[CERT-daily] Tageszusammenfassung - 30.03.2022

Wed Mar 30 18:30:13 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 29-03-2022 18:00 − Mittwoch 30-03-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Mars Stealer malware pushed via OpenOffice ads on Google ∗∗∗
---------------------------------------------
A newly launched information-stealing malware variant called Mars Stealer is rising in popularity, and threat analysts are now spotting the first notable large-scale campaigns employing it.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mars-stealer-malware-pushed-via-openoffice-ads-on-google/


∗∗∗ Viasat shares details on KA-SAT satellite service cyberattack ∗∗∗
---------------------------------------------
US satellite communications provider Viasat has shared an incident report regarding the cyberattack that affected its KA-SAT consumer-oriented satellite broadband service on February 24, the day Russia invaded Ukraine.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/viasat-shares-details-on-ka-sat-satellite-service-cyberattack/


∗∗∗ Angriff auf Schnellllader: Forscher können Ladevorgänge per Funk unterbrechen ∗∗∗
---------------------------------------------
CCS hat sich als Standard beim Schnellladen von Elektroautos etabliert. Doch der Ladevorgang lässt sich durch Funksignale zum Absturz bringen.
---------------------------------------------
https://www.golem.de/news/schnelllladen-forscher-bringen-ccs-ladevorgaenge-per-funk-zum-absturz-2203-164273-rss.html


∗∗∗ Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks ∗∗∗
---------------------------------------------
Team Nautilus has uncovered a Python-based ransomware attack that, for the first time, was targeting Jupyter Notebook, a popular tool used by data practitioners. The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack.
---------------------------------------------
https://blog.aquasec.com/python-ransomware-jupyter-notebook


∗∗∗ Kostenlose Webinar-Reihe: So schützen Sie sich im Internet ∗∗∗
---------------------------------------------
Mit Unterstützung der Arbeiterkammer Burgenland veranstalten unsere KollegInnen von saferinternet.at ab 5. April eine Webinar-Reihe. Die kostenlosen Webinare sind für alle interessierten Erwachsenen offen und beschäftigen sich mit dem sicheren und verantwortungsvollen Umgang mit digitalen Medien. Mit dabei sind auch ExpertInnen der Watchlist Internet.
---------------------------------------------
https://www.watchlist-internet.at/news/kostenlose-webinar-reihe-so-schuetzen-sie-sich-im-internet/


∗∗∗ Investigating an engineering workstation – Part 2 ∗∗∗
---------------------------------------------
In this second post we will focus on specific evidence written by the TIA Portal. As you might remember, in the first part we covered standard Windows-based artefacts regarding execution of the TIA Portal and usage of projects.
---------------------------------------------
https://blog.nviso.eu/2022/03/30/investigating-an-engineering-workstation-part-2/


∗∗∗ Advanced warning: probable remote code execution (RCE) in Spring, an extremely popular Java framework ∗∗∗
---------------------------------------------
This notice is intended to alert you that there may be a significant issue with Spring which, if confirmed, would require immediate attention.In the morning (New York time) on Wednesday, March 29th, 2022, a member of the security research team KnownSec posted a now-removed screenshot to Twitter purporting to show a trivially-exploited remote code execution vulnerability against Spring core, the most popular Java framework in use on the Internet. The researcher did not provide a proof-of-concept or public details.
---------------------------------------------
https://bugalert.org/content/notices/2022-03-29-spring.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Jetzt aktualisieren! Angriffe auf Sicherheitslücke in Trend Micro Apex Central ∗∗∗
---------------------------------------------
Trend Micro warnt vor Angriffen auf eine Sicherheitslücke in zentralen Verwaltungssoftware Apex Central. Zum Abdichten des Lecks stehen Updates bereit.
---------------------------------------------
https://heise.de/-6656849


∗∗∗ VMSA-2022-0009 ∗∗∗
---------------------------------------------
CVSSv3 Range: 5.5
CVE(s): CVE-2022-22948
Synopsis: VMware vCenter Server updates address an information disclosure vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0009.html


∗∗∗ Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk ∗∗∗
---------------------------------------------
On February 15, 2022, the Wordfence Threat Intelligence team finished research on two separate vulnerabilities in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin with over 100,000 installations. [...] A patched version, 5.174.1, was made available on March 25, 2022.
---------------------------------------------
https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (expat, firefox, httpd, openssl, and thunderbird), Debian (cacti), Fedora (kernel, rsh, unrealircd, and xen), Mageia (kernel and kernel-linus), openSUSE (apache2, java-1_8_0-ibm, kernel, openvpn, and protobuf), Oracle (openssl), Red Hat (httpd:2.4, kernel, kpatch-patch, and openssl), SUSE (apache2, java-1_7_1-ibm, java-1_8_0-ibm, kernel, openvpn, protobuf, and zlib), and Ubuntu (chromium-browser and paramiko).
---------------------------------------------
https://lwn.net/Articles/889682/


∗∗∗ SaltStack Salt: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SaltStack Salt ausnutzen, um Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen, Privilegien zu erweitern oder beliebigen Programmcode auszuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0371


∗∗∗ Trend Micro AntiVirus für Mac: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro AntiVirus für Mac ausnutzen, um seine Privilegien zu erhöhen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0370


∗∗∗ Google Releases Security Updates for Chrome ∗∗∗
---------------------------------------------
Google has released Chrome version 100.0.4896.60 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/03/30/google-releases-security-updates-chrome


∗∗∗ Password-Hash-Preisgabe im CMS Statamic (SYSS-2022-022) ∗∗∗
---------------------------------------------
Im CMS Statamic können in der REST-API Passwort-Hash-Werte aller Benutzer:innen ausgelesen werden. Dies kann zur Übernahme der Website führen.
---------------------------------------------
https://www.syss.de/pentest-blog/password-hash-preisgabe-in-statamic-cms-syss-2022-022


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2021and Jan 2022 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2021and-jan-2022/


∗∗∗ Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-eclipse-jetty-vulnerability-affects-ibm-rational-functional-tester-2/


∗∗∗ PHOENIX CONTACT: Vulnerabilities in XML parser library Expat (libexpat) ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-005/


∗∗∗ Buffer Overflow Vulnerability in Recovery Image ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-446276-bt.html


∗∗∗ CVE-2022-0778: Sicherheitslücken mit Denial of Service-Potential in OpenSSL ∗∗∗
---------------------------------------------
https://www.sprecher-automation.com/it-sicherheit/security-alerts

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily