[CERT-daily] Tageszusammenfassung - 09.03.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 08-03-2022 18:00 − Mittwoch 09-03-2022 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Betrug auf Discord: „Sorry, ich habe deinen Steam-Account gemeldet!“ ∗∗∗
---------------------------------------------
Gamerinnen und Gamer aufgepasst: Auf Discord kommt es momentan zu Kontaktaufnahmen durch Kriminelle, die sich für das Melden des Steam-Accounts entschuldigen.
---------------------------------------------
https://www.watchlist-internet.at/news/betrug-auf-discord-sorry-ich-habe-deinen-steam-account-gemeldet/


∗∗∗ Daxin Backdoor: In-Depth Analysis, Part Two ∗∗∗
---------------------------------------------
In the second of a two-part series of blogs, we examine the communications and networking features of Daxin.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage-analysis


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint ∗∗∗
---------------------------------------------
Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms.
---------------------------------------------
https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/


∗∗∗ New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices ∗∗∗
---------------------------------------------
Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices.
---------------------------------------------
https://thehackernews.com/2022/03/new-16-high-severity-uefi-firmware.html


∗∗∗ Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses ∗∗∗
---------------------------------------------
Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System (CPS) that could be combined to achieve a full pre-authenticated remote code execution of affected systems.
---------------------------------------------
https://thehackernews.com/2022/03/critical-rce-bugs-found-in-pascom-cloud.html


∗∗∗ TLStorm: Three critical vulnerabilities discovered in APC Smart-UPS devices ∗∗∗
---------------------------------------------
Armis has discovered a set of three critical zero-day vulnerabilities in APC Smart-UPS devices that can allow remote attackers to take over Smart-UPS devices and carry out extreme attacks targeting both physical devices and IT assets.
---------------------------------------------
https://www.armis.com/research/tlstorm/


∗∗∗ Patchday: SAP behebt 16 Schwachstellen ∗∗∗
---------------------------------------------
Zum März-Patchday bei SAP liefert das Unternehmen Aktualisierungen für zwölf neue Sicherheitslücken aus. Zudem aktualisiert es vier ältere Sicherheitsmeldungen.
---------------------------------------------
https://heise.de/-6543439


∗∗∗ Alte Lücke in Pulse Connect Secure-VPN wird angegriffen ∗∗∗
---------------------------------------------
Schon Mitte 2020 hat Pulse Secure in seiner VPN-Lösung Aktualisierungen veröffentlicht, die Sicherheitslücken schließen. Die Lücken werden jetzt angegriffen.
---------------------------------------------
https://heise.de/-6544328


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel, linux-4.19, spip, and thunderbird), Fedora (cyrus-sasl and libxml2), Mageia (firefox and thunderbird), openSUSE (buildah and tcpdump), Red Hat (cyrus-sasl, kernel, kernel-rt, and kpatch-patch), Slackware (kernel), SUSE (buildah, kernel, libcaca, and tcpdump), and Ubuntu (linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oem-5.14, linux-oracle, linux-oracle-5.13, [...]
---------------------------------------------
https://lwn.net/Articles/887309/


∗∗∗ Microsoft Releases March 2022 Security Updates ∗∗∗
---------------------------------------------
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/03/08/microsoft-releases-march-2022-security-updates


∗∗∗ SAP Releases March 2022 Security Updates ∗∗∗
---------------------------------------------
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/03/08/sap-releases-march-2022-security-updates


∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/03/08/adobe-releases-security-updates-multiple-products


∗∗∗ ZDI-22-492: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-492/


∗∗∗ ZDI-22-491: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-491/


∗∗∗ ZDI-22-490: (0Day) Ecava IntegraXor Inkscape WMF File Parsing Memory Corruption Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-490/


∗∗∗ ZDI-22-489: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-489/


∗∗∗ ZDI-22-488: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-488/


∗∗∗ ZDI-22-487: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-487/


∗∗∗ ZDI-22-486: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-486/


∗∗∗ ZDI-22-485: (0Day) Ecava IntegraXor Inkscape PCX File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-485/


∗∗∗ AMD: LFENCE/JMP Mitigation Update for CVE-2017-5715 ∗∗∗
---------------------------------------------
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036


∗∗∗ Intel Processor Advisory: INTEL-SA-00598 ∗∗∗
---------------------------------------------
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html


∗∗∗ Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832-5/


∗∗∗ Security Bulletin: Vulnerability in ISC BIND affects IBM Integrated Analytics System. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-isc-bind-affects-ibm-integrated-analytics-system/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Watson Explorer Content Analytics Studio ( CVE-2021-2341) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-watson-explorer-content-analytics-studio-cve-2021-2341/


∗∗∗ Security Bulletin: Vulnerability in Intel Xeon affects IBM Cloud Pak System (CVE-2021-0144) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-intel-xeon-affects-ibm-cloud-pak-system-cve-2021-0144/


∗∗∗ XSA-398 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-398.html


∗∗∗ F-Secure Produkte: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0279


∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0276


∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX341586


∗∗∗ NetApp SnapCenter Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500477-NETAPP-SNAPCENTER-INFORMATION-DISCLOSURE-VULNERABILITY


∗∗∗ Brocade Fabric OS Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500476-BROCADE-FABRIC-OS-VULNERABILITIES


∗∗∗ Lenovo Thin Installer Denial of Service Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500475-LENOVO-THIN-INSTALLER-DENIAL-OF-SERVICE-VULNERABILITY


∗∗∗ Glance by Mirametrix Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500474-GLANCE-BY-MIRAMETRIX-VULNERABILITY

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily