Tageszusammenfassung - 13.09.2022

End-of-Day report

Timeframe: Montag 12-09-2022 18:00 - Dienstag 13-09-2022 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer

News

New PsExec spinoff lets hackers bypass network security defenses

Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a less monitored port.

https://www.bleepingcomputer.com/news/security/new-psexec-spinoff-lets-hackers-bypass-network-security-defenses/

Security pros get ability to manually add incidents to Microsoft Sentinel

Microsoft is introducing a feature to Sentinel to enable security analysts to manually create an incident report and the ability to manually delete the incident if needed.

https://www.theregister.com/2022/09/12/microsoft_sentinel_manual_siem_reports/

Letting off steam

In July alone, CERT-GIB specialists identified more than 150 fraudulent resources mimicking Steam, a major online gaming platform. To steal Steam credentials, hackers have been using a new phishing technique called browser-in-the-browser, which tricks users into thinking that a fake webpage is a legal resource.

https://blog.group-ib.com/steam

Tool Release - Monkey365

Monkey 365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews without the significant overhead of learning tool APIs or complex admin panels from the start.

https://research.nccgroup.com/2022/09/07/tool-release-monkey365/

OriginLogger: A Look at Agent Tesla-s Successor

We provide an overview of the OriginLogger keylogger, including info on a dropper lure and OriginLogger-s configuration and infrastructure.

https://unit42.paloaltonetworks.com/originlogger/

How to tighten your security in Microsoft Edge

Edge offers several options to help protect you from malicious websites and other online hazards.

https://www.zdnet.com/article/how-to-tighten-your-security-in-microsoft-edge/

MISP 2.4.162 released with a new periodic notification system, workflow updates and many improvements

We are pleased to announce the immediate availability of MISP v2.4.162 with a new periodic notification system, workflow updates and many improvements.

https://github.com/MISP/MISP/releases/tag/v2.4.162

Vulnerabilities

Trend Micro warns of actively exploited Apex One RCE vulnerability

Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible.

https://www.bleepingcomputer.com/news/security/trend-micro-warns-of-actively-exploited-apex-one-rce-vulnerability/

Firmware: Etliche HP-Rechner mit Sicherheitslücken, aber ohne Patches

Gemeldet wurden die Sicherheitslücken vor vielen Monaten, doch etliche Businessgeräte von HP haben noch keine Updates erhalten.

https://www.golem.de/news/firmware-etliche-hp-rechner-mit-sicherheitsluecken-aber-ohne-patches-2209-168255.html

iPadOS, macOS Monterey und altes iOS: Apple patcht Lücken

iPadOS 16 ist noch nicht fertig, dafür kommt ein Sicherheitsupdate. Auf dem Mac gibts nun Safari 16 - und ebenfalls viele Patches. Auch iOS 15 wird bedacht.

https://heise.de/-7261410

Lorenz Ransomware nutzt VoIP-Telefone MiVoice Connect von Mitel als Sprungbrett

Angreifer nutzen derzeit eine kritische Sicherheitslücke in Telefonsystemen von Mitel aus. Sicherheitsupdates sind verfügbar.

https://heise.de/-7261947

Security updates for Tuesday

Security updates have been issued by Debian (connman and python-oslo.utils), Fedora (libapreq2), Red Hat (booth, gnupg2, kernel, kernel-rt, mariadb:10.3, nodejs:14, nodejs:16, python3, ruby:2.7, and ruby:3.0), SUSE (chromium, opera, python2-numpy, and rubygem-kramdown), and Ubuntu (poppler).

https://lwn.net/Articles/907869/

FBI warns of vulnerabilities in medical devices following several CISA alerts

The FBI on Monday warned that hundreds of vulnerabilities in widely used medical devices are leaving a door open for cyberattacks.

https://therecord.media/fbi-warns-of-vulnerabilities-in-medical-devices-following-several-cisa-alerts/

SSA-638652 V1.0: Authentication Bypass Vulnerability in Mendix SAML Module

https://cert-portal.siemens.com/productcert/txt/ssa-638652.txt

SSA-637483 V1.0: Third-Party Component Vulnerabilities in SINEC INS before V1.0 SP2

https://cert-portal.siemens.com/productcert/txt/ssa-637483.txt

SSA-589975 V1.0: Improper Access Control Vulnerability in CoreShield OWG Software

https://cert-portal.siemens.com/productcert/txt/ssa-589975.txt

SSA-518824 V1.0: Multiple File Parsing Vulnerabilities in Simcenter Femap and Parasolid

https://cert-portal.siemens.com/productcert/txt/ssa-518824.txt

SSA-459643 V1.0: Denial of Service Vulnerability in RUGGEDCOM ROS before V5.6.0

https://cert-portal.siemens.com/productcert/txt/ssa-459643.txt

Security Bulletin: IBM CICS TX Standard is vulnerable to identity spoofing due to IBM WebSphere Application Server Liberty (CVE-2022-22475)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-standard-is-vulnerable-to-identity-spoofing-due-to-ibm-websphere-application-server-liberty-cve-2022-22475/

Security Bulletin: Vulnerability in MIT Kerberos 5 affects PowerSC (CVE-2021-37750)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-mit-kerberos-5-affects-powersc-cve-2021-37750/

Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability due to invscout (CVE-2022-36768)

https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-privilege-escalation-vulnerability-due-to-invscout-cve-2022-36768/

Security Bulletin: IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. (CVE-2022-35637)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-after-entering-a-specially-crafted-malformed-sql-statement-into-the-db2expln-tool-cve-2022-35637/

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-is-vulnerable-to-cross-site-scripting-in-the-admin-console-cve-2022-34336/

Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.

https://www.ibm.com/blogs/psirt/security-bulletin-provision-to-add-https-and-secure-flag-to-bayeux_browser-cookie-for-ibm-control-desk/

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing with authenticated user and ability to bypass security restrictions due to Eclipse Paho Java client (CVE-2019-11777, CVE-2022-22476)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-for-ibm-i-is-vulnerable-to-identity-spoofing-with-authenticated-user-and-ability-to-bypass-security-restrictions-due-to-eclipse-paho-java-cl/

Security Bulletin: IBM CICS TX Advanced is vulnerable to identity spoofing due to IBM WebSphere Application Server Liberty (CVE-2022-22475)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-advanced-is-vulnerable-to-identity-spoofing-due-to-ibm-websphere-application-server-liberty-cve-2022-22475/

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2022-29824)

https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-denial-of-service-due-to-libxml2-cve-2022-29824/

Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability (CVE-2022-34356)

https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-privilege-escalation-vulnerability-cve-2022-34356/

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-in-some-scenarios-due-to-unauthorized-access-caused-by-improper-privilege-management-when-create-or-replace-command/

Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-txseries-for-multiplatforms-8/