End-of-Day report
Timeframe: Donnerstag 10-11-2022 18:00 - Freitag 11-11-2022 18:00
Handler: Stephan Richter
Co-Handler: Michael Schlagenhaufer
News
US Health Dept warns of Venus ransomware targeting healthcare orgs
The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the countrys healthcare organizations.
https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-venus-ransomware-targeting-healthcare-orgs/
Microsoft fixes Windows zero-day bug exploited to push malware
Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers.
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-zero-day-bug-exploited-to-push-malware/
NIS2-Richtlinie: Domaininhaber müssen künftig Adressdaten hinterlegen
Die neue EU-Richtlinie zur IT-Sicherheit (NIS2) untersagt die anonyme Registrierung von Domains.
https://www.golem.de/news/nis2-richtlinie-domaininhaber-muessen-kuenftig-adressdaten-hinterlegen-2211-169666.html
Sicherheitslücke: Sperrbildschirm von Pixel-Smartphones ließ sich umgehen
Einem Forscher ist es gelungen, ein Pixel-Smartphone von Google ohne PIN zu entsperren. Doch Fix und Bug Bounty ließen lange auf sich warten.
https://www.golem.de/news/sicherheitsluecke-sperrbildschirm-von-pixel-smartphones-liess-sich-umgehen-2211-169685.html
Cisco dichtet Sicherheitslecks in ASA und Firepower ab
Cisco dichtet teils hochriskante Sicherheitslücken in der Software der Adaptive Security Appliance und Firepower Threat Defense. Admins sollten aktiv werden.
https://heise.de/-7336757
Digitalbarometer 2022: Weiter leichtes Spiel für Cyber-Kriminelle
BSI und Polizeiliche Kriminalprävention der Länder und des Bundes (ProPK) veröffentlichen die vierte gemeinsame Bürgerbefragung: Viele Bürgerinnen und Bürger vernachlässigen grundlegende Maßnahmen, um sich vor Angriffen im Netz zu schützen.
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/221111_Digitalbarometer.html
CISA Releases Decision Tree Model to Help Companies Prioritize Vulnerability Patching
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday announced the release of a Stakeholder-Specific Vulnerability Categorization (SSVC) guide that can help organizations prioritize vulnerability patching using a decision tree model.
https://www.securityweek.com/cisa-releases-decision-tree-model-help-companies-prioritize-vulnerability-patching
Phishing-resistente Multifaktor Authentifizierung
Multifaktor Authentifizierung (MFA) kann durch Phishing ausgehebelt werden. Es kommt darauf an, MFA widerstandsfähiger zu machen, betont Lance Spitzner, SANS Security Awareness Director, in einem Gastbeitrag.
https://www.zdnet.de/88404820/phishing-resistente-multifaktor-authentifizierung/
HackHound IRC Bot Being Distributed via Webhards
Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. The ASEC analysis team has been monitoring malware types distributed through webhards and uploaded multiple blog posts about them in the past.
https://asec.ahnlab.com/en/41806/
CVE-2019-8561: A Hard-to-Banish PackageKit Framework Vulnerability in macOS
This blog entry details our investigation of CVE-2019-8561, a vulnerability that exists in the macOS PackageKit framework, a component used to install software installer packages (PKG files).
https://www.trendmicro.com/en_us/research/22/k/cve-2019-8561-a-hard-to-banish-packagekit-framework-vulnerabilit.html
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (chromium and exiv2), Fedora (curl, device-mapper-multipath, dotnet6.0, mediawiki, mingw-gcc, and php-pear-CAS), Gentoo (lesspipe), Slackware (php), SUSE (git, glibc, kernel, libarchive, python, python-rsa, python3-lxml, rpm, sudo, xen, and xwayland), and Ubuntu (wavpack).
https://lwn.net/Articles/914571/
Preisgabe von sensiblen Informationen in Zoom (SYSS-2022-048)
Bei einer Videokonferenz über Zoom werden Chatnachrichten im Installationsverzeichnis gespeichert. Ein Angreifer kann diese Nachrichten entschlüsseln.
https://www.syss.de/pentest-blog/preisgabe-von-sensiblen-informationen-in-zoom-syss-2022-048
Rapid7-s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)
CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL-s 3.0.x versions both rely on a maliciously crafted email address in a certificate.
https://www.rapid7.com/blog/post/2022/11/11/rapid7s-impact-from-openssl-buffer-overflow-vulnerabilities-cve-2022-3786-cve-2022-3602/
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-semeru-runtime-5/
Security Bulletin: IBM InfoSphere DataStage is vulnerable to a command injection vulnerability [CVE-2022-40752]
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-datastage-is-vulnerable-to-a-command-injection-vulnerability-cve-2022-40752-2/
Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility - CVE-2021-2163
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-used-by-the-ibm-installation-manager-and-ibm-packaging-utility-cve-2021-2163/
Omron NJ/NX-series Machine Automation Controllers
https://us-cert.cisa.gov/ics/advisories/icsa-22-314-07
Omron NJNX-series
https://us-cert.cisa.gov/ics/advisories/icsa-22-314-08