[CERT-daily] Tageszusammenfassung - 02.03.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 01-03-2022 18:00 − Mittwoch 02-03-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Phishing attacks target countries aiding Ukrainian refugees ∗∗∗
---------------------------------------------
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/phishing-attacks-target-countries-aiding-ukrainian-refugees/


∗∗∗ Geoblocking when you cant Geoblock, (Tue, Mar 1st) ∗∗∗
---------------------------------------------
Given recent events, I've gotten a flood of calls from clients who want to start blocking egress traffic to specific countries, or block ingress traffic from specific countries (or both).
---------------------------------------------
https://isc.sans.edu/diary/rss/28392


∗∗∗ TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps ∗∗∗
---------------------------------------------
An Android banking trojan designed to steal credentials and SMS messages has been observed once again sneaking past Google Play Store protections to target users of more than 400 banking and financial apps, including those from Russia, China, and the U.S.
---------------------------------------------
https://thehackernews.com/2022/03/teabot-android-banking-malware-spreads.html


∗∗∗ "Authority-Scam": Kriminelle imitieren Behörden für Investment-Betrug ∗∗∗
---------------------------------------------
Beim „Authority-Scam“ geben sich die Kriminellen als Behörde aus und fordern Zahlungen wegen der Investments. Nicht bezahlen!
---------------------------------------------
https://www.watchlist-internet.at/news/authority-scam-kriminelle-imitieren-behoerden-fuer-investment-betrug/


∗∗∗ Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization ∗∗∗
---------------------------------------------
Scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations found 75% had known security gaps.
---------------------------------------------
https://unit42.paloaltonetworks.com/infusion-pump-vulnerabilities/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack ∗∗∗
---------------------------------------------
As many as five security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack.
---------------------------------------------
https://thehackernews.com/2022/03/critical-bugs-reported-in-popular-open.html


∗∗∗ IBM warnt vor zahlreichen Sicherheitslücken ∗∗∗
---------------------------------------------
IBM hat für diverse Produkte Updates veröffentlicht, die teils kritische Sicherheitslücken schließen. Administratoren sollten sie zeitnah installieren.
---------------------------------------------
https://heise.de/-6531076


∗∗∗ Sicherheitsupdates von Fortinet: Angreifer könnten Admin-Zugänge erraten ∗∗∗
---------------------------------------------
Unter anderen FortiMail und FortiWLC sind verwundbar. Eine Lücke gilt als kritisch.
---------------------------------------------
https://heise.de/-6531249


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (mingw-expat and seamonkey), openSUSE (mc, mysql-connector-java, nodejs12, and sphinx), Red Hat (kernel and kpatch-patch), SUSE (cyrus-sasl, kernel, nodejs12, and php74), and Ubuntu (glibc).
---------------------------------------------
https://lwn.net/Articles/886560/


∗∗∗ Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk


∗∗∗ Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm


∗∗∗ Cisco StarOS Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n


∗∗∗ Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp


∗∗∗ Security Bulletin: Vulnerabilities in AIX CAA (CVE-2022-22350, CVE-2021-38996) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-aix-caa-cve-2022-22350-cve-2021-38996/


∗∗∗ Security Bulletin: SQL injection vulnerability in PostgreSQL affects IBM Connect:Direct Web Services (CVE-2021-23214) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-in-postgresql-affects-ibm-connectdirect-web-services-cve-2021-23214/


∗∗∗ Security Bulletin: Vulnerability in BIND affects AIX (CVE-2021-25219) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affects-aix-cve-2021-25219/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote attacker due to Apache Log4j (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-remote-attacker-due-to-apache-log4j-cve-2021-44832/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-connectdirect-web-services-4/


∗∗∗ Security Bulletin: Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-ibm-infosphere-master-data-management-server-vulnerability-in-openssl-2/


∗∗∗ Security Bulletin: Vulnerabilities with Expat, Spring Framework and Apache HTTP Server affect IBM Cloud Object Storage Systems (Feb 2022 V2) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-expat-spring-framework-and-apache-http-server-affect-ibm-cloud-object-storage-systems-feb-2022-v2/


∗∗∗ VMSA-2022-0007 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0007.html


∗∗∗ K34519550: Linux kernel vulnerability CVE-2021-27364 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K34519550

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily