End-of-Day report
Timeframe: Donnerstag 03-11-2022 18:00 - Freitag 04-11-2022 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
WLAN-Sicherheitslücke: Für Spezialdrohnen sind Wände wie Glas
Kanadische Forscher haben eine Funktion entdeckt, die es Angreifern ermöglicht, durch Wände zu sehen - trotz Passwortschutz.
https://www.golem.de/news/wlan-sicherheitsluecke-fuer-eine-spezialdrohne-sind-massive-waende-wie-glas-2211-169475.html
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain
Note: The three vulnerabilities discussed in this blog were all fixed in Samsung-s March 2021 release. They were fixed as CVE-2021-25337, CVE-2021-25369, CVE-2021-25370. To ensure your Samsung device is up-to-date under settings you can check that your device is running SMR Mar-2021 or later. As defenders, in-the-wild exploit samples give us important insight into what attackers are really doing. We get the -ground truth- data about the vulnerabilities and exploit techniques they-re using, which then informs our further research and guidance to security teams on what could have the biggest impact or return on investment. To do this, we need to know that the vulnerabilities and exploit samples were found in-the-wild.
https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html
What Is Cross-Origin Resource Sharing (CORS)?
Thanks to the rapid growth of JavaScript frameworks like Angular, React, and Vue, Cross-Origin Resource Sharing (CORS) has become a popular word in the developer-s vocabulary - and for good reason. It-s common practice for modern web applications to load resources from multiple domains. But accessing these website resources from different origins requires a thorough understanding of CORS. In this post, we-ll take a look at what CORS is and why proper implementation is an important component of building secure websites and applications. We-ll also examine some common examples of how to use CORS, dive into preflight requests, and discuss how to protect your website against attacks.
https://blog.sucuri.net/2022/11/what-is-cross-origin-resource-sharing-cors.html
Multi-factor auth fatigue is real - and its why you may be in the headlines next
Overwhelmed by waves of push notifications, worn-down users inadvertently let the bad guys in
Analysis
The September cyberattack on ride-hailing service Uber began when a criminal bought the stolen credentials of a company contractor on the dark web.
https://go.theregister.com/feed/www.theregister.com/2022/11/03/mfa_fatigue_enterprise_threat/
Inside the V1 Raccoon Stealer-s Den
Team Cymru-s S2 Research Team has blogged previously on the initial Raccoon stealer command and control methodology (Raccoon Stealer - An Insight into Victim -Gates-), which utilized -gate- IP addresses to proxy victim traffic / data to static threat actor-controlled infrastructure. Since the publication of our previous blog, the following timeline of events has occurred: [...]
https://www.team-cymru.com/post/inside-the-v1-raccoon-stealer-s-den
Cisco-Sicherheitsupdates: Angreifer könnten durch Lücken in Netzwerke eindringen
Die Softwareentwickler von Cisco haben unter anderem in Identity Services Engine und Email Security Appliance Schwachstellen geschlossen.
https://heise.de/-7329978
UK-Cybersicherheitsbehörde startet landesweites Schwachstellen-Scanning
Die IT-Sicherheitsbehörde des Vereinigten Königreichs startet einen Schwachstellen-Scanner-Dienst. Der untersucht alle Systeme des Landes auf Sicherheitslücken.
https://heise.de/-7330532
Apple Rolls Out Xcode Update Patching Git Vulnerabilities
Apple this week announced a security update for the Xcode macOS development environment, to resolve three Git vulnerabilities, including one leading to arbitrary code execution.
https://www.securityweek.com/apple-rolls-out-xcode-update-patching-git-vulnerabilities
Vulnerabilities
IBM Security Bulletins 2022-11-03
IBM App Connect Enterprise Certified Container, IBM InfoSphere Information server, IBM Operations Analytics - Log Analysis, IBM Security Verify Governance, IBM WebSphere Application Server Liberty
https://www.ibm.com/blogs/psirt/
Patchday: Big-Data-Spezialist Splunk dichtet zwölf Schwachstellen ab
Der Big-Data-Experte Splunk aktualisiert die gleichnamige Software Splunk Enterprise und Cloud. Nach den Updates klaffen darin zwölf Schwachstellen weniger.
https://heise.de/-7329933
Security updates for Thursday
Security updates have been issued by Debian (pypy3), Fedora (drupal7, git, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and php), Oracle (kernel, lua, openssl, pcs, php-pear, pki-core, python3.9, and zlib), Red Hat (kernel, kernel-rt, kpatch-patch, lua, openssl-container, pcs, php-pear, pki-core, python3.9, and zlib), Scientific Linux (kernel, pcs, and php-pear), SUSE (EternalTerminal, hsqldb, ntfs-3g_ntfsprogs, privoxy, rubygem-actionview-4_2, sqlite3, and xorg-x11-server), and Ubuntu [...]
https://lwn.net/Articles/913771/
Security updates for Friday
Security updates have been issued by Debian (clickhouse, distro-info-data, and ntfs-3g), Fedora (firefox), Oracle (kernel), Slackware (mozilla), and SUSE (python-Flask-Security-Too).
https://lwn.net/Articles/913849/
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2022-32888 Versions affected: WebKitGTK and WPE WebKit before 2.38.0. Credit to P1umer (@p1umer). Impact: Processing maliciously crafted web content may lead toarbitrary code execution.
https://webkitgtk.org/security/WSA-2022-0010.html
CVE Report Published for Spring Tools
We have released STS 4.16.1 for Eclipse and Spring VSCode extensions 1.40.0 to address the following CVE report: - CVE-2022-31691: Remote Code Execution via YAML editors in STS4 extensions for Eclipse and VSCode
Please review the information in the CVE report and upgrade immediately.
https://spring.io/blog/2022/11/03/cve-report-published-for-spring-tools