Tageszusammenfassung - 08.11.2022

End-of-Day report

Timeframe: Montag 07-11-2022 18:00 - Dienstag 08-11-2022 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer

News

How to mimic Kerberos protocol transition using reflective RBCD

We know that a delegation is dangerous if an account allows delegating third-party user authentication to a privileged resource. In the case of constrained delegation, all it takes is to find a privileged account in one of the SPN (Service Principal Name) set in the msDS-AllowedToDelegateTo attribute of a compromised service account.

https://medium.com/tenable-techblog/how-to-mimic-kerberos-protocol-transition-using-reflective-rbcd-a4984bb7c4cb


Azov-Malware zerstört Dateien in 666-Byte-Schritten

Der Windows-Schädling Azov ist ein Wiper und vernichtet Dateien unwiderruflich. Sicherheitsforscher beobachten ein erhöhtes Aufkommen.

https://heise.de/-7333231


Open Bug Bounty: Eine Million Sicherheitslücken im Web behoben

Eine offene Plattform für das Offenlegen von Sicherheitslücken im Web hat einen Meilenstein erreicht. Open Bug Bounty verzeichnet über 1,3 Mio. Entdeckungen.

https://heise.de/-7333872


Achtung Fake-Shop: marktstores.com gibt sich als Media Markt aus

Die Playstation 5 ist momentan überall ausverkauft. Vorsicht, wenn Sie im Internet dennoch einen Anbieter finden, der sie angeblich liefern kann. Dieser könnte sich als Fake-Shop herausstellen.

https://www.watchlist-internet.at/news/achtung-fake-shop-marktstorescom-gibt-sich-als-media-markt-aus/


LockBit 3.0 Being Distributed via Amadey Bot

The ASEC analysis team has confirmed that attackers are using Amadey Bot to install LockBit. Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker.

https://asec.ahnlab.com/en/41450/


Prepare, respond & recover: Battling complex Cybersecurity threats with fundamentals

The cybersecurity industry has seen a lot of recent trends. For example, the proliferation of multifactor authentication (MFA) to fight against credential harvesting is a common thread.

https://cybersecurity.att.com/blogs/security-essentials/prepare-respond-recover-battling-complex-cybersecurity-threats-with-fundamentals


Cracking 2.3M Attackers-Supplied Credentials: What Can We Learn from RDP Attacks

To study credentials attacks on RDP, we operate high-interaction honeypots on the Internet. We analyzed over 2.3 million connections that supplied hashed credentials and attempted to crack them.

https://www.gosecure.net/blog/2022/11/08/cracking-2-3m-attackers-supplied-credentials-what-can-we-learn-from-rdp-attacks/


DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

This report provides defenders and security operations center teams with the technical details they need to know should they encounter the DeimosC2 C&C framework.

https://www.trendmicro.com/en_us/research/22/k/deimosc2-what-soc-analysts-and-incident-responders-need-to-know.html

Vulnerabilities

IBM Security Bulletins 2022-11-07

IBM Tivoli Monitoring, IBM App Connect Enterprise Certified Container, IBM Operations Analytics - Log Analysis

https://www.ibm.com/blogs/psirt/


Siemens Security Advisories 2022-11-08

Siemens released 9 new and 8 updated Advisories. (CVSS Scores 5.3-9.9)

https://new.siemens.com/global/en/products/services/cert.html?d=2022-11#SecurityPublications


Patchday: Angreifer könnten Android-Geräte über Attacken lahmlegen

Google hat wichtige Sicherheitsupdates für Android 10 bis 13 veröffentlicht. Einige andere Hersteller bieten ebenfalls Patches an.

https://heise.de/-7333334


Security updates for Tuesday

Security updates have been issued by Debian (pixman and sudo), Fedora (mingw-binutils and mingw-gdb), Red Hat (bind, bind9.16, container-tools:3.0, container-tools:4.0, container-tools:rhel8, dnsmasq, dotnet7.0, dovecot, e2fsprogs, flatpak-builder, freetype, fribidi, gdisk, grafana, grafana-pcp, gstreamer1-plugins-good, httpd:2.4, kernel, kernel-rt, libldb, libreoffice, libtiff, libxml2, mingw-expat, mingw-zlib, mutt, nodejs:14, nodejs:18, openblas, openjpeg2, osbuild, pcs, php:7.4, php:8.0, [...]

https://lwn.net/Articles/914119/


ICS Patch Tuesday: Siemens Addresses Critical Vulnerabilities

Siemens and Schneider Electric have released their Patch Tuesday advisories for November 2022. Siemens has released nine new security advisories covering a total of 30 vulnerabilities, but Schneider has only published one new advisory.

https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-critical-vulnerabilities


Varnish HTTP/2 Request Forgery

https://docs.varnish-software.com/security/VSV00011/


Open Source Varnish Request Smuggling

https://docs.varnish-software.com/security/VSV00010/


PHOENIX CONTACT: Automationworx BCP File Parsing Vulnerabilities

https://cert.vde.com/de/advisories/VDE-2022-048/


Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516

https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516


McAfee Total Protection: Update fixt Schwachstelle CVE-2022-43751

https://www.borncity.com/blog/2022/11/08/mcafee-total-protection-update-fixt-schwachstelle-cve-2022-43751/