[CERT-daily] Tageszusammenfassung - 18.02.2022

Daily end-of-shift report team at cert.at
Fri Feb 18 18:21:56 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 17-02-2022 18:00 − Freitag 18-02-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Conti ransomware gang takes over TrickBot malware operation ∗∗∗
---------------------------------------------
After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/conti-ransomware-gang-takes-over-trickbot-malware-operation/


∗∗∗ Remcos RAT Delivered Through Double Compressed Archive, (Fri, Feb 18th) ∗∗∗
---------------------------------------------
One of our readers shared an interesting sample received via email.
---------------------------------------------
https://isc.sans.edu/diary/rss/28354


∗∗∗ Microsoft Warns of Ice Phishing Threat on Web3 and Decentralized Networks ∗∗∗
---------------------------------------------
Microsoft has warned of emerging threats in the Web3 landscape, including "ice phishing" campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while its still in its early stages.
---------------------------------------------
https://thehackernews.com/2022/02/microsoft-warns-of-ice-phishing-threat.html


∗∗∗ Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2) ∗∗∗
---------------------------------------------
This post describes a vulnerability found and exploited in October 2021 by Alex Plaskett, Cedric Halbronn, and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group.
---------------------------------------------
https://research.nccgroup.com/2022/02/18/analyzing-a-pjl-directory-traversal-vulnerability-exploiting-the-lexmark-mc3224i-printer-part-2/


∗∗∗ Microsoft Teams Abused for Malware Distribution in Recent Attacks ∗∗∗
---------------------------------------------
A recently identified malicious campaign has been abusing Microsoft Teams for the distribution of malware, enterprise email security firm Avanan reports.
---------------------------------------------
https://www.securityweek.com/microsoft-teams-abused-malware-distribution-recent-attacks


∗∗∗ Vorsicht bei der Jobsuche: Ignorieren Sie Stellenangebote von skovgaardtransit.com! ∗∗∗
---------------------------------------------
LeserInnen der Watchlist Internet melden uns derzeit ein betrügerisches Stellenangebot eines angeblich globalen Logistikunternehmens namens Skovgaard Logistics Services LTD. Das unseriöse Unternehmen verspricht darin einen Job mit „hoher Bezahlung“, Vorkenntnisse sind keine notwendig.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-der-jobsuche-ignorieren-sie-stellenangebote-von-skovgaardtransitcom/


∗∗∗ NSA Best Practices for Selecting Cisco Password Types ∗∗∗
---------------------------------------------
The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance on securing network infrastructure devices and credentials.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/02/17/nsa-best-practices-selecting-cisco-password-types


∗∗∗ CISA Compiles Free Cybersecurity Services and Tools for Network Defenders ∗∗∗
---------------------------------------------
CISA has compiled and published a list of free cybersecurity services and tools to help organizations reduce cybersecurity risk and strengthen resiliency. This non-exhaustive living repository includes services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/02/18/cisa-compiles-free-cybersecurity-services-and-tools-network


∗∗∗ Academics publish method for recovering data encrypted by the Hive ransomware ∗∗∗
---------------------------------------------
A team of South Korean researchers has published an academic paper on Thursday detailing a method to recover files encrypted by the Hive ransomware without paying the attackers for the decryption key.
---------------------------------------------
https://therecord.media/academics-publish-method-for-recovering-data-encrypted-by-the-hive-ransomware/


∗∗∗ Distribution of Magniber Ransomware Stops (Since February 5th) ∗∗∗
---------------------------------------------
The ASEC analysis team constantly monitors ‘malvertising’ which is a term for the distribution of malware via browser online advertisement links. The team has recently discovered that Magniber ransomware, a typical malware distributed via malvertising has stopped its distribution.
---------------------------------------------
https://asec.ahnlab.com/en/31690/


∗∗∗ Log4Shell 2 Months Later: Security Strategies for the Internets New Normal ∗∗∗
---------------------------------------------
On Wednesday, February 16, Rapid7 experts Bob Rudis, Devin Krugly, and Glenn Thorpe sat down for a webinar on the current state of the Log4j vulnerability.
---------------------------------------------
https://www.rapid7.com/blog/post/2022/02/17/log4shell-2-months-later-security-strategies-for-the-internets-new-normal/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Onlineshops: Erneut kritische Lücke in Adobe Commerce und Magento entdeckt ∗∗∗
---------------------------------------------
Aufgrund einer weiteren Sicherheitslücke hat Adobe einen Notfallpatch überarbeitet. Es gibt bereits Attacken auf Onlineshops.
---------------------------------------------
https://heise.de/-6495424


∗∗∗ Root-Rechte durch Schwachstelle in Softwareverteilungssystem Snap ∗∗∗
---------------------------------------------
Sicherheitslücken in der Software-Bereitstellung Snap ermöglichen Angreifern unter anderem, ihre Rechte im System auszuweiten. Updates beheben die Fehler.
---------------------------------------------
https://heise.de/-6495740


∗∗∗ Vulnerability found in WordPress plugin with over 3 million installations ∗∗∗
---------------------------------------------
UpdraftPlus patched the vulnerability on Thursday in version 1.22.3.
---------------------------------------------
https://www.zdnet.com/article/vulnerability-found-in-wordpress-plugin-with-over-3-million-installations/


∗∗∗ Security Bulletin: Vulnerability in Linux Kernel affects IBM Integrated Analytics System. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-linux-kernel-affects-ibm-integrated-analytics-system/


∗∗∗ Security Bulletin: Vulnerability in Polkit affects IBM Cloud Pak for Data System 2.0. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-polkit-affects-ibm-cloud-pak-for-data-system-2-0/


∗∗∗ Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to arbitrary code execution and SQL injection due to Apache Log4j. (CVE-2022-23302, CVE-2022-23307, CVE-2022-23305) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-and-ibm-websphere-application-server-liberty-are-vulnerable-to-arbitrary-code-execution-and-sql-injection-due-to-apache-log4j-cve-2022-23302-cve/


∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system-6/


∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to weak password requirements ( CVE-2021-38935 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-weak-password-requirements-cve-2021-38935/


∗∗∗ Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-ibm-sdk-java-technology-edition-ibm-tivoli-application-dependency-discovery-manager-taddm-is-vulnerable-to-denial-of-service/


∗∗∗ Security Bulletin: IBM Guardium Data Encryption (GDE) has an information exposure vulnerability (CVE-2021-39026 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-guardium-data-encryption-gde-has-an-information-exposure-vulnerability-cve-2021-39026/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to SQL injection due to Apache Log4j (CVE-2022-23305) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-sql-injection-due-to-apache-log4j-cve-2022-23305/


∗∗∗ Security Bulletin: CVE-2021-42771 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-42771/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote code execution due to Apache Log4j (CVE-2022-23307) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-remote-code-execution-due-to-apache-log4j-cve-2022-23307/


∗∗∗ Security Bulletin: Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2021-3733) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-python-publicly-disclosed-vulnerability-in-ibm-tivoli-application-dependency-discovery-manager-cve-2021-3733/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to untrusted data deserialization due to Apache Log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-untrusted-data-deserialization-due-to-apache-log4j-cve-2021-4104/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2022-0003 ∗∗∗
---------------------------------------------
https://webkitgtk.org/security/WSA-2022-0003.html


∗∗∗ Bitdefender Antivirus: Schwachstelle ermöglicht Manipulation von Produkteinstellungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0207

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list