Tageszusammenfassung - 18.11.2022

End-of-Day report

Timeframe: Donnerstag 17-11-2022 18:00 - Freitag 18-11-2022 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer

News

Zeppelin: Heimlich die Schlüssel einer Ransomware geknackt

Eine Sicherheitsfirma ist es gelungen die Ransomware Zeppelin zu knacken. Sie half heimlich mehreren Organisationen, wieder an ihre Daten zu gelangen.

https://www.golem.de/news/zeppelin-heimlich-die-schluessel-einer-ransomware-geknackt-2211-169870.html


Security baseline for Microsoft Edge v107

We have reviewed the settings in Microsoft Edge version 107 and updated our guidance with the addition of one new setting. We-re also highlighting three settings we would like you to consider based on your organizational needs.

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v107/ba-p/3678903


Successful Hack of Time-Triggered Ethernet

Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it.

https://www.schneier.com/blog/archives/2022/11/successful-hack-of-time-triggered-ethernet.html


Microsoft Warns of Cybercrime Group Delivering Royal Ransomware, Other Malware

A threat actor tracked as DEV-0569 and known for the distribution of various malicious payloads was recently observed updating its delivery methods, Microsoft warns.

https://www.securityweek.com/microsoft-warns-cybercrime-group-delivering-royal-ransomware-other-malware


CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain

Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series - Recommended Practices Guide for Customers.

https://us-cert.cisa.gov/ncas/current-activity/2022/11/17/cisa-nsa-and-odni-release-guidance-customers-securing-software


#StopRansomware: Hive Ransomware

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022.

https://www.cisa.gov/uscert/ncas/alerts/aa22-321a

Vulnerabilities

Security updates for Friday

Security updates have been issued by Debian (asterisk, firefox-esr, php-phpseclib, phpseclib, python-django, and thunderbird), Fedora (grub2, samba, and thunderbird), Mageia (firefox, sudo, systemd, and thunderbird), Slackware (freerdp), SUSE (firefox, go1.18, go1.19, kernel, openvswitch, python-Twisted, systemd, and xen), and Ubuntu (expat, git, multipath-tools, unbound, and webkit2gtk).

https://lwn.net/Articles/915378/


WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables

https://jvn.jp/en/jp/JVN13927745/


Security Bulletin: IBM Operations Analytics - Log Analysis vulnerable to multiple vulnerabilities in Apache Tika (CVE-2022-30126, CVE-2022-33879, CVE-2022-30973)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-log-analysis-vulnerable-to-multiple-vulnerabilities-in-apache-tika-cve-2022-30126-cve-2022-33879-cve-2022-30973/


Security Bulletin: Vulnerabilities with Kernel affect IBM Cloud Object Storage Systems (August 2022v2)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-affect-ibm-cloud-object-storage-systems-august-2022v2/


Security Bulletin: Rational Asset Analyzer is vulnerable to HTTP header injection (CVE-2022-34165)

https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-vulnerable-to-http-header-injection-cve-2022-34165/


Security Bulletin: Vulnerabilities from log4j affect IBM Operations Analytics - Log Analysis (CVE-2019-17571, CVE-2020-9488)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-from-log4j-affect-ibm-operations-analytics-log-analysis-cve-2019-17571-cve-2020-9488-2/


Security Bulletin: This Power System update is being released to address CVE 2022-22488

https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2022-22488/


Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis (CVE-2021-44832, CVE-2021-45105)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-from-log4j-core-2-16-0-jar-affect-ibm-operations-analytics-log-analysis-cve-2021-44832-cve-2021-45105-3/


Security Bulletin: Rational Asset Analyzer is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734)

https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-vulnerable-to-denial-of-service-due-to-graphql-java-cve-2022-37734/


Security Bulletin: Potential vulnerability in Eclipse Jetty affects IBM Operations Analytics - Log Analysis (CVE-2022-2047)

https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-in-eclipse-jetty-affects-ibm-operations-analytics-log-analysis-cve-2022-2047/


Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221)

https://www.ibm.com/blogs/psirt/security-bulletin-the-community-edition-of-ibm-ilog-cplex-optimization-studio-is-affected-by-multiple-vulnerabilities-in-libcurl-cve-2022-42915-cve-2022-42916-cve-2022-32221/


Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities.

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-transform-services-for-ibm-i-is-vulnerable-to-denial-of-service-buffer-overflow-and-allowing-attacker-to-obtain-sensitive-information-due-to-multiple-vulnerabilities/


Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2022-23305)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-predictive-insights-impacted-by-apache-log4j-vulnerabilities-cve-2022-23305/