[CERT-daily] Tageszusammenfassung - 28.03.2022

Mon Mar 28 18:44:36 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 25-03-2022 18:00 − Montag 28-03-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Webbrowser: Notfallupdate für Google Chrome ∗∗∗
---------------------------------------------
Google hat neue Versionen vom Webbrowser Chrome veröffentlicht, die eine Sicherheitslücke schließen, für die bereits Exploit-Code existiert.
---------------------------------------------
https://heise.de/-6638415


∗∗∗ PayPal Funktion „Geld an Freunde senden“ nicht als Zahlungsmittel auf Online-Marktplätzen verwenden ∗∗∗
---------------------------------------------
Momentan melden uns Facebook-NutzerInnen betrügerische Inserate im Facebook Marketplace. Darin werden beispielsweise Gaming-Stühle zum Verschenken angeboten. Die Person verlangt nur 15 Euro für den Versand. Der Betrag sollte mit der PayPal-Funktion „Geld an Freunde senden“ übermittelt werden. Achtung: Dabei handelt es sich um Betrug! Sie verlieren Ihr Geld und erhalten kein Produkt!
---------------------------------------------
https://www.watchlist-internet.at/news/paypal-funktion-geld-an-freunde-senden-nicht-als-zahlungsmittel-auf-online-marktplaetzen-verwenden/


∗∗∗ Public Redis exploit used by malware gang to grow botnet ∗∗∗
---------------------------------------------
Threat analysts report having spotted a change in the operations of the Muhstik threat group, which has now switched to actively exploiting a Lua sandbox escape flaw in Redis.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/public-redis-exploit-used-by-malware-gang-to-grow-botnet/


∗∗∗ Hive ransomware ports its Linux VMware ESXi encryptor to Rust ∗∗∗
---------------------------------------------
The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victims ransom negotiations.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hive-ransomware-ports-its-linux-vmware-esxi-encryptor-to-rust/


∗∗∗ The Mystery Admin User ∗∗∗
---------------------------------------------
One of our clients recently submitted a malware removal request with a curious problem: A mystery admin user kept getting re-created on their website. Try as they might, nothing they did would get rid of this user; it just kept coming back.
---------------------------------------------
https://blog.sucuri.net/2022/03/the-mystery-admin-user.html


∗∗∗ Purple Fox Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks ∗∗∗
---------------------------------------------
The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers said in a report [...]
---------------------------------------------
https://thehackernews.com/2022/03/purple-fox-hackers-spotted-using-new.html


∗∗∗ Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware ∗∗∗
---------------------------------------------
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report [...]
---------------------------------------------
https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html


∗∗∗ Under the hood of Wslink’s multilayered virtual machine ∗∗∗
---------------------------------------------
ESET researchers describe the structure of the virtual machine used in samples of Wslink and suggest a possible approach to see through its obfuscation techniques
---------------------------------------------
https://www.welivesecurity.com/2022/03/28/under-hood-wslink-multilayered-virtual-machine/


∗∗∗ Vulnerability Management in a nutshell ∗∗∗
---------------------------------------------
Vulnerability Management plays an important role in an organization’s line of defense. However, setting up a Vulnerability Management process can be very time consuming. This blogpost will briefly cover the core principles of Vulnerability Management and how it can help protect your organization against threats and adversaries looking to abuse weaknesses.
---------------------------------------------
https://blog.nviso.eu/2022/03/28/vulnerability-management-in-a-nutshell/


∗∗∗ Ransomware profile: RansomExx ∗∗∗
---------------------------------------------
A comprehensive profile of the RansomExx ransomware strain.
---------------------------------------------
https://blog.emsisoft.com/en/41027/ransomware-profile-ransomexx/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdate: Sophos Firewall könnte Schadcode passieren lassen ∗∗∗
---------------------------------------------
Die Firewall von Sophos ist löchrig. Aktualisierte Versionen lösen das Sicherheitsproblem.
---------------------------------------------
https://heise.de/-6653493


∗∗∗ Whitepaper – Double Fetch Vulnerabilities in C and C++ ∗∗∗
---------------------------------------------
Double fetch vulnerabilities in C and C++ have been known about for a number of years. However, they can appear in multiple forms and can have varying outcomes. As much of this information is spread across various sources, this whitepaper, draws the knowledge together into a single place, in order to better describe the different [...]
---------------------------------------------
https://research.nccgroup.com/2022/03/28/whitepaper-double-fetch-vulnerabilities-in-c-and-c/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium and faad2), Fedora (dotnet3.1, libass, linux-firmware, python-paramiko, seamonkey, and xen), openSUSE (perl-DBD-SQLite and wavpack), Slackware (seamonkey), SUSE (perl-DBD-SQLite and wavpack), and Ubuntu (binutils, python2.7, python3.4, python3.5, python3.6, python3.8, and smarty3).
---------------------------------------------
https://lwn.net/Articles/889423/


∗∗∗ CISA Adds 66 Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CISA has added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/03/25/cisa-adds-66-known-exploited-vulnerabilities-catalog


∗∗∗ Microsoft Security Update Revisions (25. März 2022) ∗∗∗
---------------------------------------------
Microsoft hat zum 25. März 2022 noch einige Revisionen für Sicherheitsupdates veröffentlicht. In den Revisionen werden geänderte Einschätzungen zu Schwachstellen thematisiert. Hier eine unkommentierte Übersicht.
---------------------------------------------
https://www.borncity.com/blog/2022/03/28/microsoft-security-update-revisions-25-mrz-2022/


∗∗∗ SonicWall SonicOS: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K22-0348


∗∗∗ PowerDNS: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K22-0358


∗∗∗ Cross-Site Scripting-Schwachstelle in DHC Vision (SYSS-2022-019) ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/cross-site-scripting-schwachstelle-in-dhc-vision-syss-2022-019


∗∗∗ SQL Injection in der B2B Suite des Shopware e-Commerce Frameworks (SYSS-2022-018) ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/sql-injection-in-der-b2b-suite-des-shopware-e-commerce-frameworks-syss-2022-018


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2021-35550, CVE-2021-35603) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-watson-explorer-and-watson-explorer-content-analytics-studio-cve-2021-35550-cve-2021-35603/


∗∗∗ Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-management-system-monitor-is-affected-by-a-vulnerability-in-ibm-sdk-java-technology-edition-5/


∗∗∗ Security Bulletin: Cross Site Scripting may affect IBM Business Automation Workflow and IBM Case Manager (ICM) – CVE-2020-4768 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-may-affect-ibm-business-automation-workflow-and-ibm-case-manager-icm-cve-2020-4768-2/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2021-35578) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-watson-explorer-and-watson-explorer-content-analytics-studio-cve-2021-35578/


∗∗∗ Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-23181 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-build-is-affected-by-cve-2022-23181/


∗∗∗ Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-42340 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-build-is-affected-by-cve-2021-42340/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily