Tageszusammenfassung - 01.09.2022

End-of-Day report

Timeframe: Mittwoch 31-08-2022 18:00 - Donnerstag 01-09-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner

News

Apple backports fix for actively exploited iOS zero-day to older iPhones

Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices.

https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-actively-exploited-ios-zero-day-to-older-iphones/


Underscores and DNS: The Privacy Story, (Wed, Aug 31st)

The use of underscores in DNS records can easily trigger DNS purists into a rage. Since the beginning of (DNS) time, only the letters a-z, numbers, and dashes are allowed in DNS labels (RFC 1035 section 2.3.1). After all, we want to remain compatible with ARPANET.

https://isc.sans.edu/diary/rss/29002


Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021), (Thu, Sep 1st)

On Tuesday, the Apache project released an update for Geode. The update patches a typical deserialization issue we often see in Java software like Geode (CVE-2022-37021). [...] But the vulnerability has a few dependencies: [...] JMX and RMI are used for the attack. [...] And here comes Jolokia. "JMX on Capsaicin," as it calls itself. It provides a simple HTTP to JMX gateway. So it is somewhat interesting that I also saw some scans for Jol[o]kia starting yesterday.

https://isc.sans.edu/diary/rss/29006


Authority-Scam: Neue Welle von Fake-Mails der Polizei

Kriminelle geben dem Authority-Scam einen neuen Anstrich: Momentan befinden sich wieder viele gefälschte E-Mails der Polizei im Umlauf. Die Empfänger:innen werden beschuldigt eine Straftat begangen zu haben. Die Anschuldigungen umfassen Pädophilie, Cyberpornographie und Exhibitionismus. Antworten Sie nicht und ignorieren Sie das Schreiben, es ist Fake!

https://www.watchlist-internet.at/news/authority-scam-neue-welle-von-fake-mails-der-polizei/


Over 900K Kubernetes clusters are misconfigured! Is your cluster a target?

Kubernetes is an amazing platform for managing containers at scale. However, a recent study found that over 900,000 Kubernetes clusters are vulnerable to attack because they are misconfigured! This means that your Kubernetes cluster could be a target for malicious actors if it is not properly secured. In this blog post, we will discuss how to secure your Kubernetes cluster and protect it from attack.

https://grahamcluley.com/feed-sponsor-teleport-4/


Android TikTok-App: Microsoft findet 1-Klick-Schwachstelle, die Kontenübernahme erlaubte

Microsoft hat eine gefährliche Sicherheitslücke in der TikTok-App für Android entdeckt, die es ermöglichte, Benutzerkonten mit einem einzigen Klick zu kompromittieren. Inzwischen wurde diese Schwachstelle in der TikTok-App für Android geschlossen.

https://www.borncity.com/blog/2022/09/01/android-tiktok-app-microsoft-findet-1-klick-schwachstelle-die-kontenbernahme-erlaubte/


RAT Tool Disguised as Solution File (*.sln) Being Distributed on Github

The ASEC analysis team has recently discovered the distribution of a RAT Tool disguised as a solution file (*.sln) on GitHub. As shown in Figure 1, the malware distributor is sharing a source code on GitHub titled -Jpg Png Exploit Downloader Fud Cryter Malware Builder Cve 2022-. The file composition looks normal, but the solution file (*.sln) is actually a RAT tool. It is through methods like this that the malware distributor lures users to run the RAT tool by disguising it as a solution file (*.sln). Generally, programmers who receive the code that includes the solution file run the file in order to open the project. Users should take caution against social engineering techniques that take advantage of such a thought process.

https://asec.ahnlab.com/en/38150/


Azure Synapse: Local Privilege Escalation Vulnerability in Spark

The story of a simple race condition leading to a Local Privilege Escalation, and how we discovered, in retrospect, that we crossed paths with another researcher and a previous Microsoft case.

https://orca.security/resources/blog/synapse-local-privilege-escalation-vulnerability-spark/

Vulnerabilities

Kritische Lücke in zlib-Bibliothek ermöglicht Codeschmuggel

In der weit verbreiteten Kompressionsbibliothek zlib könnten Angreifer unter Umständen Schadcode einschleusen und ausführen. Erste Patches sind verfügbar.

https://heise.de/-7250044


Sicherheitsupdate: Präparierte Mails könnten Thunderbird gefährlich werden

Es ist ein wichtiges Sicherheitsupdate für den Mailclient Thunderbird erschienen. Damit haben die Entwickler vier Lücken geschlossen.

https://heise.de/-7250566


Security updates for Thursday

Security updates have been issued by Fedora (pdns-recursor, thunderbird, and vim), Gentoo (firefox, thunderbird-bin, virtualbox, and webkit-gtk), Red Hat (convert2rhel), SUSE (gstreamer-plugins-good, open-vm-tools, postgresql12, rsync, and ucode-intel), and Ubuntu (linux-azure, linux-gcp, linux-hwe).

https://lwn.net/Articles/906778/


libTIFF: Mehrere Schwachstellen ermöglichen Denial of Service

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libTIFF ausnutzen, um einen Denial of Service Angriff durchzuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1250


D-LINK Router: Mehrere Schwachstellen

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in D-LINK Router ausnutzen, um Code auszuführen oder einen Denial of Service zu verursachen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1253


Xerox FreeFlow Print Server: Mehrere Schwachstellen

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1251


Security Advisory - Out-of-bounds Read and Write Vulnerability in Some Huawei Headset Products

http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220826-01-outofboundread-en


Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go

https://www.ibm.com/blogs/psirt/security-bulletinibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-openssl-pcre2-and-golang-go/


Security Bulletin: CVE-2021-2163 may affect IBM® SDK, Java- Technology Edition

https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2163-may-affect-ibm-sdk-java-technology-edition/


Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.

https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-v1-6-5-contains-fixes-for-multiple-security-vulnerabilities/


Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing due to Eclipse Paho (CVE-2019-11777)

https://www.ibm.com/blogs/psirt/security-bulletin-liberty-for-java-for-ibm-cloud-is-vulnerable-to-spoofing-due-to-eclipse-paho-cve-2019-11777/


Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-9/


Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting (CVE-2022-35714)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-and-the-ibm-maximo-manage-application-in-ibm-maximo-application-suite-are-vulnerable-to-cross-site-scripting-cve-2022-35714-2/


Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java- Technology Edition

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-14/


Security Bulletin: Multiple vulnerabilities in IBM® SDK Java- Technology Edition, Version 8, affect IBM Workload Scheduler.

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-8-affect-ibm-workload-scheduler/


Delta Electronics DOPSoft

https://us-cert.cisa.gov/ics/advisories/icsa-22-244-01


Contec Health CMS8000

https://us-cert.cisa.gov/ics/advisories/icsma-22-244-01