End-of-Day report
Timeframe: Donnerstag 01-09-2022 18:00 - Freitag 02-09-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Microsoft will disable Exchange Online basic auth next month
Microsoft warned customers today that it will finally disable basic authentication in random tenants worldwide to improve Exchange Online security starting October 1, 2022.
https://www.bleepingcomputer.com/news/microsoft/microsoft-will-disable-exchange-online-basic-auth-next-month/
Sharkbot is back in Google Play
This new dropper doesn-t rely Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware. Instead, this new version ask the victim to install the malware as a fake update for the antivirus to stay protected against threats.
https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/
NSA gibt Sicherheitstipps gegen Supply-Chain-Attacken
Die Cybersecurity and Infrastructure Agency (CISA), die National Security Agency (NSA) und das Office of the Director of National Intelligence (ODNI) haben wichtige Tipps zum Entwickeln von sicherer Software veröffentlicht.
https://heise.de/-7251765
Unverschlüsselte Access Tokens: Sicherheitslücke in tausenden Apps
Sicherheitsforscher warnen vor unverschlüsselten Access Tokens in Apps. Oft holen sich Entwickler Probleme ungewollt ins Haus. Besonders betroffen: iOS-Apps.
https://heise.de/-7252134
When disclosure goes wrong. People
My experience of vulnerability disclosure is that it is rarely as easy or simple as it could be. I had hoped that bug bounty programmes and vulnerability disclosure programmes (VDPs) would help matters. Broadly that doesn-t seem to be the case, often for unexpected reasons.
https://www.pentestpartners.com/security-blog/when-disclosure-goes-wrong-people/
Ransomware auf IoT: Anderer Sicherheitsansatz bei IoT-Geräten erforderlich
Wir haben uns vermutlich an die täglichen Ransomware-Angriffe auf IT-Systeme gewöhnt. Aber mit der Zunahme von IoT-Geräten droht eine wachsende Gefahr für solche Sicherheitsvorfälle. CheckPoint meint, dass IoT-Geräte einen anderen Sicherheitsansatz brauchen, um dieser Gefahr (z.B. Infektionen durch Ransomware) zu begegnen.
https://www.borncity.com/blog/2022/09/02/ransomware-auf-iot-anderer-sicherheitsansatz-bei-iot-gerten-erforderlich/
Architecting for Extortion: Acting on the IST-s Blueprint for Ransomware Defense
Last month, the Institute for Security and Technology-s Ransomware Task Force launched the Blueprint for Ransomware Defense.
https://www.rapid7.com/blog/post/2022/09/02/architecting-for-extortion-acting-on-the-ists-blueprint-for-ransomware-defense/
Vulnerabilities
Security updates for Friday
Security updates have been issued by CentOS (firefox, rsync, systemd, and thunderbird), Debian (chromium, dpdk, and sofia-sip), Fedora (kernel, thunderbird, and zlib), Red Hat (pcs and rh-mariadb103-galera and rh-mariadb103-mariadb), Slackware (poppler), SUSE (cifs-utils, curl, dwarves and elfutils, firefox, flatpak, gnutls, gpg2, harfbuzz, ignition, kernel, ldb, samba, libslirp, libsolv, libzypp, zypper, libtirpc, logrotate, mozilla-nss, ncurses, open-vm-tools, openssl-1_1, p11-kit, pcre, pcre2, podman, postgresql12, postgresql13, postgresql14, python-M2Crypto, python3, rsync, salt, spice, systemd-presets-common-SUSE, tiff, ucode-intel, xen, and zlib), and Ubuntu (curl, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency, linux, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-snapdragon, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, and linux-aws-hwe).
https://lwn.net/Articles/906973/
NetApp ActiveIQ Unified Manager: Mehrere Schwachstellen
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in NetApp ActiveIQ Unified Manager ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1263
Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2022 CPU plus deferred CVE-2021-2163
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affects-ibm-websphere-application-server-and-ibm-websphere-application-server-liberty-due-to-july-2022-cpu-plus-deferred-cve-2021-2163/
Security Bulletin: Vulnerabilities with Kernel, GnuTLS affect IBM Cloud Object Storage Systems (August 2022v1)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/
Security Bulletin: IBM DataPower Gateway vulnerable to CSRF attack
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-csrf-attack-2/