[CERT-daily] Tageszusammenfassung - 22.04.2022
Daily end-of-shift report
team at cert.at
Fri Apr 22 18:22:01 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 21-04-2022 18:00 − Freitag 22-04-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Sicherheitslücke: Apple-Codec sorgt für Lücke in Android-Smartphones ∗∗∗
---------------------------------------------
Mit päparierten Audiodateien haben sich etliche Android-Smartphones mit Qualcomm- oder Mediatek-Chip hacken lassen.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-apple-codec-sorgt-fuer-luecke-in-android-smartphones-2204-164792-rss.html
∗∗∗ LemonDuck zielt auf Docker ∗∗∗
---------------------------------------------
LemonDuck, ein Kryptomining-Botnet, hat es auf Docker abgesehen, um Kryptowährung auf Linux-Systemen zu schürfen. Diese Kampagne ist derzeit aktiv.
---------------------------------------------
https://www.zdnet.de/88400783/lemonduck-zielt-auf-docker/
∗∗∗ Kritische Lücken in XML Parser Expat gefährden IBM Db2 ∗∗∗
---------------------------------------------
Updates sichern die Datenbank-Software Db2 von IBM ab. Angreifer könnten Systeme mit Schadcode attackieren.
---------------------------------------------
https://heise.de/-7062152
∗∗∗ Vorsicht Fake-SMS: „Sie haben eine neue Sprachnachricht erhalten“ ∗∗∗
---------------------------------------------
Leser:innen der Watchlist Internet melden derzeit wieder vermehrt betrügerische SMS. Kriminelle behaupten dabei, dass Sie eine neue Sprachnachricht hätten. Um mehr zu erfahren, sollen Sie auf einen Link klicken. Wer diesem Link folgt, landet auf einer betrügerischen Webseite, auf der eine App heruntergeladen werden soll. Installieren Sie die App auf keinen Fall! Es handelt sich um gefährliche Schadsoftware.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-fake-sms-sie-haben-eine-neue-sprachnachricht-erhalten/
∗∗∗ QNAP warns of new bugs in its Network Attached Storage devices ∗∗∗
---------------------------------------------
Heres what you need to know - plus some sensible advice for all the devices on your home or small biz network!
---------------------------------------------
https://nakedsecurity.sophos.com/2022/04/22/qnap-warns-of-new-bugs-in-its-network-attached-storage-devices/
∗∗∗ Threat Assessment: BlackByte Ransomware ∗∗∗
---------------------------------------------
BlackByte is ransomware as a service that emerged in July 2021. Read our overview and recommended courses of action for mitigation.
---------------------------------------------
https://unit42.paloaltonetworks.com/blackbyte-ransomware/
∗∗∗ Atlassian fixes critical Jira authentication bypass vulnerability ∗∗∗
---------------------------------------------
Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the companys web application security framework.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/atlassian-fixes-critical-jira-authentication-bypass-vulnerability/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (composer, golang-x-crypto, rubygem-nokogiri, wavpack, xen, and xz) and SUSE (dnsmasq, openjpeg, swtpm, tomcat, and xen).
---------------------------------------------
https://lwn.net/Articles/892372/
∗∗∗ Multiple vulnerabilities found in Mitsubishi controllers ∗∗∗
---------------------------------------------
Mitsubishi recommends using encryption and firewalls. This will help minimize the risk of the detected vulnerabilities being exploited.
---------------------------------------------
https://www.ptsecurity.com/ww-en/about/news/multiple-vulnerabilities-found-in-mitsubishi-controllers
∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – nginx (CVE-2018-16844, CVE-2018-16845, CVE-2018-16843, CVE-2019-7401) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-nginx-cve-2018-16844-cve-2018-16845-cve-2018-16843-cve-2019-7401/
∗∗∗ Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (Multiple CVEs) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-process-mining-multiple-cves/
∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise (CVE-2022-21824) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-cve-2022-21824/
∗∗∗ Security Bulletin: Vulnerability in Node.js affects IBM Process Mining (CVE-2019-5484) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-affects-ibm-process-mining-cve-2019-5484/
∗∗∗ Security Bulletin: Vulnerability in Lodash affects IBM Process Mining (Multiple CVEs) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-lodash-affects-ibm-process-mining-multiple-cves/
∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise (CVE-2021-44532) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-cve-2021-44532/
∗∗∗ Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27223,CVE-2021-28169) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-process-mining-cve-2020-27223cve-2021-28169/
∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects IBM Integrated Analytics System. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-ibm-integrated-analytics-system/
∗∗∗ Security Bulletin: Vulnerability in Node.js Color-String affects IBM Process Mining (CVE-2021-29060) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-color-string-affects-ibm-process-mining-cve-2021-29060/
∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Private – curl (CVE-2020-8231) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-curl-cve-2020-8231/
∗∗∗ Security Bulletin: Vulnerability in Node.js lodash affects IBM Process Mining (CVE-2021-23337,CVE-2020-28500) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-lodash-affects-ibm-process-mining-cve-2021-23337cve-2020-28500/
∗∗∗ Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27216) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-process-mining-cve-2020-27216/
∗∗∗ Security Bulletin: Vulnerability in jQuery affects IBM Process Mining (Multiple CVEs) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jquery-affects-ibm-process-mining-multiple-cves/
∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise (CVE-2021-44533) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-cve-2021-44533/
∗∗∗ Security Bulletin: Vulnerability in http2-common affects IBM Process Mining (Multiple CVEs) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-http2-common-affects-ibm-process-mining-multiple-cves/
∗∗∗ Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2021-28165) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-process-mining-cve-2021-28165/
∗∗∗ Security Bulletin: A Security Vulnerability affects IBM Cloud Private – NGINX (CVE-2019-20372) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-nginx-cve-2019-20372/
∗∗∗ Security Bulletin: Vulnerability in Node.js normalize-url affects IBM Process Mining (CVE-2021-33502) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-normalize-url-affects-ibm-process-mining-cve-2021-33502/
∗∗∗ Security Bulletin: Vulnerability in Node.js IS-SVG affects IBM Process Mining (CVE-2021-29059, CVE-2021-28092) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-is-svg-affects-ibm-process-mining-cve-2021-29059-cve-2021-28092/
∗∗∗ Security Bulletin: The Apache Log4j (CVE-2021-4104) vulnerability affects TPF Operations Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-the-apache-log4j-cve-2021-4104-vulnerability-affects-tpf-operations-server/
∗∗∗ Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-6/
∗∗∗ Security Bulletin: Due to WebSphere Liberty is vulnerable, PowerVM Novalink could allow a remote attacker to hijack the clicking action of the victim. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-due-to-websphere-liberty-is-vulnerable-powervm-novalink-could-allow-a-remote-attacker-to-hijack-the-clicking-action-of-the-victim/
∗∗∗ Security Bulletin: Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights CVE-2021-39031 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-vulnerabilities-in-ibm-websphere-application-server-liberty-affects-ibm-cloud-application-business-insights-cve-2021-39031/
∗∗∗ Security Bulletin: IBM Robotic Process Automation is vulnerable to a denial of service through node.js lodash ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-a-denial-of-service-through-node-js-lodash/
∗∗∗ Security Bulletin: Vulnerability in Apache Commons IO affects IBM Process Mining (CVE-2021-29425) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-io-affects-ibm-process-mining-cve-2021-29425/
∗∗∗ Security Bulletin: Vulnerability in nth-check affects IBM Process Mining (CVE-2021-3803) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nth-check-affects-ibm-process-mining-cve-2021-3803/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list