End-of-Day report
Timeframe: Montag 19-09-2022 18:00 - Dienstag 20-09-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
MFA Fatigue: Hackers- new favorite tactic in high-profile breaches
Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue.
https://www.bleepingcomputer.com/news/security/mfa-fatigue-hackers-new-favorite-tactic-in-high-profile-breaches/
Handling WebAuthn over remote SSH connections
Being able to SSH into remote machines and do work there is great. Using hardware security tokens for 2FA is also great. But trying to use them both at the same time doesnt work super well, because if you hit a WebAuthn request on the remote machine it doesnt matter how much you mash your token - its not going to work. But could it?
https://mjg59.dreamwidth.org/61232.html
LastPass source code breach - incident response report released
Wondering how youd handle a data breach report if the worst happened to you? Heres a useful example.
https://nakedsecurity.sophos.com/2022/09/19/lastpass-source-code-breach-incident-response-report-released/
Chainsaw: Hunt, search, and extract event log records, (Mon, Sep 19th)
Chainsaw is a standalone tool that provides a simple and fast method to triage Windows event logs and identify interesting elements within the logs while applying detection logic (Sigma and Chainsaw) to detect malicious activity.
https://isc.sans.edu/diary/rss/29066
E-Mail von -GMX Sicherheit- ist Fake
GMX-Nutzer:innen aufgepasst: Das E-Mail vom Absender -GMX Sicherheit- ist nicht von GMX. Im betrügerischen E-Mail werden Sie aufgefordert, Ihre Kontoinformationen zu vervollständigen. Ansonsten wird angeblich Ihr Konto innerhalb von 24 Stunden gelöscht. Verschieben Sie das Mail in Ihren Spam-Ordner und klicken Sie nicht auf den Link!
https://www.watchlist-internet.at/news/e-mail-von-gmx-sicherheit-ist-fake/
Security Risks in Logistics APIs Used by E-Commerce Platforms
Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers- personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers.
https://www.trendmicro.com/en_us/research/22/i/security-risks-in-logistics-apis-used-by-e-commerce-platforms-.html
Vulnerabilities
Most common SAP vulnerabilities attackers try to exploit
Unpatched vulnerabilities, common misconfigurations and hidden flaws in custom code continue to make enterprise SAP applications a target rich environment for attackers at a time when threats like ransomware and credential theft have emerged as major concerns for organizations.
https://www.csoonline.com/article/3674119/most-common-sap-vulnerabilities-attackers-try-to-exploit.html
Vulnerabilities Identified in EZVIZ Smart Cams
As the creator of the world-s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities that might affect customers if left unaddressed. This research paper is part of a broader program that aims to shed light on the security of the world-s best-sellers in the IoT space.
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams
Security updates for Tuesday
Security updates have been issued by Fedora (dokuwiki and rizin), SUSE (libcontainers-common, permissions, sqlite3, and wireshark), and Ubuntu (tiff, vim, and xen).
https://lwn.net/Articles/908779/
Moodle: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um beliebigen Programmcode auszuführen, einen Cross-Site-Scripting-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Dateien zu manipulieren.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1475
Hitachi Energy PROMOD IV ICS Advisory (ICSA-22-263-01)
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-01
Hitachi Energy AFF660/665 Series ICS Advisory (ICSA-22-263-02)
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-02
Medtronic NGP 600 Series Insulin Pumps ICS Medical Advisory (ICSMA-22-263-01)
https://www.cisa.gov/uscert/ics/advisories/icsma-22-263-01
Dataprobe iBoot-PDU ICS Advisory (ICSA-22-263-03)
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
Host Engineering Communications Module ICS Advisory (ICSA-22-263-04)
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-04
Security Bulletin: A security vulnerability in react-scripts affects IBM Cloud Pak for Multicloud Management Managed Services
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-react-scripts-affects-ibm-cloud-pak-for-multicloud-management-managed-services/
Security Bulletin: Due to use of Apache Commons, IBM Cloud PAK for Watson AI Ops is vulnerable to remote code execution (CVE-2022-33980)
https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-apache-commons-ibm-cloud-pak-for-watson-ai-ops-is-vulnerable-to-remote-code-execution-cve-2022-33980/
Security Bulletin: A security vulnerability in Nodejs marked affects IBM Cloud Pak for Multicloud Management Managed Services
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-nodejs-marked-affects-ibm-cloud-pak-for-multicloud-management-managed-services/
Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.
https://www.ibm.com/blogs/psirt/security-bulletin-provision-to-add-https-and-secure-flag-to-bayeux_browser-cookie-for-ibm-control-desk-2/
Security Bulletin: Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-libcurl-affect-ibm-spectrum-protect-plus-sql-file-indexing-and-windows-host-agents/
Security Bulletin: Multiple vulnerabilities in log4j-1.2.16.jar used by IBM Operations Analytics - Log Analysis
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-log4j-1-2-16-jar-used-by-ibm-operations-analytics-log-analysis-2/
Security Bulletin: A security vulnerability in Node.js dicer affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Managed Services
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-dicer-affects-ibm-cloud-pak-for-watson-aiops-infrastructure-automation-managed-services/
Security Vulnerabilities fixed in Thunderbird 91.13.1
https://www.mozilla.org/en-US/security/advisories/mfsa2022-39/
Security Vulnerabilities fixed in Firefox ESR 102.3
https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/
Security Vulnerabilities fixed in Firefox 105
https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/
Festo: CPX-CEC-C1 and CPX-CMXX, Missing Authentication for Critical Webpage Function
https://cert.vde.com/de/advisories/VDE-2022-036/
JetBrains IntelliJ IDEA: Schwachstelle ermöglicht Codeausführung
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1474
Apache Kafka: Schwachstelle ermöglicht Denial of Service
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1473
Budibase: Schwachstelle ermöglicht Privilegieneskalation
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1472
Spring Data REST Vulnerability (CVE-2022-31679)
https://spring.io/blog/2022/09/19/spring-data-rest-vulnerability-cve-2022-31679