End-of-Day report
Timeframe: Mittwoch 28-12-2022 18:00 - Donnerstag 29-12-2022 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
Google Home speakers allowed hackers to snoop on conversations
A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed.
https://www.bleepingcomputer.com/news/security/google-home-speakers-allowed-hackers-to-snoop-on-conversations/
WordPress Vulnerability & Patch Roundup December 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.
https://blog.sucuri.net/2022/12/wordpress-vulnerability-patch-roundup-december-2022.html
The Worst Hacks of 2022
The year was marked by sinister new twists on cybersecurity classics, including phishing, breaches, and ransomware attacks.
https://www.wired.com/story/worst-hacks-2022/
New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses.
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware. (arXiv:2212.13716v1 [cs.CR])
Currently, the development of IoT firmware heavily depends on third-partycomponents (TPCs) to improve development efficiency. Nevertheless, TPCs are notsecure, and the vulnerabilities in TPCs will influence the security of IoTf irmware.
http://arxiv.org/abs/2212.13716
A survey and analysis of TLS interception mechanisms and motivations. (arXiv:2010.16388v2 [cs.CR] UPDATED)
TLS is an end-to-end protocol designed to provide confidentiality andintegrity guarantees that improve end-user security and privacy. While TLShelps defend against pervasive surveillance of intercepted unencrypted traffic,it also hinders several common beneficial operations typically performed bymiddleboxes on the network traffic.
http://arxiv.org/abs/2010.16388
HardCIDR - Network CIDR and Range Discovery Tool
HardCIDR is a Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test.
https://www.darknet.org.uk/2022/12/hardcidr-network-cidr-and-range-discovery-tool/
Vulnerabilities
Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting
The router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system.
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5743.php
Security updates for Thursday
Security updates have been issued by Debian (multipath-tools), Fedora (containerd and trafficserver), Gentoo (libksba and openssh), and SUSE (webkit2gtk3).
https://lwn.net/Articles/918715/
Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers
Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities.
https://www.securityweek.com/several-dos-code-execution-vulnerabilities-found-rockwell-automation-controllers
Ungepatchte Citrix-Server zu Tausenden über kritische Schwachstellen angreifbar
Citrix hat in den letzten Monaten Sicherheitsupdates für kritische Schwachstellen in Citrix ADC- und Gateway-Produkten freigegeben und entsprechende Sicherheitswarnungen veröffentlicht.
https://www.borncity.com/blog/2022/12/29/ungepatchte-citrix-server-zu-tausenden-ber-kritische-schwachstellen-angreifbar/
(Non-US) DIR-825/EE : H/W Rev. R2 & DIR-825/AC Rev. G1A:: F/W 1.0.9 :: Multiple Vulnerabilities by Trend Micro, the Zero Day Initiative (ZDI)
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10319
AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795)
https://www.ibm.com/support/pages/node/6851445
IBM Synthetic Playback Agent is vulnerable due to its use of Apache Commons Text [CVE-2022-42889]
https://www.ibm.com/support/pages/node/6852105