[CERT-daily] Tageszusammenfassung - 01.06.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 31-05-2022 18:00 − Mittwoch 01-06-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Zero-Day-Lücke: Erste Cybergangs greifen MSDT-Sicherheitslücke an ∗∗∗
---------------------------------------------
Die Zero-Day-Lücke von Microsoft wird inzwischen von Cybergangs für Angriffe missbraucht. Der Hersteller ordnete das Problem erst falsch als irrelevant ein.
---------------------------------------------
https://heise.de/-7128265


∗∗∗ FluBot Android malware operation shutdown by law enforcement ∗∗∗
---------------------------------------------
Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence. 
---------------------------------------------
https://www.bleepingcomputer.com/news/security/flubot-android-malware-operation-shutdown-by-law-enforcement/


∗∗∗ New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers ∗∗∗
---------------------------------------------
An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research.
---------------------------------------------
https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html


∗∗∗ New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email ∗∗∗
---------------------------------------------
A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim.
---------------------------------------------
https://thehackernews.com/2022/06/new-unpatched-horde-webmail-bug-lets.html


∗∗∗ Watch out for phishing emails that inject spyware trio ∗∗∗
---------------------------------------------
You wait for one infection and then three come along at once. An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2022/06/01/phishing-rat-bitrat-fortinet/


∗∗∗ Certificate Transparency data is used to compromise WordPress before installation ∗∗∗
---------------------------------------------
Recently in the community forums of WordPress and Lets Encrypt, reports have shown up about webshells on freshly installed WordPress blogs that were later used for DDoS attacks.
---------------------------------------------
https://www.feistyduck.com/bulletproof-tls-newsletter/issue_89_certificate_transparency_data_is_used_to_compromise_wordpress_before_installation


∗∗∗ AA22-152A: Karakurt Data Extortion Group ∗∗∗
---------------------------------------------
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group, also known as the Karakurt Team and Karakurt Lair.
---------------------------------------------
https://us-cert.cisa.gov/ncas/alerts/aa22-152a



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libjpeg-turbo, webkit2gtk, and wpewebkit), Fedora (golang-github-opencontainers-runc, mingw-pcre2, python-jwt, python-ujson, and weechat), Oracle (nodejs:16 and rsyslog), Red Hat (container-tools:3.0, expat, fapolicyd, kernel, kernel-rt, kpatch-patch, mariadb:10.3, postgresql:12, rsyslog and rsyslog7, and zlib), Slackware (mozilla), SUSE (bind, dpdk, fribidi, hdf5, librelp, php74, postgresql12, and postgresql13), and Ubuntu (cups, linux-gcp-5.13, linux-oracle, linux-oracle-5.13, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/896803/


∗∗∗ T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN28659051/


∗∗∗ Security Advisory - Insufficient Input Verification Vulnerability In Huawei Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220601-01-66843eb3-en


∗∗∗ Security Bulletin: IBM® PureData System for Operational Analytics is vulnerable to arbitrary code execution, remote code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-puredata-system-for-operational-analytics-is-vulnerable-to-arbitrary-code-execution-remote-code-execution-and-denial-of-service-due-to-apache-log4j-cve-2021-44228-cve/


∗∗∗ Security Bulletin: IBM CICS TX Standard is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-standard-is-vulnerable-to-arbitrary-code-execution-due-to-ibm-websphere-application-server-liberty-cve-2021-23450/


∗∗∗ Security Bulletin: Vulnerability in bind (CVE-2021-25214) affects Power HMC ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-cve-2021-25214-affects-power-hmc/


∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-17/


∗∗∗ Security Bulletin: IBM CICS TX Advanced is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-advanced-is-vulnerable-to-arbitrary-code-execution-due-to-ibm-websphere-application-server-liberty-cve-2021-23450/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-included-websphere-application-server-and-ibm-http-server-used-by-websphere-application-server/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-9/


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to code injection due to CVE-2022-29078 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-designerauthoring-and-integrationserver-operands-may-be-vulnerable-to-code-injection-due-to-cve-2022-29078/


∗∗∗ Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-data-synchronization-app-for-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/


∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow an attacker to decrypt highly sensitive information(CVE-2022-22368) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-that-could-allow-an-attacker-to-decrypt-highly-sensitive-informationcve-2022-22368-3/


∗∗∗ Security Bulletin: Vulnerability in Apache HTTP (CVE-2022-22720) affects Power HMC ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-http-cve-2022-22720-affects-power-hmc/


∗∗∗ K43541501: Intel CPU vulnerabilities CVE-2022-21131 and CVE-2022-21136 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K43541501


∗∗∗ Security Vulnerabilities fixed in Thunderbird 91.10 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/


∗∗∗ BD Pyxis ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-22-151-01


∗∗∗ BD Synapsys ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-22-151-02


∗∗∗ Fuji Electric Alpha7 PC Loader ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-151-01


∗∗∗ SSRF-Schwachstelle in Canto Cumulus (SYSS-2022-023) ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/ssrf-schwachstelle-in-canto-cumulus-syss-2022-023


∗∗∗ Microsoft Edge 102.0.1245.30 schließt Schwachstellen ∗∗∗
---------------------------------------------
https://www.borncity.com/blog/2022/06/01/microsoft-edge-102-0-1245-30-schliet-schwachstellen/


∗∗∗ Security Advisory: Multiple Vulnerabilities Impact 3CX Phone System ∗∗∗
---------------------------------------------
https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnerabilities-impact-3cx-phone-system/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily