End-of-Day report
Timeframe: Dienstag 13-12-2022 18:00 - Mittwoch 14-12-2022 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Microsoft-signed malicious Windows drivers used in ransomware attacks
Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.
https://www.bleepingcomputer.com/news/microsoft/microsoft-signed-malicious-windows-drivers-used-in-ransomware-attacks/
Open-source repositories flooded by 144,000 phishing packages
Unknown threat actors have uploaded a total of 144,294 phishing-related packages on the open-source package repositories NuGet, PyPI, and NPM.
https://www.bleepingcomputer.com/news/security/open-source-repositories-flooded-by-144-000-phishing-packages/
Input Validation for Website Security
Web forms are incredibly useful tools. They allow you to gather important information about potential clients and site visitors, collect comments and feedback, upload files, subscribe new users to your blog, or even collect payment details. But if your forms aren-t properly validating user inputs, you might be in for a nasty surprise: a variety of issues can occur if data is uploaded to your site-s environment without specific controls.
https://blog.sucuri.net/2022/12/input-validation-for-website-security.html
Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities
Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects.The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a projects list of dependencies with the vulnerabilities that affect them," [..]
https://thehackernews.com/2022/12/google-launches-largest-distributed.html
New GoTrim Botnet Attempting to Break into WordPress Sites Admin Accounts
A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of the targeted systems."This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses :::trim::: to split data communicated to and from the C2 server,"
https://thehackernews.com/2022/12/new-gotrim-botnet-attempting-to-break.html
Ade iOS 15: Apple stellt Support auf neueren iPhones offenbar ein
iPhones ab Baujahr 2017 erhalten Sicherheits-Updates nur noch nach Upgrade auf iOS 16. Lücken in iOS 15 werden laut Apple aktiv ausgenutzt.
https://heise.de/-7394913
BSI-Magazin mit Schwerpunkt "Ransomware" veröffentlicht
Die zweite Ausgabe des BSI-Magazins "Mit Sicherheit" in diesem Jahr ist erschienen. Das BSI stellt in diesem BSI-Magazin eine der aktuell größten Bedrohungen für die IT-Sicherheit in einem Sonderteil in den Mittelpunkt: Ransomware. [..] Weitere Themen sind Automotive Security, der Digitale Verbraucherschutz sowie die Zusammenarbeit von BSI und NATO zur Gestaltung der Cloud-Sicherheit im Bündnis. Außerdem gibt es im neuen BSI-Magazin eine neue Checkliste mit Tipps für ein sicheres Heimnetzwerk.
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/BSI-Magazin_2_2022_221214.html
NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing
Original release date: December 13, 2022Today, the National Security Agency (NSA), CISA, and the Office of the Director of National Intelligence (ODNI), published Potential Threats to 5G Network Slicing. This guidance-created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA-presents both the benefits and risks associated with 5G network slicing. It also provides mitigation strategies that address potential threats to 5G network slicing.
https://us-cert.cisa.gov/ncas/current-activity/2022/12/13/nsa-cisa-and-odni-release-guidance-potential-threats-5g-network
Vulnerabilities
Vulnerabilities found on Arcadyan Routers
The two vulnerabilities were found by Asher Davila L. in Arcadyan wireless modems with model number VRV9506JAC23. It is probable that they are also present in other Arcadyan models as well because their web interfaces are similar and they have common features. The following are the two found vulnerabilities:
* CVE-2020-9420: Cleartext transmission of sensitive information
* CVE-2020-9419: Stored cross-site scripting
https://gist.github.com/AsherDLL/03d0762b5a535e300f1121caebe333ce
Webbrowser: Chrome-Update dichtet acht Sicherheitslecks ab
Google hat eine aktualisierte Version des Webbrowsers Chrome bereitgestellt. Sie schließt mindestens vier hochriskante Sicherheitslücken.
https://heise.de/-7394554
VMSA-2022-0032: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation)
Synopsis: VMware Workspace ONE Access and Identity Manager updates address multiple vulnerabilities (CVE-2022-31700, CVE-2022-31701).
https://www.vmware.com/security/advisories/VMSA-2022-0032.html
Security updates for Wednesday
Security updates have been issued by Debian (pngcheck), Fedora (qemu), Mageia (admesh, busybox, emacs, libarchive, netkit-telnet, ruby, rxvt-unicode, and shadowutils), Oracle (bcel and kernel), Red Hat (389-ds-base, bcel, dbus, firefox, grub2, kernel, kernel-rt, kpatch-patch, thunderbird, and usbguard), Scientific Linux (bcel), SUSE (containerd, firefox, grafana, java-1_8_0-openjdk, libtpms, net-snmp, and wireshark), and Ubuntu (pillow).
https://lwn.net/Articles/917839/
Adobe Patches 38 Flaws in Enterprise Software Products
After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple enterprise-facing products.The San Jose, California software maker said the flaws could expose users to code execution and privilege escalation attacks across all computer platforms.
https://www.securityweek.com/adobe-patches-38-flaws-enterprise-software-products
ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches
Industrial giants Siemens and Schneider Electric have addressed over 140 vulnerabilities with their December 2022 Patch Tuesday updates.Siemensread more
https://www.securityweek.com/ics-patch-tuesday-siemens-fixes-80-openssl-openssh-flaws-switches
Apple Releases Security Updates for Multiple Products
Original release date: December 13, 2022Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
iCloud for Windows 14.1
Safari 16.2
macOS Monterey 12.6.2
macOS Big Sur 11.7.2
tvOS 16.2
watchOS 9.2
iOS 15.7.2 and iPadOS 15.7.2
iOS 16.2 and iPadOS 16.2
macOS Ventura 13.1
https://us-cert.cisa.gov/ncas/current-activity/2022/12/13/apple-releases-security-updates-multiple-products
Sonicwall Capture Client Local Privilege Escalation via SentinelOne Agent (Aikido)
An arbitrary file deletion vulnerability (Aikido) in Sonicwall Capture Client via SentinelOne Agent could allow a local attacker to escalate privileges and delete files. The exploit was confirmed to work with 6 vulnerable EDR products, including the SentinelOne Agent for Windows.Please note: an attacker must first obtain low-privileged access on the target system in order to exploit this vulnerability.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0025
Cisco Identity Services Engine Unauthorized File Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM
Weidmueller: Multiple IoT and control products affected by JavaScript injection vulnerability
https://cert.vde.com/de/advisories/VDE-2022-056/
NVIDIA GPU Display Driver Advisory - November 2022
http://support.lenovo.com/product_security/PS500536-NVIDIA-GPU-DISPLAY-DRIVER-ADVISORY-NOVEMBER-2022
Vulnerabilities in Linux Kernel, Golang Go, and cURL libcurl may affect IBM Spectrum Protect Plus
https://www.ibm.com/support/pages/node/6847643
Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2022-34165)
https://www.ibm.com/support/pages/node/6847655
Vulnerabilities in zlib and Golang Go may affect the IBM Spectrum Protect Server (CVE-2018-25032, CVE-2022-27664)
https://www.ibm.com/support/pages/node/6847653
IBM Copy Services Manager is vulnerable to a remote attack vulnerabilities due to IBM WebSphere Application Server Liberty vulnerabilities (CVE-2022-22476)
https://www.ibm.com/support/pages/node/6847789
IBM Tivoli Netcool\/OMNIbus Transport Module Common Integration Library is affected by vulnerability in Apache Kafka (CVE-2022-34917)
https://www.ibm.com/support/pages/node/6847829
IBM Tivoli Netcool\/OMNIbus Probe and Integrations Library are affected by vulnerabilities in FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
https://www.ibm.com/support/pages/node/6846525
IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003)
https://www.ibm.com/support/pages/node/6847939
IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004)
https://www.ibm.com/support/pages/node/6847945