End-of-Day report
Timeframe: Freitag 20-01-2023 18:00 - Montag 23-01-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Anmeldung bei ManageEngine ServiceDesk Plus MSP mit beliebigem Passwort möglich
Es gibt wichtige Sicherheitsupdates für die Helpdesk-Software ManageEngine ServiceDesk Plus MSP von Zoho.
https://heise.de/-7467650
"Cyberkriminelle" verschaffen sich Zugang zu Sky-Kundenkonten
Der Pay-TV-Anbieter Sky bestätigt, dass sich bösartige Akteure Zugriff zu Kundenkonten verschafft haben. Details gibt es noch nicht, der Schaden ist unklar.
https://heise.de/-7468078
Vorsicht vor Betrug bei der Wohnungssuche im Ausland
Sie planen ein Auslandssemester oder suchen für einen befristeten Zeitraum eine Wohnung oder ein WG-Zimmer? Nehmen Sie sich vor günstigen Traumwohnungen in Acht! Dahinter könnte eine Betrugsmasche stecken. Finger weg, wenn Sie ohne Besichtigung eine Zahlung leisten müssen, die angeblich von TripAdvisor, Airbnb oder Booking.com verwaltet wird. Sie verlieren Ihr Geld und stehen ohne Wohnung da.
https://www.watchlist-internet.at/news/vorsicht-bei-der-wohnungssuche-fuer-ihr-auslandssemester/
Massive ad-fraud op dismantled after hitting millions of iOS devices
A massive ad fraud operation dubbed Vastflux that spoofed more than 1,700 applications from 120 publishers, mostly for iOS, has been disrupted by security researchers at cybersecurity company HUMAN.
https://www.bleepingcomputer.com/news/security/massive-ad-fraud-op-dismantled-after-hitting-millions-of-ios-devices/
Whos Resolving This Domain?, (Mon, Jan 23rd)
Challenge of the day: To find the process that resolved a specific domain. And this is not always easy!
https://isc.sans.edu/diary/rss/29462
Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week.
https://thehackernews.com/2023/01/threat-actors-turn-to-sliver-as-open.html
ShareFinder: How Threat Actors Discover File Shares
Many of our reports focus on adversarial Tactics, Techniques, and Procedures (TTPs) along with the tools associated with them. After gaining a foothold in an environment, one challenge for all [...]
https://thedfirreport.com/2023/01/23/sharefinder-how-threat-actors-discover-file-shares/
Activation Context Cache Poisoning: Exploiting CSRSS for Privilege Escalation
Starting in July of 2022, the Windows CSRSS process entered the consciousness of the infosec community as the source of several local privilege escalation vulnerabilities in Microsoft Windows. The first public information appeared on July 12 with the release of the patch for CVE-2022-22047, which was being actively exploited. Shortly thereafter, Microsoft published an article providing some technical details [...]
https://www.thezdi.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation
Inglourious Drivers - A Journey of Finding Vulnerabilities in Drivers
TL;DR I discovered multiple bugs in OEM vendors for peripheral devices, which affected many users of these OEM vendors (Razer, EVGA, MSI, AMI). Many of the vulnerabilities originated in a [...]
https://www.cyberark.com/resources/threat-research-blog/inglourious-drivers-a-journey-of-finding-vulnerabilities-in-drivers
Vulnerabilities
Unter Attacke: Sicherheitsleck in GTA V ermöglicht Codeschmuggel
Angreifer missbrauchen eine Sicherheitslücke im Spiel GTA V, um die Statistiken von Opfern zu verändern. Sie könnten jedoch Schadcode unterzuschieben.
https://heise.de/-7467685
Technical Advisory - U-Boot - Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
U-Boot is a popular and feature-rich bootloader for embedded systems. It includes optional support for the USB Device Firmware Update (DFU) protocol, which can be used by devices to download new firmware, or upload their current firmware. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and [...]
https://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347/
Security updates for Monday
Security updates have been issued by Debian (powerline-gitstatus, tiff, and trafficserver), Fedora (dotnet6.0, firefox, git, kernel, libXpm, rust, sudo, upx, and yarnpkg), Mageia (kernel and kernel-linus), Red Hat (firefox, java-11-openjdk, and sudo), Slackware (mozilla and seamonkey), SUSE (cacti, cacti-spine, samba, and tor), and Ubuntu (firefox, php7.2, php7.4, php8.1, and python-setuptools, setuptools).
https://lwn.net/Articles/920829/
A CVE-2022-21626 vulnerability in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow
https://www.ibm.com/support/pages/node/6856759
Multiple vulnerability affect IBM Business Automation Workflow - CVE-2022-42003, CVE-2022-42004
https://www.ibm.com/support/pages/node/6856761