[CERT-daily] Tageszusammenfassung - 27.04.2022

Wed Apr 27 18:09:06 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 26-04-2022 18:00 − Mittwoch 27-04-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Emotet malware now installs via PowerShell in Windows shortcut files ∗∗∗
---------------------------------------------
The Emotet botnet is now using Windows shortcut files (.LNK) containing PowerShell commands to infect victims computers, moving away from Microsoft Office macros that are now disabled by default.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emotet-malware-now-installs-via-powershell-in-windows-shortcut-files/


∗∗∗ RIG Exploit Kit drops RedLine malware via Internet Explorer bug ∗∗∗
---------------------------------------------
Threat analysts have uncovered yet another large-scale campaign delivering the RedLine stealer malware onto worldwide targets.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/rig-exploit-kit-drops-redline-malware-via-internet-explorer-bug/


∗∗∗ MITRE ATT&CK v11 - a small update that can help (not just) with detection engineering, (Wed, Apr 27th) ∗∗∗
---------------------------------------------
On Monday, a new version of the framework was released, which (among other changes) extends its content a little in order to make its use more straightforward when it comes to mapping of existing detections and for implementation of new ones.
---------------------------------------------
https://isc.sans.edu/diary/rss/28590


∗∗∗ Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054) ∗∗∗
---------------------------------------------
We discovered a pre-authentication vulnerability that allowed us to make arbitrary HTTP requests, including requests with any HTTP method and request body.
---------------------------------------------
https://blog.assetnote.io/2022/04/27/vmware-workspace-one-uem-ssrf/


∗∗∗ Npm-Schwachstelle "Package Planting": Vertrauen ist gut, Kontrolle ist besser ∗∗∗
---------------------------------------------
Eine als Package Planting bezeichnete Sicherheitslücke im Paketmanager npm erlaubte laut Aquasec, die Vertrauenswürdigkeit bekannter Maintainer zu missbrauchen.
---------------------------------------------
https://heise.de/-7066873


∗∗∗ Knapp die Hälfte der Ransomware-Opfer zahlt Lösegeld ∗∗∗
---------------------------------------------
Die Zahl der von Erpressungstrojanern angegriffenen Mittelständler weltweit steigt. Und viele von ihnen zahlen Lösegeld - oft in siebenstelliger Höhe.
---------------------------------------------
https://heise.de/-7067219


∗∗∗ Webinar: Sicher bezahlen im Internet ∗∗∗
---------------------------------------------
Am Dienstag, den 3. Mai 2022 von 18:30 – 20:00 Uhr findet das kostenlose Webinar zum Thema „Sicher bezahlen im Internet" statt.
---------------------------------------------
https://www.watchlist-internet.at/news/webinar-sicher-bezahlen-im-internet/


∗∗∗ Betrügerische Anrufe zu Investitionsmöglichkeiten und Bitcoin ∗∗∗
---------------------------------------------
Vermehrt werden der Watchlist Internet aktuell betrügerische Anrufe gemeldet. Kriminelle versuchen durch diese Anrufe Opfer für Investment-Betrugsmaschen zu gewinnen.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-anrufe-zu-investitionsmoeglichkeiten-und-bitcoin/


∗∗∗ AA22-117A: 2021 Top Routinely Exploited Vulnerabilities ∗∗∗
---------------------------------------------
This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
---------------------------------------------
https://us-cert.cisa.gov/ncas/alerts/aa22-117a


=====================
=  Vulnerabilities  =
=====================

∗∗∗ New Nimbuspwn Linux vulnerability gives hackers root privileges ∗∗∗
---------------------------------------------
A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-nimbuspwn-linux-vulnerability-gives-hackers-root-privileges/


∗∗∗ CVE-2022-26148 Grafana Vulnerability in NetApp Products ∗∗∗
---------------------------------------------
Multiple NetApp products incorporate Grafana. Grafana versions through 7.3.4 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).
---------------------------------------------
https://security.netapp.com/advisory/ntap-20220425-0005/


∗∗∗ Schadcode könnte Nvidias Embedded-System Jetson gefährlich werden ∗∗∗
---------------------------------------------
Sicherheitsupdates schließen Lücken in verschiedenen Jetson-Systemen von Nvidia.
---------------------------------------------
https://heise.de/-7067304


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Mageia (virtualbox), Red Hat (container-tools:2.0, container-tools:3.0, gzip, kernel, kernel-rt, kpatch-patch, mariadb:10.3, mariadb:10.5, maven-shared-utils, polkit, vim, xmlrpc-c, and zlib), Scientific Linux (maven-shared-utils), SUSE (ant, go1.17, go1.18, kernel, and xen), and Ubuntu (fribidi, git, libcroco, libsepol, linux, linux-gcp, linux-ibm, linux-lowlatency, openjdk-17, and openjdk-lts).
---------------------------------------------
https://lwn.net/Articles/892802/


∗∗∗ Chrome 101.0.4951.41 fixt 30 Schwachstellen ∗∗∗
---------------------------------------------
Google hat zum 26. April 2022 Updates des Google Chrome 101.0.4951.41 für Windows und Mac auf dem Desktop im Stable Channel freigegeben. Das ist der neue 101-Entwicklungszweig, wobei das Update 30, zum Teil als Hoch eingestufte Schwachstellen schließt.
---------------------------------------------
https://www.borncity.com/blog/2022/04/27/chrome-101-0-4951-41-fixt-30-schwachstellen/


∗∗∗ Security Advisory - Buffer Overflow Vulnerabilities In Huawei Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220427-01-e9a493e2-en


∗∗∗ Security Bulletin: UrbanCode Deploy users with create-resource permission for the standard resource type may create child resources inheriting custom types (CVE-2022-22315). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-urbancode-deploy-users-with-create-resource-permission-for-the-standard-resource-type-may-create-child-resources-inheriting-custom-types-cve-2022-22315/


∗∗∗ Security Bulletin: Dojo vulnerability in WebSphere Liberty affects SPSS Collaboration and Deployment Services (CVE-2021-23450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-dojo-vulnerability-in-websphere-liberty-affects-spss-collaboration-and-deployment-services-cve-2021-23450/


∗∗∗ K51975973: Eclipse Jetty vulnerability CVE-2021-34428 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K51975973


∗∗∗ PILZ: PMC programming tool 2.x.x affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2021-055/


∗∗∗ PILZ: PMC programming tool 3.x.x affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2021-061/


∗∗∗ PILZ: Multiple vulnerabilities in CODESYS V2 and V3 runtime system ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2021-054/


∗∗∗ BENDER/EBEE: Multiple Charge Controller Vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2021-047/


∗∗∗ Miele: Security vulnerability in Benchmark Programming Tool ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-015/


∗∗∗ Improper Control of Generation of Code in Bosch MATRIX ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-309239-bt.html


∗∗∗ Vulnerability in routers FL MGUARD and TC MGUARD ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-982696.html


∗∗∗ SonicOS Content Filtering Service and SNMP feature affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily