[CERT-daily] Tageszusammenfassung - 08.04.2022

Daily end-of-shift report team at cert.at
Fri Apr 8 18:05:48 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 07-04-2022 18:00 − Freitag 08-04-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Malicious web redirect service infects 16,500 sites to push malware ∗∗∗
---------------------------------------------
A new TDS (Traffic Direction System) operation called Parrot has emerged in the wild, having already infected servers hosting 16,500 websites of universities, local governments, adult content platforms, and personal blogs.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malicious-web-redirect-service-infects-16-500-sites-to-push-malware/


∗∗∗ Mirai malware now delivered using Spring4Shell exploits ∗∗∗
---------------------------------------------
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mirai-malware-now-delivered-using-spring4shell-exploits/


∗∗∗ CVE-2021-30737, @xerubs 2021 iOS ASN.1 Vulnerability ∗∗∗
---------------------------------------------
Originally this post was just a series of notes I took last year as I was trying to understand this bug. But the bug itself and the narrative around it are so fascinating that I thought it would be worth writing up these notes into a more coherent form to share with the community.
---------------------------------------------
https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-ios-asn1.html


∗∗∗ Public Report – Google Enterprise API Security Assessment ∗∗∗
---------------------------------------------
During the autumn of 2021, Google engaged NCC Group to perform a review of the Android 12 Enterprise API to evaluate its compliance with the Security Technical Implementation Guides (STIG) matrix provided by Google.
---------------------------------------------
https://research.nccgroup.com/2022/04/07/public-report-google-enterprise-api-security-assessment/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (libtiff), Debian (chromium), Fedora (buildah and chromium), openSUSE (firefox), SUSE (firefox, libsolv, libzypp, and openjpeg2), and Ubuntu (firefox and python-oslo.utils).
---------------------------------------------
https://lwn.net/Articles/890718/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-host-on-demand-3/


∗∗∗ Security Bulletin: IBM SPSS Analytic Server is vulnerable to LDAP Injection (CVE-2021-39031) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spss-analytic-server-is-vulnerable-to-ldap-injection-cve-2021-39031/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2021-22931) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-verify-governance-in-response-to-a-security-vulnerability-cve-2021-22931/


∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2022-21824) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-verify-governance-in-response-to-a-security-vulnerability-cve-2022-21824/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-host-on-demand-3/


∗∗∗ Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site request forgery (CVE-2020-4668) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-is-vulnerable-to-cross-site-request-forgery-cve-2020-4668/


∗∗∗ Security Bulletin: Vulnerability in json4j – CVE-2021-3918 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-json4j-cve-2021-3918-publicly-disclosed-vulnerability-impacts-ibm-watson-machine-learning-accelerator/


∗∗∗ Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-and-the-ibm-maximo-manage-application-in-ibm-maximo-application-suite-may-be-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-1-2-cve-2021-410/


∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-16/


∗∗∗ Security Bulletin: Apache Log4j vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-2/


∗∗∗ Security Bulletin: LDAP vulnerability in WebSphere Liberty Profile can affect IBM InfoSphere Global Name Management ENS (CVE-2021-39031) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ldap-vulnerability-in-websphere-liberty-profile-can-affect-ibm-infosphere-global-name-management-ens-cve-2021-39031/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 ∗∗∗
---------------------------------------------
https://webkitgtk.org/security/WSA-2022-0004.html


∗∗∗ D-LINK Router: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0405


∗∗∗ D-LINK Router: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0406


∗∗∗ Microsoft Edge 100.0.1185.36 fixt Schwachstelle ∗∗∗
---------------------------------------------
https://www.borncity.com/blog/2022/04/08/microsoft-edge-100-0-1185-36-fixt-schwachstelle/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list