End-of-Day report
Timeframe: Montag 07-11-2022 18:00 - Dienstag 08-11-2022 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
How to mimic Kerberos protocol transition using reflective RBCD
We know that a delegation is dangerous if an account allows delegating third-party user authentication to a privileged resource. In the case of constrained delegation, all it takes is to find a privileged account in one of the SPN (Service Principal Name) set in the msDS-AllowedToDelegateTo attribute of a compromised service account.
https://medium.com/tenable-techblog/how-to-mimic-kerberos-protocol-transition-using-reflective-rbcd-a4984bb7c4cb
Azov-Malware zerstört Dateien in 666-Byte-Schritten
Der Windows-Schädling Azov ist ein Wiper und vernichtet Dateien unwiderruflich. Sicherheitsforscher beobachten ein erhöhtes Aufkommen.
https://heise.de/-7333231
Open Bug Bounty: Eine Million Sicherheitslücken im Web behoben
Eine offene Plattform für das Offenlegen von Sicherheitslücken im Web hat einen Meilenstein erreicht. Open Bug Bounty verzeichnet über 1,3 Mio. Entdeckungen.
https://heise.de/-7333872
Achtung Fake-Shop: marktstores.com gibt sich als Media Markt aus
Die Playstation 5 ist momentan überall ausverkauft. Vorsicht, wenn Sie im Internet dennoch einen Anbieter finden, der sie angeblich liefern kann. Dieser könnte sich als Fake-Shop herausstellen.
https://www.watchlist-internet.at/news/achtung-fake-shop-marktstorescom-gibt-sich-als-media-markt-aus/
LockBit 3.0 Being Distributed via Amadey Bot
The ASEC analysis team has confirmed that attackers are using Amadey Bot to install LockBit. Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker.
https://asec.ahnlab.com/en/41450/
Prepare, respond & recover: Battling complex Cybersecurity threats with fundamentals
The cybersecurity industry has seen a lot of recent trends. For example, the proliferation of multifactor authentication (MFA) to fight against credential harvesting is a common thread.
https://cybersecurity.att.com/blogs/security-essentials/prepare-respond-recover-battling-complex-cybersecurity-threats-with-fundamentals
Cracking 2.3M Attackers-Supplied Credentials: What Can We Learn from RDP Attacks
To study credentials attacks on RDP, we operate high-interaction honeypots on the Internet. We analyzed over 2.3 million connections that supplied hashed credentials and attempted to crack them.
https://www.gosecure.net/blog/2022/11/08/cracking-2-3m-attackers-supplied-credentials-what-can-we-learn-from-rdp-attacks/
DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework
This report provides defenders and security operations center teams with the technical details they need to know should they encounter the DeimosC2 C&C framework.
https://www.trendmicro.com/en_us/research/22/k/deimosc2-what-soc-analysts-and-incident-responders-need-to-know.html
Vulnerabilities
IBM Security Bulletins 2022-11-07
IBM Tivoli Monitoring, IBM App Connect Enterprise Certified Container, IBM Operations Analytics - Log Analysis
https://www.ibm.com/blogs/psirt/
Siemens Security Advisories 2022-11-08
Siemens released 9 new and 8 updated Advisories. (CVSS Scores 5.3-9.9)
https://new.siemens.com/global/en/products/services/cert.html?d=2022-11#SecurityPublications
Patchday: Angreifer könnten Android-Geräte über Attacken lahmlegen
Google hat wichtige Sicherheitsupdates für Android 10 bis 13 veröffentlicht. Einige andere Hersteller bieten ebenfalls Patches an.
https://heise.de/-7333334
Security updates for Tuesday
Security updates have been issued by Debian (pixman and sudo), Fedora (mingw-binutils and mingw-gdb), Red Hat (bind, bind9.16, container-tools:3.0, container-tools:4.0, container-tools:rhel8, dnsmasq, dotnet7.0, dovecot, e2fsprogs, flatpak-builder, freetype, fribidi, gdisk, grafana, grafana-pcp, gstreamer1-plugins-good, httpd:2.4, kernel, kernel-rt, libldb, libreoffice, libtiff, libxml2, mingw-expat, mingw-zlib, mutt, nodejs:14, nodejs:18, openblas, openjpeg2, osbuild, pcs, php:7.4, php:8.0, [...]
https://lwn.net/Articles/914119/
ICS Patch Tuesday: Siemens Addresses Critical Vulnerabilities
Siemens and Schneider Electric have released their Patch Tuesday advisories for November 2022. Siemens has released nine new security advisories covering a total of 30 vulnerabilities, but Schneider has only published one new advisory.
https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-critical-vulnerabilities
Varnish HTTP/2 Request Forgery
https://docs.varnish-software.com/security/VSV00011/
Open Source Varnish Request Smuggling
https://docs.varnish-software.com/security/VSV00010/
PHOENIX CONTACT: Automationworx BCP File Parsing Vulnerabilities
https://cert.vde.com/de/advisories/VDE-2022-048/
Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516
https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516
McAfee Total Protection: Update fixt Schwachstelle CVE-2022-43751
https://www.borncity.com/blog/2022/11/08/mcafee-total-protection-update-fixt-schwachstelle-cve-2022-43751/