[CERT-daily] Tageszusammenfassung - 18.03.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 17-03-2022 18:00 − Freitag 18-03-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New Unix rootkit used to steal ATM banking data ∗∗∗
---------------------------------------------
Threat analysts following the activity of LightBasin, a financially motivated group of hackers, report the discovery of a previously unknown Unix rootkit that is used to steal ATM banking data and conduct fraudulent transactions.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-unix-rootkit-used-to-steal-atm-banking-data/


∗∗∗ Open Source: NPM-Paket löscht Dateien aus Protest gegen Ukrainekrieg ∗∗∗
---------------------------------------------
Ein weitverbreitetes NPM-Paket löscht die Dateien von russischen Entwicklern und vervielfältigt Anti-Kriegsbotschaften.
---------------------------------------------
https://www.golem.de/news/open-source-npm-paket-loescht-dateien-aus-protest-gegen-ukrainekrieg-2203-163958-rss.html


∗∗∗ Scans for Movable Type Vulnerability (CVE-2021-20837), (Fri, Mar 18th) ∗∗∗
---------------------------------------------
Yesterday, our honeypots started seeing many requests scanning for the Movable Type API. Movable Type is a content management system comparable to WordPress or Drupal.
---------------------------------------------
https://isc.sans.edu/diary/rss/28454


∗∗∗ New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers ∗∗∗
---------------------------------------------
ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks.
---------------------------------------------
https://thehackernews.com/2022/03/new-variant-of-russian-cyclops-blink.html


∗∗∗ Neue Phishing-Methode kombiniert Fax und Captchas ∗∗∗
---------------------------------------------
Um den Anti-Phishing-Filter auszutricksen, packt eine neue Angriffsmethode Links in Fax-PDFs und versteckt die gefälschte Webseite hinter einem Google-Captcha.
---------------------------------------------
https://heise.de/-6587105


∗∗∗ How to protect RDP ∗∗∗
---------------------------------------------
RDP is still a popular target for attackers, so how do you keep your remote desktops safe?
---------------------------------------------
https://blog.malwarebytes.com/security-world/business-security-world/2022/03/protect-rdp-access-ransomware-attacks/


∗∗∗ Diese Betrugsmaschen sollten LinkedIn-NutzerInnen kennen ∗∗∗
---------------------------------------------
LinkedIn wird vor allem mit Professionalität verbunden. Das ist wohl auch ein Grund, wieso LinkedIn weniger mit Betrug in Zusammenhang gebracht wird. Das spielt Kriminellen in die Hände, die mit Fake-Profilen Schadsoftware verbreiten können, betrügerische Jobs anbieten oder mit Hilfe von Phishing-Mails versuchen an sensible Daten zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/diese-betrugsmaschen-sollten-linkedin-nutzerinnen-kennen/


∗∗∗ Strengthening Cybersecurity of SATCOM Network Providers and Customers ∗∗∗
---------------------------------------------
CISA and FBI strongly encourage critical infrastructure organizations and, specifically, organizations that are SATCOM network providers or customers to review the joint CSA and implement the mitigations.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/03/17/strengthening-cybersecurity-satcom-network-providers-and-customers



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python-treq), Fedora (openvpn, pesign, rust-regex, and thunderbird), Oracle (expat), Red Hat (kpatch-patch-4_18_0-147_58_1), Slackware (bind and openssl), SUSE (python-lxml), and Ubuntu (apache2).
---------------------------------------------
https://lwn.net/Articles/888412/


∗∗∗ CVE-2021-28372: How a Vulnerability in Third-Party Technology Is Leaving Many IP Cameras and Surveillance Systems Vulnerable ∗∗∗
---------------------------------------------
CVE-2021-28372, a vulnerability in third-party software commonly built into many IP cameras, highlights issues in IoT supply chain security.
---------------------------------------------
https://unit42.paloaltonetworks.com/iot-supply-chain-cve-2021-28372/


∗∗∗ Security Bulletin: A vulnerability in IBM® SDK, Java™ may affect IBM Decision Optimization Center (CVE-2021-35603) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-sdk-java-may-affect-ibm-decision-optimization-center-cve-2021-35603/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java™ may affect IBM ILOG CPLEX Optimization Studio (CVE-2022-21360, CVE-2022-21365) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-may-affect-ibm-ilog-cplex-optimization-studio-cve-2022-21360-cve-2022-21365/


∗∗∗ Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2021-4104, CVE-2021-29469, CVE-2021-44531, CVE-2021-44531, CVE-2022-21824, CVE-2021-29899, CVE-2021-27290 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilites-that-affect-ibm-engineering-requirements-quality-assistant-on-premises-cve-2021-4104-cve-2021-29469-cve-2021-44531-cve-2021-44531-cve-2022-218/


∗∗∗ Security Bulletin: Information disclosure vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-CVE-2021-39046 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affects-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-cve-2021-39046/


∗∗∗ Security Bulletin: A vulnerability in IBM® SDK, Java™ may affect IBM Decision Optimization Center (CVE-2021-35550) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-sdk-java-may-affect-ibm-decision-optimization-center-cve-2021-35550/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® Java™ Runtime may affect IBM Decision Optimization Center (CVE-2022-21360, CVE-2022-21365) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-may-affect-ibm-decision-optimization-center-cve-2022-21360-cve-2022-21365/


∗∗∗ K08173228: Multiple Intel CPU vulnerabilities ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K08173228


∗∗∗ Synology-SA-22:04 OpenSSL ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_22_04


∗∗∗ Microsoft Edge: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0329

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily