End-of-Day report
Timeframe: Donnerstag 11-08-2022 18:00 - Freitag 12-08-2022 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
I-m a security reporter and got fooled by a blatant phish
Think youre too smart to be fooled by a phisher? Think again.
https://arstechnica.com/?p=1873356
The Importance of Website Logs
In this post, we-ll explain why logs are so important and help you understand how to use website logs to level up your security and maintain compliance.
https://blog.sucuri.net/2022/08/importance-of-website-logs-for-security.html
Conti Cybercrime Cartel Using BazarCall Phishing Attacks as Initial Attack Vector
A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks.
https://thehackernews.com/2022/08/conti-cybercrime-cartel-using-bazarcall.html
Sloppy Software Patches Are a -Disturbing Trend-
The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.
https://www.wired.com/story/software-patch-flaw-uptick-zdi/
Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
Since 2019, threat actor Monster Libra (also known as TA551 or Shathak) has pushed different families of malware.
https://isc.sans.edu/diary/rss/28934
Details zum Einbruch bei Cisco - Einfallstor persönliches Google-Konto
Cisco wurde Opfer eines Cyber-Angriffs, bei dem Kriminelle Zugriff auf das interne Netz erlangten. Jetzt veröffentlicht das Unternehmen Details dazu.
https://heise.de/-7218236
Input-Device-Monitoring bei Windows: Finde die Wanze!
Für moderne Malware, die im Userland agiert, sind forensische Aufspürmethoden für Abhörversuche quasi nicht existent. Ein Forscherteam will Abhilfe schaffen.
https://heise.de/-7218864
O-Neill-Kleidung online kaufen? Nicht auf backmanboats.com!
Wir erhalten immer wieder Meldungen zu Online-Shops, die entweder gar keine Ware verschicken oder etwas, das nichts mit der Produktbeschreibung zu tun hat. Haben Sie ein teures Marken T-Shirt bestellt, aber eine billige Kopie erhalten? Solche Online-Shops nennt man Markenfälscher, da sie angeben, bekannte Marken wie O'Neill zu verkaufen.
https://www.watchlist-internet.at/news/oneill-kleidung-online-kaufen-nicht-auf-backmanboatscom/
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
https://us-cert.cisa.gov/ncas/current-activity/2022/08/11/cisa-adds-two-known-exploited-vulnerabilities-catalog
Windows Sicherheitsupdate KB5012170 für Secure Boot DBX (9. August 2022)
Noch ein kurzer Nachtrag vom Patchday, 9. August 2022. Dort wurde auch ein Sicherheitsupdate für das Secure Boot Modul durch Microsoft bereitgestellt.
https://www.borncity.com/blog/2022/08/12/windows-sicherheitsupdate-kb5012170-fr-secure-boot-dbx-9-august-2022/
Vulnerabilities
Researchers Find Vulnerability in Software Underlying Discord, Microsoft Teams, and Other Apps
The popular apps used by millions of users all run the same software, called Electron.
https://www.vice.com/en/article/m7gb7y/researchers-find-vulnerability-in-software-underlying-discord-microsoft-teams-and-other-apps
Groupware Zimbra "trivial angreifbar" - Admins sollten schnell updaten
Mit der Verkettung zweier Security-Bugs in der Groupware haben Angreifer seit Ende Juni tausende Zimbra-Installationen übernommen.
https://heise.de/-7218354
Security updates for Friday
Security updates have been issued by Debian (gnutls28, libtirpc, postgresql-11, and samba), Fedora (microcode_ctl, wpebackend-fdo, and xen), Oracle (.NET 6.0, galera, mariadb, and mysql-selinux, and kernel), SUSE (dbus-1 and python-numpy), and Ubuntu (booth).
https://lwn.net/Articles/904549/
OT Security Firm Warns of Safety Risks Posed by Alerton Building System Vulnerabilities
OT and IoT cybersecurity company SCADAfence has discovered potentially serious vulnerabilities in a widely used building management system made by Alerton, a brand of industrial giant Honeywell.
https://www.securityweek.com/ot-security-firm-warns-safety-risks-posed-alerton-building-system-vulnerabilities
Realtek SDK Vulnerability Exposes Routers From Many Vendors to Remote Attacks
A serious vulnerability affecting the eCos SDK made by Taiwanese semiconductor company Realtek could expose the networking devices of many vendors to remote attacks.
https://www.securityweek.com/realtek-sdk-vulnerability-exposes-routers-many-vendors-remote-attacks
Bitdefender: Schwachstelle in Device42
Wegen einer mittlerweile behobenen Schwachstelle in Device42 gibt Bitdefender eine Empfehlung zum Update auf die Version 18.01.00 von Device42.
https://www.zdnet.de/88402845/bitdefender-schwachstelle-in-device42/
Vulnerabilities on Xiaomi-s mobile payment mechanism which could allow forged transactions : A Check Point Research analysis
Check Point Research (CPR) analyzed the payment system built into Xiaomi smartphones powered by MediaTek chips CPR found vulnerabilities that could allow forging of payment and disabling the payment system directly.
https://blog.checkpoint.com/2022/08/12/vulnerabilities-on-xiaomis-mobile-payment-mechanism/
VU#309662: Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
https://kb.cert.org/vuls/id/309662
Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to an XML External Entity (XXE) Injection vulnerability due to IBM WebSphere Application Server Liberty ( CVE-2021-20492 )
https://www.ibm.com/blogs/psirt/security-bulletin-watson-knowledge-catalog-instascan-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-due-to-ibm-websphere-application-server-liberty-cve-2021-20492/
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-file-agent-is-vulnerable-to-remote-code-execution-due-to-apache-commons-configuration-cve-2022-33980/
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2022
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-cloud-pak-for-business-automation-ifixes-for-july-2022/
Security Bulletin: Operations Dashboard is vulnerable to remote connection exploit by Go CVE-2022-30629
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-remote-connection-exploit-by-go-cve-2022-30629/
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to ejs [CVE-2022-29078]
https://www.ibm.com/blogs/psirt/security-bulletin-automation-assets-in-ibm-cloud-pak-for-integration-is-vulnerable-to-remote-code-execution-due-to-ejs-cve-2022-29078/
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote authenticated attacker due to Node.js (CVE-2022-29244, CVE-2022-33987)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-and-ibm-integration-bus-are-vulnerable-to-a-remote-authenticated-attacker-due-to-node-js-cve-2022-29244-cve-2022-33987/
Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthenticated attacker to cause a denial of service or low integrity impact due to multiple vulnerabilities.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-are-vulnerable-to-unauthenticated-attacker-to-cause-a-denial-of-service-or-low-integrity-impact-due-to-multiple-vulnerabilities/
PostgreSQL: Schwachstelle ermöglicht Codeausführung
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1013
Emerson ROC800, ROC800L and DL8000
https://us-cert.cisa.gov/ics/advisories/icsa-22-223-04