End-of-Day report
Timeframe: Mittwoch 14-12-2022 18:00 - Donnerstag 15-12-2022 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
News
LEGO BrickLink bugs let hackers hijack accounts, breach servers
Security analysts have discovered two API security vulnerabilities in BrickLink.com, LEGO Groups official second-hand and vintage marketplace for LEGO bricks.
https://www.bleepingcomputer.com/news/security/lego-bricklink-bugs-let-hackers-hijack-accounts-breach-servers/
Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems
Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments.
https://thehackernews.com/2022/12/hacking-using-svg-files-to-smuggle-qbot.html
Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability
Dirty Pipe (CVE-2022-0847) proved that there is a new way to exploit Linux syscalls to write to files with a read-only privileges.
https://blog.aquasec.com/deep-analysis-of-the-dirty-pipe-vulnerability
Digging Inside Azure Functions: HyperV Is the Last Line of Defense
We investigated Azures serverless architecture and found that a HyperV VM was the remaining defense after a container breakout.
https://unit42.paloaltonetworks.com/azure-serverless-functions-security/
Patch Tuesday: (zur Abwechslung) Augen auf!
Manchmal gelangen wir die verzwickte Lage, dass sich in den Patchnotes Updates für Schwachstellen verbergen, aufgrund derer wir zwar keine Warnung veröffentlichen, aber auf die wir dennoch explizit hinweisen wollen. Diesen Monat ist es wieder einmal soweit.
https://cert.at/de/blog/2022/12/patch-tuesday-zur-abwechslung-augen-auf
Windows Server 2019/2022: Dezember 2022-Sicherheitsupdates verursachen Hyper-V-Probleme
Die zum Dezember 2022 Patchday von Microsoft ausgerollten Sicherheitsupdates führen in bestimmten Konstellationen zum Problemen mit Hyper-V.
https://www.borncity.com/blog/2022/12/15/windows-server-2019-2022-dezember-2022-sicherheitsupdates-verursachen-hyper-v-probleme/
Microsoft-Zertifikate zur Signatur von Malware missbraucht (Dez. 2022)
Sicherheitsforscher sind auf Fälle gestoßen, wo es Cyberkriminellen gelungen ist, Malware durch gültige digitale Zertifikate von Microsoft zu signieren.
https://www.borncity.com/blog/2022/12/15/microsoft-zertifikate-zur-signatur-von-malware-missbraucht-dez-2022/
Vulnerabilities
Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as Critical
Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution.
https://thehackernews.com/2022/12/microsoft-reclassifies-spnego-extended.html
Typo3: Neue Fassungen schließen hochriskante Sicherheitslücke
Angreifer könnten in Typo3 etwa eigenen PHP-Code einschleusen. Mit neuen Versionen schließen die Entwickler diese und weitere Sicherheitslücken.
https://heise.de/-7395790
Microsoft Patch Tuesday, December 2022 Edition
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software.
https://krebsonsecurity.com/2022/12/microsoft-patch-tuesday-december-2022-edition/
Security updates for Thursday
Security updates have been issued by Debian (firefox-esr and git), Slackware (mozilla and xorg), SUSE (apache2-mod_wsgi, capnproto, xorg-x11-server, xwayland, and zabbix), and Ubuntu (emacs24, firefox, linux-azure, linux-azure-5.15, linux-azure-fde, linux-oem-6.0, and xorg-server, xorg-server-hwe-18.04, xwayland).
https://lwn.net/Articles/917947/
Der unsichtbare Feind: Buffer Overflow Schwachstellen in Zyxel Routern nach wie vor problematisch
https://sec-consult.com/de/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths
https://us-cert.cisa.gov/ncas/current-activity/2022/12/15/drupal-releases-security-updates-address-vulnerabilities-h5p-and
[R1] Tenable.ad Versions 3.29.4, 3.19.12 and 3.11.9 Fix One Vulnerability
https://www.tenable.com/security/tns-2022-27
Multiple Vulnerabilities in CloudPak for Watson AIOPs
https://www.ibm.com/support/pages/node/6848189
Multiple Vulnerabilities in CloudPak for Watson AIOPs
https://www.ibm.com/support/pages/node/6848195
Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.
https://www.ibm.com/support/pages/node/6848221
Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.
https://www.ibm.com/support/pages/node/6848225
A vulnerability in Python affects IBM Elastic Storage System (CVE-2022-0391)
https://www.ibm.com/support/pages/node/6848229
IBM Spectrum Control is vulnerable to multiple weaknesses related to Node [CVE-2022-39353]
https://www.ibm.com/support/pages/node/6848213
Vulnerabilities in IBM Java SDK affect IBM Spectrum Control
https://www.ibm.com/support/pages/node/6847605
IBM Spectrum Control is vulnerable to multiple weaknesses related IBM WebSphere Application Server Liberty and FasterXML jackson-databind
https://www.ibm.com/support/pages/node/6847541
Security vulnerability is addressed with IBM Cloud Pak for Business Automation iFixes for November 2022
https://www.ibm.com/support/pages/node/6848295