Tageszusammenfassung - 23.11.2022

End-of-Day report

Timeframe: Dienstag 22-11-2022 18:00 - Mittwoch 23-11-2022 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer

News

Backdoored Chrome extension installed by 200,000 Roblox players

Chrome browser extension SearchBlox installed by more than 200,000 users has been discovered to contain a backdoor that can steal your Roblox credentials as well as your assets on Rolimons, a Roblox trading platform.

https://www.bleepingcomputer.com/news/security/backdoored-chrome-extension-installed-by-200-000-roblox-players/


Ducktail Malware Operation Evolves with New Malicious Capabilities

The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign."The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victims Facebook account," ...

https://thehackernews.com/2022/11/ducktail-malware-operation-evolves-with.html


Mind the Gap

Note: The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable.

https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html


Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice

In September 2022, Proofpoint researchers identified initial delivery of a penetration testing framework called Nighthawk. Launched in late 2021 by MDSec, Nighthawk is similar to other frameworks such as Brute Ratel and Cobalt Strike and, like those, could see rapid adoption by threat actors wanting to diversify their methods and add a relatively unknown framework to their arsenal.

https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice


Kritische Infrastruktur: EU-Richtlinie nimmt Betreiber in die Pflicht

Das EU-Parlament hat eine Richtlinie zur Resilienz kritischer Einrichtungen beschlossen. Sie gilt für elf Branchen. Manche Betreiber sind besonders wichtig.

https://heise.de/-7349574


Google will Missbrauch des Pentesting-Tools Cobalt Strike eindämmen

Damit Admins Netzwerk-Attacken durch Cobalt-Strike-Missbrauch besser erkennen können, hat Google unter anderem Erkennungsregeln auf Yara-Basis veröffentlicht.

https://heise.de/-7349813


Standard für maschinenlesbare Sicherheitshinweise verabschiedet

Das Common Security Advisory Framework soll Administratoren die Arbeit erleichtern und aktuelle Sicherheitsinformationen leichter auffindbar machen.

https://heise.de/-7350491


Angriffe auf Boa Web Server gefährden IoT

Anfällige SDK-Komponenten führen zu Lieferkettenrisiken in IoT- und OT-Umgebungen, insbesondere durch den veralteten Boa Web Server, warnt Microsoft Security Threat Intelligence (MSTI).

https://www.zdnet.de/88405186/angriffe-auf-boa-web-server-gefaehrden-iot/


Web Application Firewalls umgehen

Web Application Firewalls (WAFs) sind beliebte Infrastrukturkomponenten, die verwendet werden, um Angriffe auf Webanwendungen zu erschweren. Was bieten WAFs wirklich? Können sie auch nur theoretisch perfekt sein, um jede Art von Webangriff zu verhindern? Lassen Sie uns WAFs entmystifizieren!

https://certitude.consulting/blog/de/web-application-firewalls-umgehen/


CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack

In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. [..] The researcher has graciously provided this detailed write-up of the vulnerability and a proof-of-concept exploit demonstrating the bug.

https://www.thezdi.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack


CVE-2022-40300: SQL Injection in ManageEngine Privileged Access Management

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched SQL injection vulnerability in Zoho ManageEngine products.

https://www.thezdi.com/blog/2022/11/22/cve-2022-40300-sql-injection-in-manageengine-privileged-access-management

Vulnerabilities

IBM Security Bulletins 2022-11-22

IBM Operations Analytics, IBM QRadar, IBM SDK, IBM Sterling Connect, Rational Service Tester, Rational Performance Tester, IBM HTTP Server, IBM Security Verify Governance, IBM InfoSphere DataStage, IBM Cloud Pak for Security

https://www.ibm.com/blogs/psirt/


Sicherheitslücke in HPE-Switches OfficeConnect gefährdet Netzwerke

Angreifer könnten Switches von Hewlett Packard Enterprise attackieren. Sicherheitsupdates stehen zum Download bereit.

https://heise.de/-7350116


Security updates for Wednesday

Security updates have been issued by Debian (heimdal, libarchive, and nginx), Fedora (varnish-modules and xterm), Red Hat (firefox), Scientific Linux (firefox, hsqldb, and thunderbird), SUSE (Botan, colord, containerized-data-importer, ffmpeg-4, java-1_8_0-ibm, krb5, nginx, redis, strongswan, tomcat, and xtrabackup), and Ubuntu (apr-util, freerdp2, and sysstat).

https://lwn.net/Articles/915802/


CISA Releases Eight Industrial Control Systems Advisories

Original release date: November 22, 2022CISA has released eight (8) Industrial Control Systems (ICS) advisories on 22 November 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. - ICSA-22-326-01 AVEVA Edge - ICSA-22-326-02 Digital Alert Systems DASDEC - ICSA-22-326-03 Phoenix Contact Automation Worx - ICSA-22-326-04 GE Cimplicity - ICSA-22-326-05 Moxa Multiple ARM-Based Computers - ICSMA-21-152-01 Hillrom Medical Device Management (Update C) - ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update I) - ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update G)

https://us-cert.cisa.gov/ncas/current-activity/2022/11/22/cisa-releases-eight-industrial-control-systems-advisories


WordPress BeTheme 26.5.1.4 PHP Object Injection

https://cxsecurity.com/issue/WLB-2022110040


Security Advisory - Improper Input Validation Vulnerability in a Huawei Childrens Watch

http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-iivviahcw-5fb2d55c-en


Security Advisory - Insufficient Authentication Vulnerability in some Huawei Band Products

http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20221130-01-c7f72ffb-en


Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch

https://psirt.bosch.com/security-advisories/bosch-sa-247053-bt.html