Tageszusammenfassung - 12.08.2022

End-of-Day report

Timeframe: Donnerstag 11-08-2022 18:00 - Freitag 12-08-2022 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer

News

I-m a security reporter and got fooled by a blatant phish

Think youre too smart to be fooled by a phisher? Think again.

https://arstechnica.com/?p=1873356


The Importance of Website Logs

In this post, we-ll explain why logs are so important and help you understand how to use website logs to level up your security and maintain compliance.

https://blog.sucuri.net/2022/08/importance-of-website-logs-for-security.html


Conti Cybercrime Cartel Using BazarCall Phishing Attacks as Initial Attack Vector

A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks.

https://thehackernews.com/2022/08/conti-cybercrime-cartel-using-bazarcall.html


Sloppy Software Patches Are a -Disturbing Trend-

The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.

https://www.wired.com/story/software-patch-flaw-uptick-zdi/


Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike

Since 2019, threat actor Monster Libra (also known as TA551 or Shathak) has pushed different families of malware.

https://isc.sans.edu/diary/rss/28934


Details zum Einbruch bei Cisco - Einfallstor persönliches Google-Konto

Cisco wurde Opfer eines Cyber-Angriffs, bei dem Kriminelle Zugriff auf das interne Netz erlangten. Jetzt veröffentlicht das Unternehmen Details dazu.

https://heise.de/-7218236


Input-Device-Monitoring bei Windows: Finde die Wanze!

Für moderne Malware, die im Userland agiert, sind forensische Aufspürmethoden für Abhörversuche quasi nicht existent. Ein Forscherteam will Abhilfe schaffen.

https://heise.de/-7218864


O-Neill-Kleidung online kaufen? Nicht auf backmanboats.com!

Wir erhalten immer wieder Meldungen zu Online-Shops, die entweder gar keine Ware verschicken oder etwas, das nichts mit der Produktbeschreibung zu tun hat. Haben Sie ein teures Marken T-Shirt bestellt, aber eine billige Kopie erhalten? Solche Online-Shops nennt man Markenfälscher, da sie angeben, bekannte Marken wie O'Neill zu verkaufen.

https://www.watchlist-internet.at/news/oneill-kleidung-online-kaufen-nicht-auf-backmanboatscom/


CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

https://us-cert.cisa.gov/ncas/current-activity/2022/08/11/cisa-adds-two-known-exploited-vulnerabilities-catalog


Windows Sicherheitsupdate KB5012170 für Secure Boot DBX (9. August 2022)

Noch ein kurzer Nachtrag vom Patchday, 9. August 2022. Dort wurde auch ein Sicherheitsupdate für das Secure Boot Modul durch Microsoft bereitgestellt.

https://www.borncity.com/blog/2022/08/12/windows-sicherheitsupdate-kb5012170-fr-secure-boot-dbx-9-august-2022/

Vulnerabilities

Researchers Find Vulnerability in Software Underlying Discord, Microsoft Teams, and Other Apps

The popular apps used by millions of users all run the same software, called Electron.

https://www.vice.com/en/article/m7gb7y/researchers-find-vulnerability-in-software-underlying-discord-microsoft-teams-and-other-apps


Groupware Zimbra "trivial angreifbar" - Admins sollten schnell updaten

Mit der Verkettung zweier Security-Bugs in der Groupware haben Angreifer seit Ende Juni tausende Zimbra-Installationen übernommen.

https://heise.de/-7218354


Security updates for Friday

Security updates have been issued by Debian (gnutls28, libtirpc, postgresql-11, and samba), Fedora (microcode_ctl, wpebackend-fdo, and xen), Oracle (.NET 6.0, galera, mariadb, and mysql-selinux, and kernel), SUSE (dbus-1 and python-numpy), and Ubuntu (booth).

https://lwn.net/Articles/904549/


OT Security Firm Warns of Safety Risks Posed by Alerton Building System Vulnerabilities

OT and IoT cybersecurity company SCADAfence has discovered potentially serious vulnerabilities in a widely used building management system made by Alerton, a brand of industrial giant Honeywell.

https://www.securityweek.com/ot-security-firm-warns-safety-risks-posed-alerton-building-system-vulnerabilities


Realtek SDK Vulnerability Exposes Routers From Many Vendors to Remote Attacks

A serious vulnerability affecting the eCos SDK made by Taiwanese semiconductor company Realtek could expose the networking devices of many vendors to remote attacks.

https://www.securityweek.com/realtek-sdk-vulnerability-exposes-routers-many-vendors-remote-attacks


Bitdefender: Schwachstelle in Device42

Wegen einer mittlerweile behobenen Schwachstelle in Device42 gibt Bitdefender eine Empfehlung zum Update auf die Version 18.01.00 von Device42.

https://www.zdnet.de/88402845/bitdefender-schwachstelle-in-device42/


Vulnerabilities on Xiaomi-s mobile payment mechanism which could allow forged transactions : A Check Point Research analysis

Check Point Research (CPR) analyzed the payment system built into Xiaomi smartphones powered by MediaTek chips CPR found vulnerabilities that could allow forging of payment and disabling the payment system directly.

https://blog.checkpoint.com/2022/08/12/vulnerabilities-on-xiaomis-mobile-payment-mechanism/


VU#309662: Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass

https://kb.cert.org/vuls/id/309662


Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to an XML External Entity (XXE) Injection vulnerability due to IBM WebSphere Application Server Liberty ( CVE-2021-20492 )

https://www.ibm.com/blogs/psirt/security-bulletin-watson-knowledge-catalog-instascan-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-due-to-ibm-websphere-application-server-liberty-cve-2021-20492/


Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-file-agent-is-vulnerable-to-remote-code-execution-due-to-apache-commons-configuration-cve-2022-33980/


Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2022

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-cloud-pak-for-business-automation-ifixes-for-july-2022/


Security Bulletin: Operations Dashboard is vulnerable to remote connection exploit by Go CVE-2022-30629

https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-remote-connection-exploit-by-go-cve-2022-30629/


Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to ejs [CVE-2022-29078]

https://www.ibm.com/blogs/psirt/security-bulletin-automation-assets-in-ibm-cloud-pak-for-integration-is-vulnerable-to-remote-code-execution-due-to-ejs-cve-2022-29078/


Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote authenticated attacker due to Node.js (CVE-2022-29244, CVE-2022-33987)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-and-ibm-integration-bus-are-vulnerable-to-a-remote-authenticated-attacker-due-to-node-js-cve-2022-29244-cve-2022-33987/


Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthenticated attacker to cause a denial of service or low integrity impact due to multiple vulnerabilities.

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-are-vulnerable-to-unauthenticated-attacker-to-cause-a-denial-of-service-or-low-integrity-impact-due-to-multiple-vulnerabilities/


PostgreSQL: Schwachstelle ermöglicht Codeausführung

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1013


Emerson ROC800, ROC800L and DL8000

https://us-cert.cisa.gov/ics/advisories/icsa-22-223-04