End-of-Day report
Timeframe: Montag 28-11-2022 18:00 - Dienstag 29-11-2022 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
News
Malicious Android app found powering account creation service
-A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook [...]
https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/
Cyber-Threat Group Targets Critical RCE Vulnerability in Bleed You Campaign
More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more.
https://www.darkreading.com/threat-intelligence/cyber-threat-weak-windows-servers-bleed-you-campaign
Subdomain Enumeration with DNSSEC
In my previous blog post I described how subdomain enumeration and subdomain bruteforce in particular could be enhanced by taking DNS status code into account, rather than relying on the existence of A or AAAA records only. This follow-up post describes what techniques exist to enumerate subdomains in a DNSSEC-enabled zone and what countermeasures exist to prevent it.
https://www.securesystems.de/blog/subdomain-enumeration-with-DNSSEC/
Angreifer könnten Secure Boot auf bestimmten Acer-Notebooks deaktivieren
Acers Entwickler haben eine Sicherheitslücke geschlossen. Unter bestimmten Umständen könnten Angreifer UEFI-Einstellungen manipulieren. Updates sind in Sicht.
https://heise.de/-7359874
#InvisibleChallenge: Malware sucht Opfer mit TikTok-Challenge
Cyberkriminelle missbrauchen eine Nackt-Tanz-Challenge auf TikTok, um Opfer zum Installieren ihrer Malware zu bewegen. Diese solle einen Filter entfernen.
https://heise.de/-7360626
Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)
A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog.
https://www.helpnetsecurity.com/2022/11/29/cve-2021-35587-exploited/
Project Zero Flags Patch Gap Problems on Android
Vulnerability researchers at Google Project Zero are calling attention to the ongoing -patch-gap- problem in the Android ecosystem, warning that downstream vendors continue to be tardy at delivering security fixes to Android-powered devices.
https://www.securityweek.com/project-zero-flags-patch-gap-problems-android
Booking.com: Vorsicht vor gefälschten Angeboten
Sie haben auf Booking.com eine verlockende Unterkunft gefunden? Der Buchungsprozess verläuft aber nicht wie gewohnt? Vorsicht! Möglicherweise sind Sie auf ein betrügerisches Angebot gestoßen. Wenn Unterkunftgeber:innen Sie von Booking.com auf eine andere Website verweisen, handelt es sich um eine Betrugsmasche. Wir erklären Ihnen, worauf Sie achten sollten!
https://www.watchlist-internet.at/news/bookingcom-vorsicht-vor-gefaelschten-angeboten/
Vulnerabilities
IBM Security Bulletins 2022-11-28
Digital Certificate Manager for IBM i, IBM App Connect Enterprise Certified Container IntegrationServer operands, IBM Operations Analytics Predictive Insights, IBM Planning Analytics Workspace, IBM Sterling Connect:Direct for UNIX, IBM UrbanCode Deploy (UCD), IBM UrbanCode Deploy (UCD) Agents on zOS, IBM WebSphere Application Server Liberty, ISC BIND on IBM i
https://www.ibm.com/blogs/psirt/
VMSA-2022-0029
CVSSv3 Range: 3.3
CVE(s): CVE-2022-31693
Synopsis: VMware Tools for Windows update addresses a denial-of-service vulnerability
https://www.vmware.com/security/advisories/VMSA-2022-0029.html
K11742512: BIND vulnerability CVE-2022-2795
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
https://support.f5.com/csp/article/K11742512
Security updates for Tuesday
Security updates have been issued by Debian (frr, gerbv, mujs, and twisted), Fedora (nodejs and python-virtualbmc), Oracle (dotnet7.0, kernel, kernel-container, krb5, varnish, and varnish:6), SUSE (busybox, python3, tiff, and tomcat), and Ubuntu (harfbuzz).
https://lwn.net/Articles/916189/
Edge 107.0.1418.62
Kurzer Nachtrag: Microsoft hat zum 28. November 2022 den Edge-Browser im Stable Stable Channel auf die Version 107.0.1418.52 aktualisiert. Ist ein Sicherheits-Update, welches gemäß den Release Notes die vom Chromium-Team berichtete Schwachstelle CVE-2022-4135 schließt.
https://www.borncity.com/blog/2022/11/29/edge-107-0-1418-62/
Festo: Incomplete documentation of remote accessible functions and protocols in Festo products
https://cert.vde.com/de/advisories/VDE-2022-041/
Festo: Multiple Festo products contain an unsafe default Codesys configuration
https://cert.vde.com/de/advisories/VDE-2022-037/
Mitsubishi Electric GOT2000
https://us-cert.cisa.gov/ics/advisories/icsa-22-333-01