End-of-Day report
Timeframe: Montag 22-08-2022 18:00 - Dienstag 23-08-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Internet-Kernprotokoll: Das Transmission Control Protocol erhält Update
TCP ist der Motor des Internet. Mit einem gerade aktualisierten RFC bekommt er eine Generalüberholung. Aber kann er sich gegen neue Konkurrenz behaupten?
https://heise.de/-7239713
Cyber-Attacken: CISA warnt vor Angriffen auf neu entdeckte Sicherheitslücken
Die US-Cybersicherheitsbehörde CISA warnt vor einigen erst seit Kurzem bekannten Sicherheitslücken. Cyberkriminelle greifen diese bereits aktiv an.
https://heise.de/-7240372
Whos Looking at Your security.txt File?
In April 2022, the RFC related to the small file -security.txt- was released. It was already popular for a while, but an RFC is always a good way to -promote- some best practices! If you're unaware of this file, it helps to communicate security contacts (email addresses, phone, ...) to people who would like to contact you to report an issue with your website or your organization.
https://isc.sans.edu/diary/rss/28972
Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts
Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps.
https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html
New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data
A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves.
https://thehackernews.com/2022/08/new-air-gap-attack-uses-mems-gyroscope.html
If you havent patched Zimbra holes by now, assume youre toast
Heres how to detect an intrusion via vulnerable email systems Organizations that didnt immediately patch their Zimbra email systems should assume miscreants have already found and exploited the bugs, and should start hunting for malicious activity across IT networks, according to Uncle Sam.
https://go.theregister.com/feed/www.theregister.com/2022/08/23/cisa_zimbra_signatures/
Ransomware Gang Leaks Data Allegedly Stolen From Greek Gas Supplier
The cybergang behind the Ragnar Locker ransomware has published more than 360 gigabytes of data allegedly stolen from Greece-s largest natural gas supplier Desfa.Established in 2007 as a subsidiary of Depa (Public Gas Corporation of Greece), Desfa operates both the country-s natural gas transmission system and its gas distribution networks.
https://www.securityweek.com/ransomware-gang-leaks-data-allegedly-stolen-greek-gas-supplier
Online-Marktplatz: Vorsicht, wenn Käufer:innen Links zu Kurierdiensten und Zahlungsplattformen schicken
Sie verkaufen über willhaben, laendleanzeiger.at, shpock und Co? Nehmen Sie sich vor betrügerischen Käufer:innen in Acht.
https://www.watchlist-internet.at/news/online-marktplatz-vorsicht-wenn-kaeuferinnen-links-zu-kurierdiensten-und-zahlungsplattformen-schic/
The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware
Threat actors have been searching for another opportunity - and found one. It's called data exfiltration, or exfil, a type of espionage causing headaches at organizations worldwide. Let's take a look.
https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html
Vulnerabilities
GitLab Critical Security Release: 15.3.1, 15.2.3, 15.1.5
Today we are releasing versions 15.3.1, 15.2.3, 15.1.5 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version.
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
SECURITY BULLETIN AVEVA-2022-005
Multiple vulnerabilities in AVEVA Edge (formerly known as InduSoft Web Studio). Rating: High
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf
[CVE-2020-2733] JD Edwards EnterpriseOne Tools admin password not adequately protected
JD Edwards EnterpriseOne Tools 9.2 or lower versions allow unauthenticated attackers to bypass the authentication and get Administrator rights on the system.
https://redrays.io/cve-2020-2733-jd-edwards/
Einbruchsgefahr: Über 80.000 Hikvision-Kameras verwundbar
Hikvision hat zwar Updates für die Kameras veröffentlicht, mehr als 2300 Firmen ignorieren diese jedoch. Angreifer könnten dadurch in deren Netze einbrechen.
https://heise.de/-7239986
Firefox 104: Verbesserungen am PDF-Viewer und Stromverbrauch-Profiler
Die neue Version von Firefox bringt neben sechs gefixten Sicherheitslücken auch Re-Snapping sowie die Möglichkeit, im PDF-Viewer zu unterschreiben.
https://heise.de/-7240408
Security updates for Tuesday
Security updates have been issued by Oracle (kernel and kernel-container), SUSE (bluez, gimp, rubygem-rails-html-sanitizer, systemd-presets-common-SUSE, and u-boot), and Ubuntu (libxslt).
https://lwn.net/Articles/905730/
Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-sannav-software-used-by-ibm-b-type-san-directors-and-switches-5/
Security Bulletin: Multiple security vulnerabilities have been identified in dojo library shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2019-10785, CVE-2020-5259, CVE-2020-4051, CVE-2018-15494, CVE-2021-23450)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-dojo-library-shipped-with-ibm-security-guardium-key-lifecycle-manager-sklm-gklm-cve-2019-10785-cve-2020-5259-cve-2020/
Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2021-22931)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-verify-governance-in-response-to-a-security-vulnerability-cve-2021-22931-2/
Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2022-21824)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-verify-governance-in-response-to-a-security-vulnerability-cve-2022-21824-2/
Security Bulletin: IBM Security Verify Governance is vulnerable to multiple security issues due to Node.js
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-multiple-security-issues-due-to-node-js-2/
Security Bulletin: IBM MQ is vulnerable to issues with libcurl (CVE-2022-27780, CVE-2022-30115)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-issues-with-libcurl-cve-2022-27780-cve-2022-30115/
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to Google Gson (CVE-2022-25647)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-is-vulnerable-to-denial-of-service-due-to-google-gson-cve-2022-25647/
Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104-2/
Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Apache Commons Compress
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-vulnerable-to-multiple-vulnerabilities-due-to-apache-commons-compress/
D-LINK Router: Schwachstelle ermöglicht Denial of Service
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1151
Trellix Data Loss Prevention: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1149
xpdf: Schwachstelle ermöglicht Codeausführung
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1144
PowerDNS: Schwachstelle ermöglicht Denial of Service
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1152