Tageszusammenfassung - 29.12.2022

End-of-Day report

Timeframe: Mittwoch 28-12-2022 18:00 - Donnerstag 29-12-2022 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer


Google Home speakers allowed hackers to snoop on conversations

A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed.


WordPress Vulnerability & Patch Roundup December 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.


The Worst Hacks of 2022

The year was marked by sinister new twists on cybersecurity classics, including phishing, breaches, and ransomware attacks.


New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection

We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses.


One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware. (arXiv:2212.13716v1 [cs.CR])

Currently, the development of IoT firmware heavily depends on third-partycomponents (TPCs) to improve development efficiency. Nevertheless, TPCs are notsecure, and the vulnerabilities in TPCs will influence the security of IoTf irmware.


A survey and analysis of TLS interception mechanisms and motivations. (arXiv:2010.16388v2 [cs.CR] UPDATED)

TLS is an end-to-end protocol designed to provide confidentiality andintegrity guarantees that improve end-user security and privacy. While TLShelps defend against pervasive surveillance of intercepted unencrypted traffic,it also hinders several common beneficial operations typically performed bymiddleboxes on the network traffic.


HardCIDR - Network CIDR and Range Discovery Tool

HardCIDR is a Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test.



Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting

The router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system.


Security updates for Thursday

Security updates have been issued by Debian (multipath-tools), Fedora (containerd and trafficserver), Gentoo (libksba and openssh), and SUSE (webkit2gtk3).


Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers

Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities.


Ungepatchte Citrix-Server zu Tausenden über kritische Schwachstellen angreifbar

Citrix hat in den letzten Monaten Sicherheitsupdates für kritische Schwachstellen in Citrix ADC- und Gateway-Produkten freigegeben und entsprechende Sicherheitswarnungen veröffentlicht.


(Non-US) DIR-825/EE : H/W Rev. R2 & DIR-825/AC Rev. G1A:: F/W 1.0.9 :: Multiple Vulnerabilities by Trend Micro, the Zero Day Initiative (ZDI)


AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795)


IBM Synthetic Playback Agent is vulnerable due to its use of Apache Commons Text [CVE-2022-42889]