[CERT-daily] Tageszusammenfassung - 24.02.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 23-02-2022 18:00 − Donnerstag 24-02-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Malware infiltrates Microsoft Store via clones of popular games ∗∗∗
---------------------------------------------
A malware named Electron Bot has found its way into Microsofts Official Store through clones of popular games such as Subway Surfer and Temple Run, leading to the infection of 5,000 computers in Sweden, Israel, Spain, and Bermuda.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malware-infiltrates-microsoft-store-via-clones-of-popular-games/


∗∗∗ Malware: Mit Wipern und DDoS gegen ukrainische IT-Systeme ∗∗∗
---------------------------------------------
Etliche Webseiten in der Ukraine sind nicht erreichbar. Zudem sind Hunderte Rechner von einer vernichtenden Schadsoftware befallen.
---------------------------------------------
https://www.golem.de/news/malware-mit-wipern-und-ddos-gegen-ukrainische-it-systeme-2202-163422-rss.html


∗∗∗ Ukraine & Russia Situation From a Domain Names Perspective , (Thu, Feb 24th) ∗∗∗
---------------------------------------------
Every time, something happens in the world like an earthquake, big floods, or even major sports events, it is followed by a peak of new domains registrations.
---------------------------------------------
https://isc.sans.edu/diary/rss/28376


∗∗∗ Shadowserver Special Reports - Cyclops Blink ∗∗∗
---------------------------------------------
In May 2018, the US DoJ, FBI and industry partners sinkholed the modular network device infecting malware known as VPNFilter, which Shadowserver has been reporting out for remediation to nCSIRTs and network owners each day since. In February 2022 the UK NCSC, US FBI, CISA and NSA jointly announced the discovery of new network device malware, which they have called Cyclops Blink, and see as a more advanced replacement for VPNFilter.
---------------------------------------------
https://www.shadowserver.org/news/shadowserver-special-reports-cyclops-blink/


∗∗∗ HermeticWiper: New Destructive Malware Used In Cyber Attacks on Ukraine ∗∗∗
---------------------------------------------
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations.
---------------------------------------------
https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/


∗∗∗ SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors ∗∗∗
---------------------------------------------
SockDetour is a custom backdoor being used to maintain persistence, designed to serve as a backup backdoor in case the primary one is removed.
---------------------------------------------
https://unit42.paloaltonetworks.com/sockdetour/


∗∗∗ Clang Checkers and CodeQL Queries for Detecting Untrusted Pointer Derefs and Tainted Loop Conditions ∗∗∗
---------------------------------------------
In this final blog of the series, we experiment with CodeQL’s IR and Clang checkers for detecting such bug classes.
---------------------------------------------
https://www.thezdi.com/blog/2022/2/22/clang-checkers-and-codeql-queries-for-detecting-untrusted-pointer-derefs-and-tainted-loop-conditions


∗∗∗ Vulnerability Spotlight: Buffer overflow vulnerabilities in Accusoft ImageGear could lead to code execution ∗∗∗
---------------------------------------------
Cisco Talos recently discovered multiple vulnerabilities in Accusoft ImageGear.
---------------------------------------------
http://blog.talosintelligence.com/2022/02/vuln-spotlight-accusoft-code.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco schließt Root-Lücke in Netzwerk-OS, gibt wichtige Hinweise für Firewalls ∗∗∗
---------------------------------------------
Wer eine Firewall von Cisco nutzt, sollte diese aus Sicherheitsgründen bis Anfang März aktualisieren. Außerdem gibt es Patches für NX-OS.
---------------------------------------------
https://heise.de/-6524029


∗∗∗ Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin ∗∗∗
---------------------------------------------
On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin that is installed on over 10,000 sites.
---------------------------------------------
https://www.wordfence.com/blog/2022/02/stored-cross-site-scripting-vulnerability-patched-in-a-wordpress-photo-gallery-plugin/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (expat), Fedora (php and vim), Mageia (cpanminus, expat, htmldoc, nodejs, polkit, util-linux, and varnish), Red Hat (389-ds-base, curl, kernel, kernel-rt, openldap, python-pillow, rpm, sysstat, and unbound), Scientific Linux (389-ds-base, kernel, openldap, and python-pillow), and Ubuntu (cyrus-sasl2, linux-oem-5.14, and php7.0).
---------------------------------------------
https://lwn.net/Articles/885885/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (thunderbird), Fedora (php), openSUSE (jasper and thunderbird), Oracle (389-ds-base, kernel, openldap, and python-pillow), Red Hat (cyrus-sasl and samba), and SUSE (cyrus-sasl, firefox, jasper, kernel-rt, nodejs10, nodejs14, nodejs8, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/885997/


∗∗∗ Security Bulletin: Datastax Enterprise with IBM is vulnerable to exploiting Apache Cassandra User-Defined Functions for Remote Code Execution ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-datastax-enterprise-with-ibm-is-vulnerable-to-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-txseries-for-multiplatforms-7/


∗∗∗ Security Bulletin: Multiple vulnerabilities were detected in IBM Sterling External Authentication Server (CVE-2022-22333, CVE-2022-22349) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-were-detected-in-ibm-sterling-external-authentication-server-cve-2022-22333-cve-2022-22349/


∗∗∗ Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-log4j-vulnerabilities-affect-ibm-netezza-analytics-2/


∗∗∗ Security Bulletin: Log4j vulnerability affects IBM Netezza Analytics for NPS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-log4j-vulnerability-affects-ibm-netezza-analytics-for-nps-2/


∗∗∗ Security Bulletin: IBM Operational Decision Manager is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) . ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operational-decision-manager-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-and-cve-2021-45046/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-collector-for-sap-applications-3/


∗∗∗ Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-and-ibm-websphere-application-server-liberty-are-vulnerable-to-clickjacking-cve-2021-39038/


∗∗∗ Security Bulletin: Vulnerabilities in the AIX kernel (CVE-2021-38994, CVE-2021-38995) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-aix-kernel-cve-2021-38994-cve-2021-38995/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix-7/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-log4j-5/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Logback ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-logback/


∗∗∗ Security Bulletin: Multiple Vulnerabilities were detected in IBM Sterling Secure Proxy (CVE-2022-22336, CVE-2022-22333) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-were-detected-in-ibm-sterling-secure-proxy-cve-2022-22336-cve-2022-22333/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-java-7/


∗∗∗ Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics for NPS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-log4j-vulnerabilities-affect-ibm-netezza-analytics-for-nps-2/


∗∗∗ VMSA-2022-0006 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0006.html


∗∗∗ Drupal: Mehrere Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0232


∗∗∗ XSS Vulnerabilities in Proxy Server ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-22-04

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily