End-of-Day report
Timeframe: Dienstag 08-11-2022 18:00 - Mittwoch 09-11-2022 18:00
Handler: Stephan Richter
Co-Handler: Michael Schlagenhaufer
News
Intel, AMD Address Many Vulnerabilities With Patch Tuesday Advisories
Intel and AMD have announced fixes for many vulnerabilities on this Patch Tuesday, including for flaws that have been assigned a -high severity- rating.
https://www.securityweek.com/intel-amd-address-many-vulnerabilities-patch-tuesday-advisories
Microsoft: Windows 10 21H1 reaches end of service next month
Microsoft has reminded customers today that all editions of Windows 10 21H1 (also known as the May 2021 Update) are reaching the end of service (EOS) next month.
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-21h1-reaches-end-of-service-next-month/
Lenovo fixes flaws that can be used to disable UEFI Secure Boot
Lenovo has fixed two high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models that could allow an attacker to deactivate UEFI Secure Boot.
https://www.bleepingcomputer.com/news/security/lenovo-fixes-flaws-that-can-be-used-to-disable-uefi-secure-boot/
Phishing-Resistant MFA Does Not Mean Un-Phishable
Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it were as comprehensively accurate as the original, more-limited fact it was based on. Anything can be hacked. Do not confuse -phishing-resistant- with being impossible to phish or socially engineer.
https://www.linkedin.com/pulse/phishing-resistant-mfa-does-mean-un-phishable-roger-grimes/
SMS -Hallo Mama, mein Handy ist kaputt- ist betrügerisch!
Eine großangelegte SMS-Betrugsmasche sorgt aktuell für Verunsicherung bei Empfänger:innen. Der Inhalt der -Hallo Mama- oder -Hallo Papa- SMS soll vermitteln, dass das eigene Kind eine neue Nummer hätte. Das Kind bittet deshalb um Kontaktaufnahme über WhatsApp. Wer hier antwortet, wird schon bald vom vermeintlichen Kind zu Zahlungen aufgefordert. Ignorieren Sie die Nachrichten und führen Sie auf keinen Fall Überweisungen durch.
https://www.watchlist-internet.at/news/sms-hallo-mama-mein-handy-ist-kaputt-ist-betruegerisch/
Massive ois[.]is Black Hat Redirect Malware Campaign
Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to increase the authority of the attacker-s sites for search engines. PublicWWW results show nearly 15,000 websites have been affected by this malware so far.
https://blog.sucuri.net/2022/11/massive-ois-is-black-hat-redirect-malware-campaign.html
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other attacks.
https://blog.talosintelligence.com/ipfs-abuse/
Check Point CloudGuard Spectral exposes new obfuscation techniques for malicious packages on PyPI
Check Point Research (CPR) detects a new and unique malicious package on PyPI, the leading package index used by developers for the Python programming language The new malicious package was designed to hide code in images and infect through open-source projects on Github CPR responsibly disclosed this information to PyPI, who removed the packages.
https://research.checkpoint.com/2022/check-point-cloudguard-spectral-exposes-new-obfuscation-techniques-for-malicious-packages-on-pypi/
Vulnerabilities
Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks
Microsoft has released security updates to address two high-severity Microsoft Exchange zero-day vulnerabilities collectively known as ProxyNotShell and exploited in the wild.
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-proxynotshell-exchange-zero-days-exploited-in-attacks/
Kritische Sicherheitslücken in VMware Workspace ONE - Updates verfügbar
VMware hat Updates für drei kritische Authentication Bypass Sicherheitslücken im Remote-Access-Tool VMware Workspace ONE veröffentlicht. Entfernte, anonyme Angreifer:innen können die Authentifizierung in erreichbaren VMware Workspace ONE Instanzen umgehen und Administratorrechte auf den betroffenen Systemen erlangen.
https://cert.at/de/warnungen/2022/11/kritische-sicherheitslucken-in-vmware-workspace-one-updates-verfugbar
Citrix Gateway und ADC: Kritische Lücke ermöglicht unbefugten Zugriff
Citrix schließt Sicherheitslücken, durch die Angreifer etwa unberechtigt auf die Gerätefunktionen zugreifen können. Administratoren sollten zügig aktualisieren.
https://heise.de/-7334851
Multiple vulnerabilities in WordPress
WordPress contains multiple vulnerabilities listed below which are to the WordPress Post by Email Feature.
https://jvn.jp/en/jp/JVN09409909/
IBM Security Bulletins 2022-11-08
IBM App Connect Enterprise, IBM Cloud Application Business Insights, IBM Security Guardium, IBM Security Verify Access
https://www.ibm.com/blogs/psirt/
Lenovo Product Security Advisories 2022-11-08
AMD Graphics Driver, AMD IBPB Return Branch Predictions, Brocade EZSwitch, Elan UltraNav and MiniPort Driver, Intel AMT SDK, Intel EMA, Intel MC, Intel Chipset Firmware, Intel PROSet Wireless WiFi, Intel vPro CSME WiFi, Killer WiFi, Intel SGX SDK, Lenovo Diagnostics, Lenovo Notebook BIOS, Lenovo Vantage Component, Multi-Vendor BIOS
https://support.lenovo.com/at/en/product_security/home
Cisco Security Advisories 2022-11-09
Cisco Adaptive Security Appliance Software, Cisco FXOS Software, Cisco FirePOWER Software for ASA FirePOWER Module, Cisco Firepower Management Center Software, Cisco Firepower Threat Defense Software, Cisco NGIPS Software, Cisco Secure Firewall 3100 Series, Multiple Cisco Products Snort SMB2 Detection Engine
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2022%2F11%2F09&firstPublishedEndDate=2022%2F11%2F09
Webbrowser: Zehn Sicherheitslücken weniger in Google Chrome
In dem jetzt verfügbaren Update für den Webbrowser Chrome schließt Google 10 Sicherheitslücken. Mit manipulierten Webseiten könnten Angreifer Code ausführen.
https://heise.de/-7334255
Foxit PDF Reader: Schadcode-Attacken über präparierte PDFs möglich
Die Foxit-Entwickler haben in ihren PDF-Anwendungen unter macOS und Windows Sicherheitslücken geschlossen.
https://heise.de/-7334993
Patchday: SAP stopft neun zum Teil kritische Schwachstellen
Am November-Patchday dichtet SAP teils kritische Sicherheitslücken in mehreren Produkten ab. Administratoren sollten sie zügig auf den aktuellen Stand bringen.
https://heise.de/-7334573
Security updates for Wednesday
Security updates have been issued by Debian (vim, webkit2gtk, and wpewebkit), Fedora (mingw-python3, vim, webkit2gtk3, webkitgtk, and xen), Mageia (389-ds-base, bluez, ffmpeg, libtasn1, libtiff, libxml2, and mbedtls), Red Hat (kpatch-patch and linux-firmware), SUSE (conmon, containerized data importer, exim, expat, ganglia-web, gstreamer-0_10-plugins-base, gstreamer-0_10-plugins-good, gstreamer-plugins-base, gstreamer-plugins-good, kernel, kubevirt, protobuf, sendmail, and vsftpd), and Ubuntu (libzstd, openjdk-8, openjdk-lts, openjdk-17, openjdk-19, php7.2, php7.4, php8.1, and pixman).
https://lwn.net/Articles/914221/
Zahlreiche kritische Schwachstellen in Simmeth System GmbH Lieferantenmanager
Die Software Lieferantenmanager der Simmeth System GmbH ist von mehreren kritischen Schwachstellen betroffen. Durch diese lassen sich beliebige Befehle ohne Authentifizierung auf dem SQL Server ausführen. Des Weiteren können beliebige Dateien auf dem Webserver gelesen und Nutzersessions gestohlen werden. Außerdem wurde das E-Mail Passwort der Firma Simmeth mithilfe eines unauthentifizierten Requests ausgelesen.
https://sec-consult.com/de/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/
[R1] Nessus Network Monitor Version 6.1.1 Fixes Multiple Vulnerabilities
Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers.
https://www.tenable.com/security/tns-2022-25
Xen Security Advisory CVE-2022-23824 / XSA-422
https://xenbits.xen.org/xsa/advisory-422.html