[CERT-daily] Tageszusammenfassung - 22.08.2022

Daily end-of-shift report team at cert.at
Mon Aug 22 18:11:57 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 19-08-2022 18:00 − Montag 22-08-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ 241 npm and PyPI packages caught dropping Linux cryptominers ∗∗∗
---------------------------------------------
More than 200 malicious packages were discovered infiltrating the PyPI and npm open source registries this week. These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/241-npm-and-pypi-packages-caught-dropping-linux-cryptominers/


∗∗∗ New tool checks if in-app mobile browsers inject risky code on sites ∗∗∗
---------------------------------------------
A new online tool named InAppBrowser lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-tool-checks-if-in-app-mobile-browsers-inject-risky-code-on-sites/


∗∗∗ LockBit claims ransomware attack on security giant Entrust, leaks data ∗∗∗
---------------------------------------------
The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-security-giant-entrust-leaks-data/


∗∗∗ Multi-Faktor-Authentisierung umgehen: Malware klaut automatisiert Cookies ∗∗∗
---------------------------------------------
Um Multi-Faktor-Authentisierung umgehen zu können, klauen Kriminelle vermehrt Browser-Cookies mittels Malware.
---------------------------------------------
https://www.golem.de/news/multi-faktor-authentisierung-umgehen-malware-klaut-automatisiert-cookies-2208-167763.html


∗∗∗ Meet Borat RAT, a New Unique Triple Threat ∗∗∗
---------------------------------------------
Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen?
---------------------------------------------
https://thehackernews.com/2022/08/meet-borat-rat-new-unique-triple-threat.html


∗∗∗ Sicherer im Internet surfen: Obacht vor gefälschten DDoS-Check-Websites ∗∗∗
---------------------------------------------
Wer im Internet ohne Nachzudenken klickt, kann sich schnell einen Trojaner einfangen. Nun warnen Sicherheitsforscher vor einer weiteren Malware-Masche.
---------------------------------------------
https://heise.de/-7238985


∗∗∗ Bösartige Apps im Google Play Store: Mehr als zwei Millionen Downloads ∗∗∗
---------------------------------------------
Bitdefender hat 35 bösartige Apps in Googles Play Store entdeckt. Sie kommen zusammen auf mehr als zwei Millionen Downloads.
---------------------------------------------
https://heise.de/-7239109


∗∗∗ Kriminelle kapern Facebook-Konten und bewerben Fake-Investment-Plattformen ∗∗∗
---------------------------------------------
Tom und zahlreiche andere Personen wurden von Claudia auf Facebook bei einem Beitrag markiert. Der Beitrag ist ein Link zu einem Artikel, wie man mit einer Investment-Plattform in kurzer Zeit viel Geld verdienen kann. Vorsicht: Dabei handelt es sich um Betrug.
---------------------------------------------
https://www.watchlist-internet.at/news/kriminelle-kapern-facebook-konten-und-bewerben-fake-investment-plattformen/


∗∗∗ Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More ∗∗∗
---------------------------------------------
Recent exploits observed in the wild are highlighted based on the availability of proofs of concept, the severity of the vulnerabilities the exploits are based on and the ease of exploitation.
---------------------------------------------
https://unit42.paloaltonetworks.com/recent-exploits-network-security-trends/


∗∗∗ Hackers are using this sneaky exploit to bypass Microsofts multi-factor authentication ∗∗∗
---------------------------------------------
Attackers guessed the password of a dormant account and were able to apply their own MFA to it - providing access to the victims network.
---------------------------------------------
https://www.zdnet.com/article/hackers-are-using-this-sneaky-trick-to-exploit-dormant-microsoft-cloud-accounts-and-bypass-multi-factor-authentication/


∗∗∗ Sicherheitslücken - jetzt auch in deiner Appliance ∗∗∗
---------------------------------------------
Die Entwickler des quelloffenen Frameworks YARA haben vor knapp zwei Wochen fast schon heimlich still und leise eine neue Version veröffentlicht, v4.2.3, welche in der medialen Berichterstattung beinahe untergegangen ist.
---------------------------------------------
https://cert.at/de/blog/2022/8/sicherheitslucken-jetzt-auch-in-deiner-appliance


∗∗∗ CISA Adds One Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CISA has added a new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/08/22/cisa-adds-one-known-exploited-vulnerabilities-catalog


∗∗∗ Sicherheit: Wenn plötzlich ein (Fake-)"Office 365-Paket" per Post kommt ∗∗∗
---------------------------------------------
Kleine Warnung, die sich vor allem an unerfahrene Leser dieses Blogs bzw. Nutzer richtet. Kriminelle verschicken wohl Päckchen an (vorwiegend ältere Leute), in denen vorgeblich ein Microsoft Office enthalten ist.
---------------------------------------------
https://www.borncity.com/blog/2022/08/21/sicherheit-wenn-pltzlich-ein-office-paket-per-post-kommt/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Uncovering a ChromeOS remote memory corruption vulnerability ∗∗∗
---------------------------------------------
Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
---------------------------------------------
https://www.microsoft.com/security/blog/2022/08/19/uncovering-a-chromeos-remote-memory-corruption-vulnerability/


∗∗∗ "As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered ∗∗∗
---------------------------------------------
Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe." Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level.
---------------------------------------------
https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (jetty9 and kicad), Fedora (community-mysql and trafficserver), Gentoo (chromium, gettext, tomcat, and vim), Mageia (apache-mod_wsgi, libitrpc, libxml2, teeworlds, wavpack, and webkit2), Red Hat (podman), Slackware (vim), SUSE (java-1_8_0-openjdk, nodejs10, open-iscsi, rsync, and trivy), and Ubuntu (exim4).
---------------------------------------------
https://lwn.net/Articles/905590/


∗∗∗ YARA 4.2.3 Released, (Sat, Aug 20th) ∗∗∗
---------------------------------------------
https://isc.sans.edu/diary/rss/28964


∗∗∗ Security Bulletin: This Power System update is being released to address CVE 2021-29891 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2021-29891/


∗∗∗ Security Bulletin: This Power System update is being released to address CVE-2019-16649 and CVE-2019-16650 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2019-16649-and-cve-2019-16650/


∗∗∗ Security Bulletin: Vulnerabilities with OpenJDK affect IBM Cloud Object Storage Systems (August 2022v1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-openjdk-affect-ibm-cloud-object-storage-systems-august-2022v1/


∗∗∗ Security Bulletin: This Power System update is being released to address CVE 2022-0778 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2022-0778/


∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring RRT Agent (CVE-2021-45346) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-rrt-agent-cve-2021-45346/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak-3/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak-2/


∗∗∗ Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list