End-of-Day report
Timeframe: Dienstag 14-06-2022 18:00 - Mittwoch 15-06-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Security baseline for Microsoft 365 Apps for enterprise v2206
Microsoft is pleased to announce the release of the recommended security configuration baseline settings for Microsoft 365 Apps for enterprise, version 2206.
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-365-apps-for-enterprise-v2206/ba-p/3502714
Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers
A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022.
https://thehackernews.com/2022/06/panchan-new-golang-based-peer-to-peer.html
TPM Sniffing Attacks Against Non-Bitlocker Targets
Last year, during an uptick in media attention for Trusted Platform Module (TPM) security triggered by a blog post from the Dolos Group describing a sniffing attack on Windows Bitlocker relying on a TPM, a customer asked us to investigate their TPM-based Full Disk Encryption (FDE) set up in light of this type of attack.
https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets
Bypassing CSP with dangling iframes
Our Web Security Academy has a topic on dangling markup injection - a technique for exploiting sites protected by CSP.
https://portswigger.net/research/bypassing-csp-with-dangling-iframes
A tiny botnet launched the largest DDoS attack on record
A small but powerful army of just 5,000 devices generated a record-breaking web attack.
https://www.zdnet.com/article/a-tiny-botnet-launched-the-largest-ddos-attack-on-record/
Vulnerabilities
Citrix warns critical bug can let attackers reset admin passwords
Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords.
https://www.bleepingcomputer.com/news/security/citrix-warns-critical-bug-can-let-attackers-reset-admin-passwords/
Patchday: Updates bessern zehn SAP-Schwachstellen aus
Am Juni-Patchday hat SAP zehn Sicherheitslücken geschlossen. Für zwei ältere Sicherheitsmeldungen aktualisiert der Hersteller die Sicherheitsmeldungen.
https://heise.de/-7141579
Patchday: Microsoft schließt MSDT-Lücke, die auch ohne Makros funktioniert
Windows ist unter anderem über Word verwundbar, wobei auch RTF-Formate genutzt werden können. Aber auch Azure, Edge & Co. bekommen wichtige Sicherheitsupdates.
https://heise.de/-7141070
Patchday Adobe: Schadcode-Lücken in InDesign, Illustrator & Co. geschlossen
Mehrere Adobe-Anwendungen sind über als kritisch eingestufte Schwachstellen attackierbar. Sicherheitsupdates schaffen Abhilfe.
https://heise.de/-7141175
Sicherheitslücke Hertzbleed: x86-Prozessortaktung verrät Geheimnisse
Ein Forscherteam belauscht kryptografische Berechnungen auf modernen x86-CPUs anhand charakteristischer Taktfrequenzänderungen.
https://heise.de/-7141221
Security updates for Wednesday
Security updates have been issued by Red Hat (.NET 6.0 and log4j), SUSE (389-ds, grub2, kernel, openssl-1_1, python-Twisted, webkit2gtk3, and xen), and Ubuntu (php7.2, php7.4, php8.0, php8.1 and util-linux).
https://lwn.net/Articles/897992/
Critical Code Execution Vulnerability Patched in Splunk Enterprise
Splunk this week announced the release of out-of-band patches that address multiple vulnerabilities across Splunk Enterprise, including a critical issue that could lead to arbitrary code execution.
https://www.securityweek.com/critical-code-execution-vulnerability-patched-splunk-enterprise
Schneider Electric Advisories 2022-06-15
https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp
Security Bulletin: IBM Financial Transaction Manager for Digital Payments for Multi-Platform is vulnerable to SQL injection. (CVE-2019-4575)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-financial-transaction-manager-for-digital-payments-for-multi-platform-is-vulnerable-to-sql-injection-cve-2019-4575/
Security Bulletin: Operations Dashboard is vulnerable to denial of service by Go vulnerability CVE-2022-28327
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-denial-of-service-by-go-vulnerability-cve-2022-28327/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix-8/
Security Bulletin: Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities.
https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-v1-6-4-contains-fixes-for-multiple-security-vulnerabilities-2/
Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential Cross-Site Scripting (Reflected) vulnerability (CVE-2020-4560)
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-digital-payments-is-affected-by-a-potential-cross-site-scripting-reflected-vulnerability-cve-2020-4560/
Security Bulletin: Vulnerabilities in Java affects IBM Cloud Application Business Insights - Quaterly Java update, CVE-2021-35603 and CVE-2021-35550
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affects-ibm-cloud-application-business-insights-quaterly-java-update-cve-2021-35603-and-cve-2021-35550/
Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Copy Data Management
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-postgresql-may-affect-ibm-spectrum-copy-data-management-2/
Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-22444)
https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-denial-of-service-due-to-lpd-cve-2022-22444/
Security Bulletin: Operations Dashboard is vulnerable to denial of service by Go vulnerability CVE-2022-24675
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-denial-of-service-by-go-vulnerability-cve-2022-24675/
Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential SQL Injection CVE-2020-4328
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-digital-payments-is-affected-by-a-potential-sql-injection-cve-2020-4328/
VMSA-2022-0016
https://www.vmware.com/security/advisories/VMSA-2022-0016.html
AUMA: SIMA² Master Station Denial of Service Vulnerability on Automation Runtime Webserver
https://cert.vde.com/de/advisories/VDE-2022-024/
Johnson Controls Metasys ADS ADX OAS Servers
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-01
Hardkodierte Backdoor Benutzer und veraltete Software Komponenten in der Nexans FTTO GigaSwitch Serie
https://sec-consult.com/de/vulnerability-lab/advisory/nexans-ftto-gigaswitch-hardkodierte-backdoor-benutzer-veraltete-software-komponenten/
Synaptics Fingerprint Driver Vulnerability
http://support.lenovo.com/product_security/PS500494-SYNAPTICS-FINGERPRINT-DRIVER-VULNERABILITY
Intel Processors MMIO Stale Data Advisory
http://support.lenovo.com/product_security/PS500497-INTEL-PROCESSORS-MMIO-STALE-DATA-ADVISORY