[CERT-daily] Tageszusammenfassung - 25.03.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 24-03-2022 18:00 − Freitag 25-03-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Phishing kits constantly evolve to evade security software ∗∗∗
---------------------------------------------
Modern phishing kits sold on cybercrime forums as off-the-shelve packages feature multiple and sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions wont mark them as a threat.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/phishing-kits-constantly-evolve-to-evade-security-software/


∗∗∗ Malicious Microsoft Excel add-ins used to deliver RAT malware ∗∗∗
---------------------------------------------
Researchers report a new version of the JSSLoader remote access trojan being distributed via malicious Microsoft Excel addins.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malicious-microsoft-excel-add-ins-used-to-deliver-rat-malware/


∗∗∗ Racing against the clock -- hitting a tiny kernel race window ∗∗∗
---------------------------------------------
This is a writeup of how I managed to hit the race on a normal Linux desktop kernel, with a hit rate somewhere around 30% if the proof of concept has been tuned for the specific machine.
---------------------------------------------
https://googleprojectzero.blogspot.com/2022/03/racing-against-clock-hitting-tiny.html


∗∗∗ XLSB Files: Because Binary is Stealthier Than XML, (Fri, Mar 25th) ∗∗∗
---------------------------------------------
In one of his last diaries, Brad mentioned an Excel sheet named with a .xlsb extension. Now, it was my turn to find one...
---------------------------------------------
https://isc.sans.edu/diary/rss/28476


∗∗∗ Linux-Malware bedroht Windows ∗∗∗
---------------------------------------------
Es taucht immer mehr Malware auf, die das Windows Subsytem for Linux (WSL) als Einfallstor nutzen. Die Gefahr steigt, warnen Sicherheitsforscher.
---------------------------------------------
https://heise.de/-6631700


∗∗∗ Mining data from Cobalt Strike beacons ∗∗∗
---------------------------------------------
Since we published about identifying Cobalt Strike Team Servers in the wild just over three years ago, we’ve collected over 128,000 beacons from over 24,000 active Team Servers.
---------------------------------------------
https://research.nccgroup.com/2022/03/25/mining-data-from-cobalt-strike-beacons/


∗∗∗ E-Mails mit Anschuldigungen der Polizei sind Fake! ∗∗∗
---------------------------------------------
Auch Sie haben ein E-Mail von der Polizei oder dem Bundeskriminalamt erhalten, das Sie der Kinderpornografie, Pädophilie und des Exhibitionismus beschuldigt? Das E-Mail ist fake, die Anschuldigungen frei erfunden. Antworten Sie nicht und löschen Sie die Nachricht am besten.
---------------------------------------------
https://www.watchlist-internet.at/news/e-mails-mit-anschuldigungen-der-polizei-sind-fake/


∗∗∗ Crypto malware in patched wallets targeting Android and iOS devices ∗∗∗
---------------------------------------------
ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets.
---------------------------------------------
https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ URL rendering trick enabled WhatsApp, Signal, iMessage phishing ∗∗∗
---------------------------------------------
A set of flaws affecting the worlds leading messaging and email platforms, including Instagram, iMessage, WhatsApp, Signal, and Facebook Messenger, has allowed threat actors to create legitimate-looking phishing URLs for the past three years.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/url-rendering-trick-enabled-whatsapp-signal-imessage-phishing/


∗∗∗ Western Digital schließt Root-Schadcode-Lücke in My-Cloud-Netzwerkspeichern ∗∗∗
---------------------------------------------
Es gibt ein wichtiges Sicherheitsupdate für verschiedene NAS-Modelle von Western Digital.
---------------------------------------------
https://heise.de/-6630582


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (tiff), Fedora (nicotine+ and openvpn), openSUSE (bind, libarchive, python3, and slirp4netns), Oracle (cyrus-sasl, httpd, httpd:2.4, and openssl), Red Hat (httpd and httpd:2.4), Scientific Linux (httpd), SUSE (bind, libarchive, python3, and slirp4netns), and Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/889265/


∗∗∗ ZDI-22-538: (0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-538/


∗∗∗ ZDI-22-537: (0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-537/


∗∗∗ ZDI-22-536: (0Day) Electronic Arts Origin Web Helper Service Link Following Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-536/


∗∗∗ ZDI-22-541: (0Day) Array Networks MotionPro Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-541/


∗∗∗ Security Bulletin: Vulnerability in AIX nimsh (CVE-2022-22351) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-aix-nimsh-cve-2022-22351-2/


∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by denial of service vulnerabilities in OpenSSL (CVE-2021-23840, CVE-2021-23841) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-denial-of-service-vulnerabilities-in-openssl-cve-2021-23840-cve-2021-23841/


∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by an OpenSSL vulnerability (CVE-2021-3712) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-an-openssl-vulnerability-cve-2021-3712/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-october-2021/


∗∗∗ Atlassian Confluence: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0342

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily