Tageszusammenfassung - 21.07.2022

End-of-Day report

Timeframe: Mittwoch 20-07-2022 18:00 - Donnerstag 21-07-2022 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer

News

Apple Patches Everything Day, (Wed, Jul 20th)

Apple today released its usual "surprise patch day" in updating all of its operating systems. There may still be specific Safari updates, but for currently supported operating systems, the operating system upgrades should include respective Safari/WebKit fixes.

https://isc.sans.edu/diary/rss/28862

New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems

A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems.

https://thehackernews.com/2022/07/new-linux-malware-framework-let.html

Outlook email users alerted to suspicious activity from Microsoft-owned IP address

People turn amateur sleuths to discover that the source of all those sign-ins seems to be in Redmond Strange things are afoot in the world of Microsoft email with multiple users reporting unusual sign-in notifications for their Outlook accounts.

https://www.theregister.com/2022/07/21/outlook_sign_ins/

[CVE-2022-34918] A crack in the Linux firewall

In our previous article Yet another bug into Netfilter, I presented a vulnerability found within the netfilter subsystem of the Linux kernel. During my investigation, I found a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22.04.

https://www.randorisec.fr/crack-linux-firewall/

Gitlab Project Import RCE Analysis (CVE-2022-2185)

At the beginning of this month, GitLab released a security patch for versions 14->15. Interestingly in the advisory, there was a mention of a post-auth RCE bug with CVSS 9.9. The bug exists in GitLab-s Project Imports feature, which was found by @vakzz. Incidentally, when I rummaged in the author-s h1 profile. I discovered that four months ago, he also found a bug in the import project feature.

https://starlabs.sg/blog/2022/07-gitlab-project-import-rce-analysis-cve-2022-2185/

Cybercrime: Industriesteuerungen im Visier

Ein Passwort-Cracker mit Trojaner an Bord liefert Passwörter für programmierbare Industrie-Steuersysteme frei Haus und wirft damit eine wichtige Frage auf.

https://heise.de/-7185890

Vorsicht vor Shops mit Abo-Fallen

Sie suchen nach einem Produkt online - sei es Make-Up, Sportkleidung oder Tiernahrung. Plötzlich stoßen Sie auf ein gutes Angebot und das Produkt ist sogar 60 % billiger, wenn Sie VIP-Mitglied werden. Doch im Kleingedruckten steht: Mit diesem Einkauf schließen Sie eine automatische Clubmitgliedschaft und ein teures Abo ab. Vorsicht vor diesen unseriösen Abo-Fallen!

https://www.watchlist-internet.at/news/vorsicht-vor-shops-mit-abo-fallen/

Shodan Verified Vulns 2022-07-01

Mit Stand 2022-07-01 sieht Shodan in Österreich die folgenden Schwachstellen: Verglichen mit Juni 2022 ist durch die Bank ein leichter Abwärtstrend zu erkennen (insgesamt von 9355 auf 8987 verifizierte Schwachstellen). Spitzenreiter sind noch immer CVE-2015-0204 (SSL FREAK, 4090) und CVE-2015-4000 (Logjam, 3193). Davor schon relativ gering vertreten (35), jedoch auffällig gesunken ist die Schwachstelle CVE-2021-43798 (Grafana Path Traversal Vulnerability, -80%). Ausreißer nach oben oder Neuzugänge gibt es nicht.

https://cert.at/de/aktuelles/2022/7/shodan-verified-vulns-2022-07-01

Vulnerabilities

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username "disabledsystemuser."

https://thehackernews.com/2022/07/atlassian-releases-patch-for-critical.html

Schadcode-Attacken mit Root-Rechten auf Cisco Nexus Dashboard möglich

Es gibt wichtige Sicherheitsupdates für Hard- und Software vom Netzwerkausrüster Cisco.

https://heise.de/-7185582

Security updates for Thursday

Security updates have been issued by Mageia (kernel and kernel-linus), SUSE (dovecot23), and Ubuntu (freetype, libxml-security-java, and linux-oem-5.17).

https://lwn.net/Articles/902011/

Request Tracker: Mehrere Schwachstellen

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Request Tracker ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder Sicherheitsmaßnahmen zu umgehen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0788

Security Bulletin: IBM Tivoli Network Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2019-1757)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-network-manager-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2019-1757/

Security Bulletin: Security Vulnerabilities have been fixed in IBM Security Access Manager appliance (CVE-2022-24407, CVE-2020-25709, CVE-2020-25710)

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-access-manager-appliance-cve-2022-24407-cve-2020-25709-cve-2020-25710/

Security Bulletin: IBM Security Verify Information Queue uses an Oracle JDBC jar with multiple vulnerabilities (CVE-2019-2444, CVE-2019-2619, CVE-2017-10321, CVE-2017-10202)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-an-oracle-jdbc-jar-with-multiple-vulnerabilities-cve-2019-2444-cve-2019-2619-cve-2017-10321-cve-2017-10202/

Security Bulletin: Multiple vulnerabilities in IBM Security Verify Information Queue connect image (CVE-2020-9493, CVE-2022-23307)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-security-verify-information-queue-connect-image-cve-2020-9493-cve-2022-23307/

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/

Security Bulletin: IBM Security Verify Information Queue uses a Wire Schema jar with multiple vulnerabilities (CVE-2020-27853, CVE-2021-41093)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-wire-schema-jar-with-multiple-vulnerabilities-cve-2020-27853-cve-2021-41093/

Security Bulletin: IBM Security Verify Information Queue uses a Google gRPC framework with multiple vulnerabilities (CVE-2017-7860, CVE-2017-7861, CVE-2017-9431)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-google-grpc-framework-with-multiple-vulnerabilities-cve-2017-7860-cve-2017-7861-cve-2017-9431/

Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-8/

Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-38936)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2021-38936/

Security Bulletin: Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Governance, Identity Manager virtual appliance component

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-governance-identity-manager-virtual-appliance-component/

Security Bulletin: OpenSSL vulnerabilities in the IBM Security Verify Information Queue web server (CVE-2021-3711, CVE-2021-3712)

https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-in-the-ibm-security-verify-information-queue-web-server-cve-2021-3711-cve-2021-3712/

Security Bulletin: Vulnerability in async opensource package affects IBM VM Recovery Manager HA & DR GUI

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-async-opensource-package-affects-ibm-vm-recovery-manager-ha-dr-gui-2/

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-23/