INTERNET STORM CENTER SPOTLIGHT
Apple Updates Everything
Published: 2022-12-13
Last Updated: 2022-12-13 20:53:27 UTC
by Johannes Ullrich (Version: 1)
Apple released updates for iOS/iPadOS, MacOS, TVOS, and WatchOS. This significant update fixes 39 vulnerabilities. Many affect multiple operating systems. One vulnerability in WebKit is already being exploited. Please consider the table below "experimental," as we still try to figure out how to correctly parse and rank the Apple updates.
This update will also enable end-to-end encryption for some iCloud data, like backups. It should be obvious that once enabled, and your data will be lost if you lose access to your devices or iCloud credentials. During the setup process, Apple does allow you to setup a recovery contact, essentially a trusted person that will be able to authenticate you during password recovery.
Read the entire diary entry:
https://isc.sans.edu/diary/Apple+Updates+Everything/29338/
Microsoft December 2022 Patch Tuesday
Published: 2022-12-13
Last Updated: 2022-12-13 18:31:55 UTC
by Renato Marinho (Version: 1)
In the last Patch Tuesday of 2022, we got patches for 74 vulnerabilities. Of these, 7 are critical, 1 was previously disclosed, and 1 is already being exploited, according to Microsoft.
The exploited vulnerability is a Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2022-44698). When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. Exploiting this vulnerability, an attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses. The CVSS for this vulnerability is 5.4.
Amongst critical vulnerabilities, there is a Remote Code Execution (RCE) affecting the .Net Framework (CVE-2022-41089). The exploitability for this one is ‘less likely’ according to Microsoft. The CVSS is 8.8.
A second critical vulnerability is an RCE affecting Microsoft SharePoint Server (CVE-2022-44690). According to the advisory, in a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server. The CVSS for this vulnerability is 8.8.
Another critical vulnerability worth mentioning is an RCE in Powershell (CVE-2022-41076). The advisory says that the attack complexity is high as to exploit this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Additionally, it says that an authenticated attacker could escape the PowerShell Remoting Session Configuration and run unapproved commands on the target system. The CVSS for this vulnerability is 8.5.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
Read the entire diary entry:
https://isc.sans.edu/diary/Microsoft+December+2022+Patch+Tuesday/29336/
What you need to know about OpenAI's new ChatGPT bot - and how it affects your security. Lightning Talks and Panel Sessions
OpenAI is a leading research institute focused on developing artificial intelligence technology in a safe and responsible manner.
On Wednesday, December 21 at 11:00am EST (UTC-5) Rob Lee, Jorge Orchilles, and David Hoelzer will discuss the potential risks that advanced AI poses to cybersecurity, and what steps are being taken to address these challenges. We will also explore the ways in which AI can be used to improve cybersecurity and protect against cyber threats. Join us for this comprehensive overview of the role of AI in the field of cybersecurity and its potential impact on society. Register now.
If you are unable to attend the webcast live, please register anyway and you will be able to view the recording on demand once it’s available.