[CERT-daily] Tageszusammenfassung - 25.02.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 24-02-2022 18:00 − Freitag 25-02-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ US and UK expose new malware used by MuddyWater hackers ∗∗∗
---------------------------------------------
MuddyWater is "targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/us-and-uk-expose-new-malware-used-by-muddywater-hackers/


∗∗∗ Jester Stealer malware adds more capabilities to entice hackers ∗∗∗
---------------------------------------------
An infostealing piece of malware called Jester Stealer has been gaining popularity in the underground cybercrime community for its functionality and affordable prices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/jester-stealer-malware-adds-more-capabilities-to-entice-hackers/


∗∗∗ Cyberangriffe im Ukraine-Krieg: BSI warnt Behörden und Unternehmen nachdrücklich ∗∗∗
---------------------------------------------
Das BSI hat ein weiteres Warnschreiben an Unternehmen und Behörden geschickt. Demnach gibt es Netzwerkscans und erste Wiper in Partnerstaaten.
---------------------------------------------
https://www.golem.de/news/cyberangriffe-im-ukraine-krieg-bsi-warnt-behoerden-und-unternehmen-nachdruecklich-2202-163457-rss.html


∗∗∗ Some details of the DDoS attacks targeting Ukraine and Russia in recent days ∗∗∗
---------------------------------------------
At 360Netlab, we continuously track botnets on a global scale through our BotMon system. In particular, for DDoS-related botnets, we further tap into their C2 communications to enable us really see the details of the attacks.
---------------------------------------------
https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/


∗∗∗ Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure ∗∗∗
---------------------------------------------
The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years.
---------------------------------------------
https://thehackernews.com/2022/02/notorious-trickbot-malware-gang-shuts.html


∗∗∗ „ID-app aktivieren“: Betrügerisches Mail im Namen der Volksbank im Umlauf ∗∗∗
---------------------------------------------
Kriminelle versenden derzeit betrügerische E-Mails im Namen der Volksbank, in der dazu aufgefordert wird die ID-app zu aktivieren. Diese App wird von der Volksbank tatsächlich angeboten, um mehr Sicherheit zu gewährleisten. In diesem Fall missbrauchen aber Kriminelle diese Sicherheitsmaßnahme, um an Ihre Zugangsdaten zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/id-app-aktivieren-betruegerisches-mail-im-namen-der-volksbank-im-umlauf/


∗∗∗ Russia-Ukraine Crisis: How to Protect Against the Cyber Impact (Updated Feb. 24 to Include New Information on DDoS, HermeticWiper and Defacement) ∗∗∗
---------------------------------------------
We provide an overview of known cyberthreats related to the Russia-Ukraine crisis including DDoS attacks, HermeticWiper and defacement and share recommendations for proactive defense.
---------------------------------------------
https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/


∗∗∗ Mac-Malware auf dem Vormarsch ∗∗∗
---------------------------------------------
Die Sicherheitsgefahren für mobile Geräte und Macs nehmen zu. Festgestellt wurden die Mac-Malware-Familien Cimpli, Pirrit, Imobie, Shlayer und Genieo.
---------------------------------------------
https://www.zdnet.de/88399571/mac-malware-auf-dem-vormarsch/


∗∗∗ Threat Update – Ukraine & Russia conflict ∗∗∗
---------------------------------------------
In this report, NVISO CTI describes the cyber threat landscape of Ukraine and by extension the current situation.
---------------------------------------------
https://blog.nviso.eu/2022/02/24/threat-update-ukraine-russia-tensions/


∗∗∗ New Infostealer ‘ColdStealer’ Being Distributed ∗∗∗
---------------------------------------------
The ASEC analysis team has discovered the distribution of ColdStealer that appears to be a new type of infostealer.
---------------------------------------------
https://asec.ahnlab.com/en/32090/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdates: Java- und Kernel-Lücken in IBM AIX bedrohen Server ∗∗∗
---------------------------------------------
Angreifer könnten Server mit IBM AIX attackieren und im schlimmsten Fall die volle Kontrolle über Systeme erlangen.
---------------------------------------------
https://heise.de/-6526120


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (dotnet6.0, kernel, libarchive, libxml2, and wireshark), openSUSE (opera), Oracle (cyrus-sasl), Red Hat (cyrus-sasl, python-pillow, and ruby:2.5), Scientific Linux (cyrus-sasl), and Ubuntu (snapd).
---------------------------------------------
https://lwn.net/Articles/886124/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-http-server-used-by-ibm-websphere-application-server-due-to-expat-vulnerabilities/


∗∗∗ Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832-4/


∗∗∗ Security Bulletin: CVE-2021-35550 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35550-may-affect-ibm-sdk-java-technology-edition/


∗∗∗ Security Bulletin: Vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-se-affect-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data/


∗∗∗ Security Bulletin: CVE-2021-35603 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35603-may-affect-ibm-sdk-java-technology-edition/


∗∗∗ Security Bulletin: Vulnerability in the AIX smbcd daemon (CVE-2021-38993) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-the-aix-smbcd-daemon-cve-2021-38993/


∗∗∗ Security Bulletin: IBM PowerVM Novalink is vulnerable to provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-powervm-novalink-is-vulnerable-to-provide-weaker-than-expected-security-a-remote-attacker-could-exploit-this-weakness-to-obtain-sensitive-information-and-gain-unauthorized-acce/


∗∗∗ Security Bulletin: IBM PowerVM Novalink could allow a remote authenticated attacker to conduct an LDAP injection. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-powervm-novalink-could-allow-a-remote-authenticated-attacker-to-conduct-an-ldap-injection/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM Application Server Liberty due to January 2022 CPU plus deferred CVE-2021-35550 and CVE-2021-35603 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-application-server-and-ibm-application-server-liberty-due-to-january-2022-cpu-plus-deferred-cve-2021-35550-and-cv/


∗∗∗ Mozilla VPN local privilege escalation via uncontrolled OpenSSL search path ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/


∗∗∗ FATEK Automation FvDesigner ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-055-01


∗∗∗ Mitsubishi Electric EcoWebServerIII ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-055-02


∗∗∗ Schneider Electric Easergy P5 and P3 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-055-03


∗∗∗ Baker Hughes Bently Nevada 3500 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-231-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily