hiredis, jackson-databind, jhead, libgcrypt, libksba, libtirpc, lighttpd, net-snmp, nicotine+, open-vm-tools, openexr, rpm, schroot, shadow, sofia-sip, tiff, and xorg-server), Mageia (libreoffice), Oracle (expat), Red [...]
https://lwn.net/Articles/913261/
Security updates for Tuesday
Security updates have been issued by Debian (python3.7), Gentoo (android-tools, expat, firefox, libjxl, libxml2, pjproject, sqlite, thunderbird, and zlib), Oracle (compat-expat1), Slackware (php8 and vim), SUSE (kernel, libtasn1, podman, and pyenv), and Ubuntu (libtasn1-6).
https://lwn.net/Articles/913352/
Security updates for Wednesday
Security updates have been issued by Debian (ffmpeg and linux-5.10), Fedora (libksba, openssl, and php), Gentoo (openssl), Mageia (curl, gdk-pixbuf2.0, libksba, nbd, php, and virglrenderer), Red Hat (kernel, kernel-rt, libksba, and openssl), SUSE (gnome-desktop, hdf5, hsqldb, kernel, nodejs10, openssl-3, php7, podofo, python-Flask-Security, python-lxml, and xorg-x11-server), and Ubuntu (backport-iwlwifi-dkms, firefox, ntfs-3g, and openssl).
https://lwn.net/Articles/913504/
Nov 3 2022 Security Releases
The Node.js project will release new versions of the 14.x, 16.x, 18.x, 19.xreleases lines on or shortly after Thursday, November 3, 2022 in order to address: One medium severity issues. Two high severity issues that affect OpenSSL as per secadv/20221101.txt These security releases are driven by the OpenSSL security release as announced in OpenSSL November Security Release as well as an additional vulnerability that affects all supported release lines.
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases
Chromium: CVE-2022-3723 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3723
Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers
https://jvn.jp/en/jp/JVN46345126/
Security Advisory - Path Traversal Vulnerability in a Huawei Childrens Watch
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20221102-01-d002dd8e-en
K44454157: Expat vulnerability CVE-2022-40674
https://support.f5.com/csp/article/K44454157
Citrix Hypervisor Security Bulletin for CVE-2022-42316, CVE-2022-42317 & CVE-2022-42318
https://support.citrix.com/article/CTX472851/citrix-hypervisor-security-bulletin-for-cve202242316-cve202242317-cve202242318
[R1] Nessus Agent Version 10.2.1 Fixes Multiple Vulnerabilities
https://www.tenable.com/security/tns-2022-22