End-of-Day report
Timeframe: Dienstag 29-11-2022 18:00 - Mittwoch 30-11-2022 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
News
How Stuff Gets eXposed
Intel's Software Guard Extension (SGX) promises an isolated execution environment, protected from all software running on the machine. In the past few years, however, SGX has come under heavy fire, threatened by numerous side channel attacks.
https://sgx.fail/
Looting Microsoft Configuration Manager
Microsoft Endpoint Configuration Manager (CM), also known as System Center Configuration Manager (SCCM), is widely deployed by companies to manage their Windows environments. It enables simple enrollment of servers and workstations, distributing software and generic management of the Windows systems in the environment.
https://labs.withsecure.com/publications/looting-microsoft-configuration-manager
Was tun, wenn Sie in einem Fake-Shop bestellt haben?
Sie haben im Internet eingekauft. Das bestellte Produkt kommt aber nicht an, E-Mails an den vermeintlichen Shop bleiben unbeantwortet. Kommt Ihnen das bekannt vor, haben Sie wahrscheinlich in einem Fake-Shop eingekauft. Wir zeigen Ihnen, was Sie tun können, wenn Sie in die Shopping-Falle getappt sind.
https://www.watchlist-internet.at/news/was-tun-wenn-sie-in-einem-fake-shop-bestellt-haben/
Industry 4.0: CNC Machine Security Risks Part 1
This three-part blog series explores the risks associated with CNC machines.
https://www.trendmicro.com/en_us/research/22/k/cnc-machine-security-risks-part-1.html
Vulnerabilities
NVIDIA releases GPU driver update to fix 29 security flaws
NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation.
https://www.bleepingcomputer.com/news/security/nvidia-releases-gpu-driver-update-to-fix-29-security-flaws/
CISA Releases Seven Industrial Control Systems Advisories
* ICSA-22-333-01 Mitsubishi Electric GOT2000
* ICSA-22-333-02 Hitachi Energys IED Connectivity Packages and PCM600 Products
* ICSA-22-333-03 Hitachi Energys MicroSCADA ProX SYS600 Products
* ICSA-22-333-04 Moxa UC Series
* ICSA-22-333-05 Mitsubishi Electric FA Engineering Software
* ICSA-21-334-02 Mitsubishi MELSEC and MELIPC Series (Update E)
* ICSA-19-346-02 Omron PLC CJ
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/29/cisa-releases-seven-industrial-control-systems-advisories
Kritische Sicherheitslücke in VLC Media Player
Ein Update steht für den VLC Media Player bereit, mit dem die Entwickler unter anderem eine kritische Sicherheitslücke schließen.
https://heise.de/-7362049
Webbrowser Chrome 108 dichtet 28 Sicherheitslücken ab
Das Update auf den Webbrowser Chrome 108 liefert im Wesentlichen Fehlerkorrekturen, die 28 Schwachstellen schließen.
https://heise.de/-7361154
Security updates for Wednesday
Security updates have been issued by Debian (krb5), Fedora (galera, mariadb, and mingw-python3), Red Hat (389-ds:1.4, kernel, kernel-rt, kpatch-patch, krb5, and usbguard), Scientific Linux (krb5), Slackware (kernel), SUSE (binutils, dbus-1, exiv2, freerdp, git, java-1_8_0-ibm, kernel, libarchive, libdb-4_8, libmspack, nginx, opencc, python, python3, rxvt-unicode, sudo, supportutils, systemd, vim, and webkit2gtk3), and Ubuntu (bind9, gnutls28, libsamplerate, linux-gcp-5.4, perl, pixman, shadow, [...]
https://lwn.net/Articles/916346/
Delta Electronics Patches Serious Flaws in Industrial Networking Devices
Taiwan-based Delta Electronics has patched potentially serious vulnerabilities in two of its industrial networking products. The flaws were identified by researchers at CyberDanube, a new industrial cybersecurity company based in Austria, in Delta-s DX-2100-L1-CN 3G cloud router and the DVW-W02W2-E2 industrial wireless access point.
https://www.securityweek.com/delta-electronics-patches-serious-flaws-industrial-networking-devices
Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework
Developers have been warned that the popular Quarkus framework is affected by a critical vulnerability that could lead to remote code execution.
https://www.securityweek.com/developers-warned-critical-remote-code-execution-flaw-quarkus-java-framework
Anker Eufy Door Bell Sicherheitskameras mit Schwachstellen, Daten werden in die Cloud übertragen, Homebase 2 hat auch Schwachstellen
Anker Eufy Door Bell-Sicherheitskameras werden auch in Deutschland verkauft. Ein Sicherheitsforscher hat nun verschiedene Sicherheitslücken in der Firmware der Eufy-Kameras gefunden.
https://www.borncity.com/blog/2022/11/30/anker-eufy-door-bell-sicherheitskameras-mit-schwachstellen-daten-werden-in-die-cloud-bertragen-homebase-2-hat-auch-schwachstellen/
Drop What Youre Doing and Update iOS, Android, and Windows
https://www.wired.com/story/ios-android-windows-vulnerability-patches-november-2022/
Security Advisory - Improper Authorization Vulnerability in a Huawei Childrens Watch
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-iaviahcw-21a3acd8-en
Security Bulletin: A Kafka vulnerability affects IBM Operations Analytics Predictive Insights (CVE-2022-34917 )
https://www.ibm.com/blogs/psirt/security-bulletin-a-kafka-vulnerability-affects-ibm-operations-analytics-predictive-insights-cve-2022-34917/
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.4ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-102-4esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if16-2022-4-0/
Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty profile affects IBM Operations Analytics Predictive Insights(CVE-2022-22393 CVE-2022-22476 CVE-2022-22475)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-liberty-profile-affects-ibm-operations-analytics-predictive-insightscve-2022-22393-cve-2022-22476-cve-2022-22475/
Security Bulletin: Multiple vulnerabilities in Netty libraries affect IBM Operations Analytics Predictive Insights (CVE-2021-43797 CVE-2022-24823)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-libraries-affect-ibm-operations-analytics-predictive-insights-cve-2021-43797-cve-2022-24823/
Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operations-analytics-predictive-insights/
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote authenticated attacker to execute arbitrary code on the system due to PostgreSQL (CVE-2022-2625)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-remote-authenticated-attacker-to-execute-arbitrary-code-on-the-system-due-to-postgresql-cve-2022-2625/
Zahlreiche kritische Schwachstellen in Planet Enterprises Ltd - Planet eStream
https://sec-consult.com/de/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/