End-of-Day report
Timeframe: Dienstag 13-09-2022 18:00 - Mittwoch 14-09-2022 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
Securing your IoT devices against cyber attacks in 5 steps
How is IoT being used in the enterprise, and how can it be secured? We will demonstrate important security best practices and how a secure password policy is paramount to the security of devices.
https://www.bleepingcomputer.com/news/security/securing-your-iot-devices-against-cyber-attacks-in-5-steps/
Easy Process Injection within Python, (Wed, Sep 14th)
Process injection is a common technique used by malware to cover their tracks. What looks more legit than a process called "notepad.exe" or "explorer.exe"?
https://isc.sans.edu/diary/rss/29048
Neue Phishing-Masche: Fake-Konversationen für mehr Glaubwürdigkeit
Sicherheitsforscher warnen vor einer neuen Taktik, die Phishing-Mails noch glaubhafter erscheinen lässt.
https://heise.de/-7263942
Passengers Exposed to Hacking via Vulnerabilities in Airplane Wi-Fi Devices
Researchers have discovered two potentially serious vulnerabilities in wireless LAN devices that they say are often used in airplanes.
https://www.securityweek.com/passengers-exposed-hacking-vulnerabilities-airplane-wi-fi-devices
Malware Infects Magento-Powered Stores via FishPig Distribution Server
For the past several weeks, Magento stores have been injected with malware via a supply chain attack that targeted the FishPig distribution server.
https://www.securityweek.com/malware-infects-magento-powered-stores-fishpig-distribution-server
Mail -Energiekosten: Jetzt 475,00 Euro erhalten- ist Betrug!
In Zeiten von 150 Euro Energiegutschein oder 500 Euro Klimabonus kann eine E-Mail mit dem Betreff -Energiekosten: Jetzt 475,00 Euro erhalten- durchaus für echt gehalten werden. Doch Vorsicht: Die Nachricht leitet auf eine Website zum -Lars Meyer Geld-System- weiter - eine betrügerische Investment-Plattform, auf der Sie nicht investieren dürfen.
https://www.watchlist-internet.at/news/mail-energiekosten-jetzt-47500-euro-erhalten-ist-betrug/
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
https://us-cert.cisa.gov/ncas/current-activity/2022/09/14/cisa-adds-two-known-exploited-vulnerabilities-catalog
Vulnerabilities
Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs
Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on.
https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/
IBM Security Bulletins 2022-09-13
IBM WebSphere Application Server, IBM SPSS Statistics, IBM Maximo Asset Management, IBM Maximo Manage, IBM App Connect Enterprise, IBM Integration Bus, IBM App Connect Professional.
https://www.ibm.com/blogs/psirt/
Patchday: Angreifer attackieren Windows 7 bis 11
Kritische Lücken bedrohen Microsoft Dynamics 365 und Windows. Sicherheitsupdates stehen zur Installation bereit.
https://heise.de/-7263140
Patchday Adobe: Schadcode-Attacken auf InDesign, Photoshop & Co. möglich
Es gibt wichtige Sicherheitsupdates für verschiedene Anwendungen von Adobe. Derzeit sind keine dokumentierten Attacken bekannt.
https://heise.de/-7263205
Security updates for Wednesday
Security updates have been issued by CentOS (open-vm-tools), Debian (freecad and sqlite3), Fedora (qt5-qtwebengine and vim), SUSE (firefox, kernel, libzapojit, perl, postgresql14, and samba), and Ubuntu (dotnet6, dpdk, gdk-pixbuf, rust-regex, and systemd).
https://lwn.net/Articles/907983/
Zero-day in WPGateway Wordpress plugin actively exploited in attacks
https://www.bleepingcomputer.com/news/security/zero-day-in-wpgateway-wordpress-plugin-actively-exploited-in-attacks/
Atlassian Confluence: Schwachstelle ermöglicht Denial of Service
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1422
Delta Industrial Automation DIAEnergie
https://us-cert.cisa.gov/ics/advisories/icsa-22-256-03
Kingspan TMS300 CS
https://us-cert.cisa.gov/ics/advisories/icsa-22-256-04
Honeywell SoftMaster
https://us-cert.cisa.gov/ics/advisories/icsa-22-256-02
Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability
https://us-cert.cisa.gov/ics/advisories/icsa-22-256-01
Multi-Vendor BIOS Security Vulnerabilities (September 2022)
http://support.lenovo.com/product_security/PS500519-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-SEPTEMBER-2022
Quectel Wireless WAN Driver Command Injection Vulnerability
http://support.lenovo.com/product_security/PS500515
genua genucenter: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1412
Zoom Video Communications On-Premise: Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1420