[CERT-daily] Tageszusammenfassung - 30.08.2022

Tue Aug 30 18:10:02 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 29-08-2022 18:00 − Dienstag 30-08-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Windows malware delays coinminer install by a month to evade detection ∗∗∗
---------------------------------------------
A new malware campaign disguised as Google Translate or MP3 downloader programs was found distributing cryptocurrency mining malware across 11 countries.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-malware-delays-coinminer-install-by-a-month-to-evade-detection/


∗∗∗ Two things that will never die: bash scripts and IRC!, (Tue, Aug 30th) ∗∗∗
---------------------------------------------
Last week, Brock Perry, one of our SANS.edu undergraduate students, came across a neat bash script uploaded to the honeypot as part of an attack. I am sure this isn't new, but I never quite saw something like this before myself.
---------------------------------------------
https://isc.sans.edu/diary/rss/28998


∗∗∗ Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users ∗∗∗
---------------------------------------------
A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious extensions and discovered 5 extensions with a total install base of over 1,400,000.
---------------------------------------------
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/


∗∗∗ Keine „Testzahlungen“ auf Kleinanzeigen-Plattformen durchführen! ∗∗∗
---------------------------------------------
Auf Kleinanzeigen-Plattformen wie Willhaben, Vinted, eBay Kleinanzeigen und Co finden Sie tolle Schnäppchen oder können Gebrauchtes zu Geld machen. Doch Vorsicht: Auch Kriminelle, die Ihnen das Geld aus der Tasche ziehen wollen, tummeln sich dort zuhauf. Bei einer aktuellen Masche fälschen diese die Zahlungsseiten der Plattformen und fordern zu Testzahlungen auf. Brechen Sie sofort den Kontakt ab. Man will Sie betrügen!
---------------------------------------------
https://www.watchlist-internet.at/news/keine-testzahlungen-auf-kleinanzeigen-plattformen-durchfuehren/


∗∗∗ ModernLoader delivers multiple stealers, cryptominers and RATs ∗∗∗
---------------------------------------------
Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims.
---------------------------------------------
http://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitslücken in Foxit PDF Editor und Reader ermöglichen Codeschmuggel ∗∗∗
---------------------------------------------
Angreifer könnten etwa mit manipulierten Dokumenten in Foxit PDF Editor und Reader Schadcode einschleusen. Aktualisierte Software schließt die Sicherheitslücke.
---------------------------------------------
https://heise.de/-7247760


∗∗∗ Sicherheitslücke: Zwischenablage in Chromium-basierten Browsern frei zugreifbar ∗∗∗
---------------------------------------------
Webseiten können derzeit in aktuellen Chromium-basierten Webbrowsern beliebig auf die Zwischenablage zugreifen. Das ermöglicht etwa Angriffe auf Nutzer.
---------------------------------------------
https://heise.de/-7248070


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (thunderbird), Fedora (ctk, dcmtk, OpenImageIO, and varnish-modules), Red Hat (systemd), SUSE (libslirp, open-vm-tools, and opera), and Ubuntu (jupyter-notebook, libsdl1.2, and systemd).
---------------------------------------------
https://lwn.net/Articles/906461/


∗∗∗ [20220801] - Core - Multiple Full Path Disclosures because of missing _JEXEC or die check ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/884-20220801-core-multiple-full-path-disclosures-because-of-missing-jexec-or-die-check.html


∗∗∗ Security Bulletin: Tririga is vulnerable to remote hacker due to dom4j open source ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-tririga-is-vulnerable-to-remote-hacker-due-to-dom4j-open-source/


∗∗∗ Security Bulletin: A security vulnerability has been fixed in IBM Security Identity Manager (CVE-2021-29864) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-fixed-in-ibm-security-identity-manager-cve-2021-29864/


∗∗∗ Security Bulletin: glibc vulnerability affects IBM Elastic Storage System (CVE-2021-3999) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-glibc-vulnerability-affects-ibm-elastic-storage-system-cve-2021-3999/


∗∗∗ Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-4203) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-linux-kernel-vulnerability-may-affect-ibm-elastic-storage-system-cve-2021-4203/


∗∗∗ Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-8/


∗∗∗ Security Bulletin: Due to use of OpenSSL, IBM Virtualization Engine TS7700 is vulnerable to denial of service (CVE-2022-0778) and privilege escalation (CVE-2022-1292) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-openssl-ibm-virtualization-engine-ts7700-is-vulnerable-to-denial-of-service-cve-2022-0778-and-privilege-escalation-cve-2022-1292/


∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2021-45346) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2021-45346/


∗∗∗ Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-7/


∗∗∗ K00994461: GSON vulnerability CVE-2022-25647 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K00994461


∗∗∗ poppler: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1214


∗∗∗ Moodle: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1212


∗∗∗ Hitachi Energy FACTS Control Platform (FCP) Product ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-01


∗∗∗ Hitachi Energy Gateway Station (GWS) Product ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-02


∗∗∗ Hitachi Energy MSM Product ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-03


∗∗∗ Hitachi Energy RTU500 series ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-04


∗∗∗ Fuji Electric D300win ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-05


∗∗∗ Honeywell ControlEdge ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-06


∗∗∗ Honeywell Experion LX ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-07


∗∗∗ Honeywell Trend Controls Inter-Controller Protocol ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-08


∗∗∗ Omron CX-Programmer ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-09


∗∗∗ PTC Kepware KEPServerEX ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-10

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily