End-of-Day report
Timeframe: Donnerstag 15-12-2022 18:00 - Freitag 16-12-2022 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
News
Phishing attack uses Facebook posts to evade email security
A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information (PII).
https://www.bleepingcomputer.com/news/security/phishing-attack-uses-facebook-posts-to-evade-email-security/
Backdoor Targets FreePBX Asterisk Management Portal
Written in PHP and JavaScript, FreePBX is a web-based open-source GUI that manages Asterisk, a voice over IP and telephony server. This open-source software allows users to build customer phone systems. During a recent investigation, I came across a simple piece of malware targeting FreePBX-s Asterisk Management portal which allowed attackers to arbitrarily add and delete users, as well as modify the website-s .htaccess file. Let-s take a closer look at this backdoor.
https://blog.sucuri.net/2022/12/backdoor-targets-freepbx-asterisk-management-portal.html
Decentralized Identity Attack Surface - Part 2
This is the second part of our Decentralized Identity (DID) blog series. In case you-re not familiar with DID concepts, we highly encourage you to start with the first part. This time we will cover a different DID implementation - Sovrin. We will also see what a critical (CVSS 10) DID vulnerability looks like by reviewing the one we found in this popular implementation.
https://www.cyberark.com/resources/threat-research-blog/decentralized-identity-attack-surface-part-2
Das Ende vom unsicheren Hash-Algorithmus SHA-1 zieht sich wie Kaugummi
Das National Institute of Standards and Technology schickt das längst geknackte SHA-1-Verfahren in Rente - endgültig aber erst in acht Jahren.
https://heise.de/-7396973
Codeschmuggel möglich: Microsoft stuft Sicherheitslücke auf "kritisch" herauf
Eine Sicherheitslücke, für die Microsoft ein Update bereitgestellt hat, ermöglicht unerwartet Angreifern ohne Anmeldung, Schadcode einzuschleusen.
https://heise.de/-7396879
The Data Protection Officer, an ubiquitous role nobody really knows. (arXiv:2212.07712v1 [cs.CR])
Among all cybersecurity and privacy workers, the Data Protection Officer (DPO) stands between those auditing a company's compliance and those acting as management advisors. A person that must be somehow versed in legal, management, and cybersecurity technical skills. We describe how this role tackles socio-technical risks in everyday scenarios.
http://arxiv.org/abs/2212.07712
FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food
The joint CSA analyzes the common tactics, techniques, and procedures (TTPs) utilized by criminal actors to spoof emails and domains to impersonate legitimate employees and order goods that went unpaid and were possibly resold at devalued prices with labeling that lacked industry standard -need-to-knows- (i.e., necessary information about ingredients, allergens, or expiration dates).
https://us-cert.cisa.gov/ncas/current-activity/2022/12/16/fbi-fda-oci-and-usda-release-joint-cybersecurity-advisory
Agenda Ransomware Uses Rust to Target More Vital Industries
This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agendas Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works.
https://www.trendmicro.com/en_us/research/22/l/agenda-ransomware-uses-rust-to-target-more-vital-industries.html
Vulnerabilities
VMSA-2022-0034
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
https://www.vmware.com/security/advisories/VMSA-2022-0034.html
Cisco Security Advisories 2022-12-16
Cisco has updated 18 security advisories: (4x Critical, 11x High, 3x Medium)
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&lastPublishedStartDate=2022%2F12%2F15&lastPublishedEndDate=2022%2F12%2F15
Vulnerabilities in Autodesk Image Processing component used by Autodesk products II
Applications and services that utilize Image Processing component used by Autodesk products may be impacted by Out-of-bound Read, Heap-based Overflow, Out-of-bound Write, Memory corruption, and Use-after-free vulnerabilities.
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0025
Security updates for Friday
Security updates have been issued by Debian (firefox-esr, libde265, php7.3, and thunderbird), Fedora (firefox, freeradius, freerdp, and xorg-x11-server), Oracle (firefox, prometheus-jmx-exporter, and thunderbird), Red Hat (firefox, nodejs:16, prometheus-jmx-exporter, and thunderbird), and SUSE (ceph and chromium).
https://lwn.net/Articles/918047/
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.
https://us-cert.cisa.gov/ncas/current-activity/2022/12/16/samba-releases-security-updates
Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)
https://sec-consult.com/vulnerability-lab/advisory/remote-code-execution-bypass-eclipse-business-intelligence-reporting-birt/
IBM Security Guardium is affected by the following vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889]
https://www.ibm.com/support/pages/node/6848317
Multiple Vulnerabilities in base image packages affect IBM Voice Gateway
https://www.ibm.com/support/pages/node/6848319
Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server
https://www.ibm.com/support/pages/node/6848279