Tageszusammenfassung - 23.08.2022

End-of-Day report

Timeframe: Montag 22-08-2022 18:00 - Dienstag 23-08-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer

News

Internet-Kernprotokoll: Das Transmission Control Protocol erhält Update

TCP ist der Motor des Internet. Mit einem gerade aktualisierten RFC bekommt er eine Generalüberholung. Aber kann er sich gegen neue Konkurrenz behaupten?

https://heise.de/-7239713


Cyber-Attacken: CISA warnt vor Angriffen auf neu entdeckte Sicherheitslücken

Die US-Cybersicherheitsbehörde CISA warnt vor einigen erst seit Kurzem bekannten Sicherheitslücken. Cyberkriminelle greifen diese bereits aktiv an.

https://heise.de/-7240372


Whos Looking at Your security.txt File?

In April 2022, the RFC related to the small file -security.txt- was released. It was already popular for a while, but an RFC is always a good way to -promote- some best practices! If you're unaware of this file, it helps to communicate security contacts (email addresses, phone, ...) to people who would like to contact you to report an issue with your website or your organization.

https://isc.sans.edu/diary/rss/28972


Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts

Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps.

https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html


New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves.

https://thehackernews.com/2022/08/new-air-gap-attack-uses-mems-gyroscope.html


If you havent patched Zimbra holes by now, assume youre toast

Heres how to detect an intrusion via vulnerable email systems Organizations that didnt immediately patch their Zimbra email systems should assume miscreants have already found and exploited the bugs, and should start hunting for malicious activity across IT networks, according to Uncle Sam.

https://go.theregister.com/feed/www.theregister.com/2022/08/23/cisa_zimbra_signatures/


Ransomware Gang Leaks Data Allegedly Stolen From Greek Gas Supplier

The cybergang behind the Ragnar Locker ransomware has published more than 360 gigabytes of data allegedly stolen from Greece-s largest natural gas supplier Desfa.Established in 2007 as a subsidiary of Depa (Public Gas Corporation of Greece), Desfa operates both the country-s natural gas transmission system and its gas distribution networks.

https://www.securityweek.com/ransomware-gang-leaks-data-allegedly-stolen-greek-gas-supplier


Online-Marktplatz: Vorsicht, wenn Käufer:innen Links zu Kurierdiensten und Zahlungsplattformen schicken

Sie verkaufen über willhaben, laendleanzeiger.at, shpock und Co? Nehmen Sie sich vor betrügerischen Käufer:innen in Acht.

https://www.watchlist-internet.at/news/online-marktplatz-vorsicht-wenn-kaeuferinnen-links-zu-kurierdiensten-und-zahlungsplattformen-schic/


The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware

Threat actors have been searching for another opportunity - and found one. It's called data exfiltration, or exfil, a type of espionage causing headaches at organizations worldwide. Let's take a look.

https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html

Vulnerabilities

GitLab Critical Security Release: 15.3.1, 15.2.3, 15.1.5

Today we are releasing versions 15.3.1, 15.2.3, 15.1.5 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version.

https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/


SECURITY BULLETIN AVEVA-2022-005

Multiple vulnerabilities in AVEVA Edge (formerly known as InduSoft Web Studio). Rating: High

https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf


[CVE-2020-2733] JD Edwards EnterpriseOne Tools admin password not adequately protected

JD Edwards EnterpriseOne Tools 9.2 or lower versions allow unauthenticated attackers to bypass the authentication and get Administrator rights on the system.

https://redrays.io/cve-2020-2733-jd-edwards/


Einbruchsgefahr: Über 80.000 Hikvision-Kameras verwundbar

Hikvision hat zwar Updates für die Kameras veröffentlicht, mehr als 2300 Firmen ignorieren diese jedoch. Angreifer könnten dadurch in deren Netze einbrechen.

https://heise.de/-7239986


Firefox 104: Verbesserungen am PDF-Viewer und Stromverbrauch-Profiler

Die neue Version von Firefox bringt neben sechs gefixten Sicherheitslücken auch Re-Snapping sowie die Möglichkeit, im PDF-Viewer zu unterschreiben.

https://heise.de/-7240408


Security updates for Tuesday

Security updates have been issued by Oracle (kernel and kernel-container), SUSE (bluez, gimp, rubygem-rails-html-sanitizer, systemd-presets-common-SUSE, and u-boot), and Ubuntu (libxslt).

https://lwn.net/Articles/905730/


Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-sannav-software-used-by-ibm-b-type-san-directors-and-switches-5/


Security Bulletin: Multiple security vulnerabilities have been identified in dojo library shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2019-10785, CVE-2020-5259, CVE-2020-4051, CVE-2018-15494, CVE-2021-23450)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-dojo-library-shipped-with-ibm-security-guardium-key-lifecycle-manager-sklm-gklm-cve-2019-10785-cve-2020-5259-cve-2020/


Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2021-22931)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-verify-governance-in-response-to-a-security-vulnerability-cve-2021-22931-2/


Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2022-21824)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-verify-governance-in-response-to-a-security-vulnerability-cve-2022-21824-2/


Security Bulletin: IBM Security Verify Governance is vulnerable to multiple security issues due to Node.js

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-multiple-security-issues-due-to-node-js-2/


Security Bulletin: IBM MQ is vulnerable to issues with libcurl (CVE-2022-27780, CVE-2022-30115)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-issues-with-libcurl-cve-2022-27780-cve-2022-30115/


Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to Google Gson (CVE-2022-25647)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-is-vulnerable-to-denial-of-service-due-to-google-gson-cve-2022-25647/


Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104-2/


Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Apache Commons Compress

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-vulnerable-to-multiple-vulnerabilities-due-to-apache-commons-compress/


D-LINK Router: Schwachstelle ermöglicht Denial of Service

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1151


Trellix Data Loss Prevention: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1149


xpdf: Schwachstelle ermöglicht Codeausführung

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1144


PowerDNS: Schwachstelle ermöglicht Denial of Service

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1152