Tageszusammenfassung - 17.11.2022

End-of-Day report

Timeframe: Mittwoch 16-11-2022 18:00 - Donnerstag 17-11-2022 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer

News

Evil Maid Attacks - Remediation for the Cheap, (Wed, Nov 16th)

The so-called evil maid attack is an attack against hardware devices utilizing hard- and/or software. It is carried out when the hardware is left unattended, e.g., in a hotel room when you're out for breakfast. The attacker manipulates the device in a malicious way.

https://isc.sans.edu/diary/rss/29256


WASP malware stings Python developers

Researchers from Phylum and Check Point earlier this month reported seeing new malicious packages on PyPI, a package index for Python developers. Analysts at Checkmarx this week connected the same attacker to both reports and said the operator is still releasing malicious packages.

https://www.theregister.com/2022/11/16/wasp_python_malware_checkmarx/


Disneyland Malware Team: It-s a Puny World After All

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.

https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/


Onlinebetrug-Simulator: Testen Sie Ihr Wissen zu Betrugsmaschen im Internet

Um Sie für die Gefahren von Fake-Shops und Phishing-Emails zu sensibilisieren und Sie im Bereich der Cyber-Sicherheit zu schulen, hat die AK Niederösterreich in Kooperation mit der Universität Wien den Onlinebetrug-Simulator ins Leben gerufen.

https://www.watchlist-internet.at/news/onlinebetrug-simulator-testen-sie-ihr-wissen-zu-betrugsmaschen-im-internet/


Domain Controller gegen Angriffe absichern

Active Directory ist eine kritische Infrastruktur und sollte als solche behandelt werden. Aber wie sichert man als Administrator seine Domain Controller gegen Angriffe?

https://www.borncity.com/blog/2022/11/17/domain-controller-gegen-angriffe-absichern/


Get a Loda This: LodaRAT meets new friends

LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild.

https://blog.talosintelligence.com/get-a-loda-this/

Vulnerabilities

Schadcode-Attacken auf Bitbucket Server und Data Center möglich

Eine Sicherheitslücke bedroht mehrere Versionen von Atlassians Versionsverwaltungssoftware.

https://heise.de/-7343226


Security updates for Thursday

Security updates have been issued by Debian (firefox-esr and thunderbird), Fedora (expat, xen, and xorg-x11-server), Oracle (kernel, kernel-container, qemu, xorg-x11-server, and zlib), Scientific Linux (xorg-x11-server), Slackware (firefox, krb5, samba, and thunderbird), SUSE (ant, apache2-mod_wsgi, jsoup, rubygem-nokogiri, samba, and tomcat), and Ubuntu (firefox and linux, linux-aws, linux-aws-hwe, linux-dell300x, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon).

https://lwn.net/Articles/915245/


Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

https://us-cert.cisa.gov/ncas/current-activity/2022/11/16/samba-releases-security-updates


Security Bulletin: IBM Partner Engagement Manager is vulnerable to sensitive data exposure (CVE-2022-34354)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-partner-engagement-manager-is-vulnerable-to-sensitive-data-exposure-cve-2022-34354/


Security Bulletin: IBM Planning Analytics Workspace is affected by a vulnerability [CVE-2022-31129]

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-a-vulnerability-cve-2022-31129-2/


Security Bulletin: CVE-2022-3676 may affect IBM® SDK, Java- Technology Edition

https://www.ibm.com/blogs/psirt/security-bulletin-cve-2022-3676-may-affect-ibm-sdk-java-technology-edition/


Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow - CVE-2022-38390

https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-cve-2022-38390/


Security Bulletin: IBM InfoSphere DataStage is vulnerable to a command injection vulnerability [CVE-2022-40752]

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-datastage-is-vulnerable-to-a-command-injection-vulnerability-cve-2022-40752-3/


Security Bulletin: Tivoli Business Service Manager is vulnerable to cross-site scripting due to improper validation in Angular (CVE-2022-25869)

https://www.ibm.com/blogs/psirt/security-bulletin-tivoli-business-service-manager-is-vulnerable-to-cross-site-scripting-due-to-improper-validation-in-angular-cve-2022-25869/


Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2022-35721)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-stored-cross-site-scripting-cve-2022-35721-3/


Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2022-35722)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-stored-cross-site-scripting-cve-2022-35722-3/


Security Bulletin: IBM Urbancode Deploy (UCD) is vulnerable to Insufficiently Protected LDAP Search Credentials ( CVE-2022-40751 )

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-is-vulnerable-to-insufficiently-protected-ldap-search-credentials-cve-2022-40751/


Security Bulletin: Apache Tomcat could allow a remote attacker to obtain sensitive information (CVE-2021-43980)

https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-could-allow-a-remote-attacker-to-obtain-sensitive-information-cve-2021-43980/


Technical Advisory - NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)

https://research.nccgroup.com/2022/11/17/cve-2022-45163/


Red Lion Crimson

https://us-cert.cisa.gov/ics/advisories/icsa-22-321-01


Cradlepoint IBR600

https://us-cert.cisa.gov/ics/advisories/icsa-22-321-02