Tageszusammenfassung - 30.11.2022

End-of-Day report

Timeframe: Dienstag 29-11-2022 18:00 - Mittwoch 30-11-2022 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer

News

How Stuff Gets eXposed

Intel's Software Guard Extension (SGX) promises an isolated execution environment, protected from all software running on the machine. In the past few years, however, SGX has come under heavy fire, threatened by numerous side channel attacks.

https://sgx.fail/


Looting Microsoft Configuration Manager

Microsoft Endpoint Configuration Manager (CM), also known as System Center Configuration Manager (SCCM), is widely deployed by companies to manage their Windows environments. It enables simple enrollment of servers and workstations, distributing software and generic management of the Windows systems in the environment.

https://labs.withsecure.com/publications/looting-microsoft-configuration-manager


Was tun, wenn Sie in einem Fake-Shop bestellt haben?

Sie haben im Internet eingekauft. Das bestellte Produkt kommt aber nicht an, E-Mails an den vermeintlichen Shop bleiben unbeantwortet. Kommt Ihnen das bekannt vor, haben Sie wahrscheinlich in einem Fake-Shop eingekauft. Wir zeigen Ihnen, was Sie tun können, wenn Sie in die Shopping-Falle getappt sind.

https://www.watchlist-internet.at/news/was-tun-wenn-sie-in-einem-fake-shop-bestellt-haben/


Industry 4.0: CNC Machine Security Risks Part 1

This three-part blog series explores the risks associated with CNC machines.

https://www.trendmicro.com/en_us/research/22/k/cnc-machine-security-risks-part-1.html

Vulnerabilities

NVIDIA releases GPU driver update to fix 29 security flaws

NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation.

https://www.bleepingcomputer.com/news/security/nvidia-releases-gpu-driver-update-to-fix-29-security-flaws/


CISA Releases Seven Industrial Control Systems Advisories

* ICSA-22-333-01 Mitsubishi Electric GOT2000 * ICSA-22-333-02 Hitachi Energys IED Connectivity Packages and PCM600 Products * ICSA-22-333-03 Hitachi Energys MicroSCADA ProX SYS600 Products * ICSA-22-333-04 Moxa UC Series * ICSA-22-333-05 Mitsubishi Electric FA Engineering Software * ICSA-21-334-02 Mitsubishi MELSEC and MELIPC Series (Update E) * ICSA-19-346-02 Omron PLC CJ

https://www.cisa.gov/uscert/ncas/current-activity/2022/11/29/cisa-releases-seven-industrial-control-systems-advisories


Kritische Sicherheitslücke in VLC Media Player

Ein Update steht für den VLC Media Player bereit, mit dem die Entwickler unter anderem eine kritische Sicherheitslücke schließen.

https://heise.de/-7362049


Webbrowser Chrome 108 dichtet 28 Sicherheitslücken ab

Das Update auf den Webbrowser Chrome 108 liefert im Wesentlichen Fehlerkorrekturen, die 28 Schwachstellen schließen.

https://heise.de/-7361154


Security updates for Wednesday

Security updates have been issued by Debian (krb5), Fedora (galera, mariadb, and mingw-python3), Red Hat (389-ds:1.4, kernel, kernel-rt, kpatch-patch, krb5, and usbguard), Scientific Linux (krb5), Slackware (kernel), SUSE (binutils, dbus-1, exiv2, freerdp, git, java-1_8_0-ibm, kernel, libarchive, libdb-4_8, libmspack, nginx, opencc, python, python3, rxvt-unicode, sudo, supportutils, systemd, vim, and webkit2gtk3), and Ubuntu (bind9, gnutls28, libsamplerate, linux-gcp-5.4, perl, pixman, shadow, [...]

https://lwn.net/Articles/916346/


Delta Electronics Patches Serious Flaws in Industrial Networking Devices

Taiwan-based Delta Electronics has patched potentially serious vulnerabilities in two of its industrial networking products. The flaws were identified by researchers at CyberDanube, a new industrial cybersecurity company based in Austria, in Delta-s DX-2100-L1-CN 3G cloud router and the DVW-W02W2-E2 industrial wireless access point.

https://www.securityweek.com/delta-electronics-patches-serious-flaws-industrial-networking-devices


Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework

Developers have been warned that the popular Quarkus framework is affected by a critical vulnerability that could lead to remote code execution.

https://www.securityweek.com/developers-warned-critical-remote-code-execution-flaw-quarkus-java-framework


Anker Eufy Door Bell Sicherheitskameras mit Schwachstellen, Daten werden in die Cloud übertragen, Homebase 2 hat auch Schwachstellen

Anker Eufy Door Bell-Sicherheitskameras werden auch in Deutschland verkauft. Ein Sicherheitsforscher hat nun verschiedene Sicherheitslücken in der Firmware der Eufy-Kameras gefunden.

https://www.borncity.com/blog/2022/11/30/anker-eufy-door-bell-sicherheitskameras-mit-schwachstellen-daten-werden-in-die-cloud-bertragen-homebase-2-hat-auch-schwachstellen/


Drop What Youre Doing and Update iOS, Android, and Windows

https://www.wired.com/story/ios-android-windows-vulnerability-patches-november-2022/


Security Advisory - Improper Authorization Vulnerability in a Huawei Childrens Watch

http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-iaviahcw-21a3acd8-en


Security Bulletin: A Kafka vulnerability affects IBM Operations Analytics Predictive Insights (CVE-2022-34917 )

https://www.ibm.com/blogs/psirt/security-bulletin-a-kafka-vulnerability-affects-ibm-operations-analytics-predictive-insights-cve-2022-34917/


Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.4ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-102-4esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if16-2022-4-0/


Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty profile affects IBM Operations Analytics Predictive Insights(CVE-2022-22393 CVE-2022-22476 CVE-2022-22475)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-liberty-profile-affects-ibm-operations-analytics-predictive-insightscve-2022-22393-cve-2022-22476-cve-2022-22475/


Security Bulletin: Multiple vulnerabilities in Netty libraries affect IBM Operations Analytics Predictive Insights (CVE-2021-43797 CVE-2022-24823)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-libraries-affect-ibm-operations-analytics-predictive-insights-cve-2021-43797-cve-2022-24823/


Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operations-analytics-predictive-insights/


Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote authenticated attacker to execute arbitrary code on the system due to PostgreSQL (CVE-2022-2625)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-remote-authenticated-attacker-to-execute-arbitrary-code-on-the-system-due-to-postgresql-cve-2022-2625/


Zahlreiche kritische Schwachstellen in Planet Enterprises Ltd - Planet eStream

https://sec-consult.com/de/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/