[CERT-daily] Tageszusammenfassung - 03.05.2022

Daily end-of-shift report team at cert.at
Tue May 3 18:13:29 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 02-05-2022 18:00 − Dienstag 03-05-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Cyberspies use IP cameras to deploy backdoors, steal Exchange emails ∗∗∗
---------------------------------------------
A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cyberspies-use-ip-cameras-to-deploy-backdoors-steal-exchange-emails/


∗∗∗ AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws.
---------------------------------------------
https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html


∗∗∗ Zyxel firmware extraction and password analysis ∗∗∗
---------------------------------------------
In this first article of our Zyxel audit series we will cover firmware extraction and password decryption against Zyxel ZyWALL Unified Security Gateway (USG) appliances.
---------------------------------------------
https://security.humanativaspa.it/zyxel-firmware-extraction-and-password-analysis/


∗∗∗ Trend Micros Apex One meldet Trojaner im Webbrowser Microsoft Edge ∗∗∗
---------------------------------------------
Es mehren sich Beschwerden von Nutzern in den Internetforen, dass der Virenscanner Apex One bei Ihnen einen Trojaner-Befall in Microsofts Edge-Browser meldet.
---------------------------------------------
https://heise.de/-7073156


∗∗∗ Vorsicht vor Betrug auf BlaBlaCar ∗∗∗
---------------------------------------------
BlaBlaCar, eine Plattform für Mitfahrgelegenheiten, gerät ins Visier von Kriminellen. Kriminelle erstellen bei BlaBlaCar Fake-Profile und bieten Fahrten an. Mitfahrer:innen, die diese Fahrt buchen, werden dann auf WhatsApp kontaktiert und auf eine betrügerische Zahlungsplattform gelockt.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-betrug-auf-blablacar/


∗∗∗ Attackers Target Packages in Multiple Programming Languages in Recent Software Supply Chain Attacks ∗∗∗
---------------------------------------------
Malicious packages in multiple programming languages that went undetected for years were revealed by the Checkmarx Supply Chain Security team using advanced threat hunting techniques.
---------------------------------------------
https://checkmarx.com/blog/attackers-target-packages-in-multiple-programming-languages-in-recent-software-supply-chain-attacks/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Unpatched DNS bug affects millions of routers and IoT devices ∗∗∗
---------------------------------------------
A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/unpatched-dns-bug-affects-millions-of-routers-and-iot-devices/


∗∗∗ Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches ∗∗∗
---------------------------------------------
Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information.
---------------------------------------------
https://thehackernews.com/2022/05/critical-tlstorm-20-bugs-affect-widely.html


∗∗∗ Fortinet Security Advisories (FortiClient, FortiSOAR, FortiIsolator, FortiOS, FortiProxy, PJSIP Library, FortiNAC) ∗∗∗
---------------------------------------------
* FortiClient (Windows) - Privilege escalation in FortiClient installer
* FortiSOAR - Improper access control on gateway API
* FortiIsolator - Unauthorized user able to regenerate CA certificate
* FortiOS - Improper Inter-VDOM access control
* FortiOS - Lack of certificate verification when establishing secure connections to some external end-points
* FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form
* Multiple vulnerabilities in PJSIP library
* FortiNAC - SQL
---------------------------------------------
https://fortiguard.fortinet.com/psirt?date=05-2022


∗∗∗ Patchday: Wichtige Sicherheitsupdates für Android 10, 11 und 12 erschienen ∗∗∗
---------------------------------------------
Google hat sein mobiles Betriebssystem gegen mehrere mögliche Attacken abgesichert.
---------------------------------------------
https://heise.de/-7072491


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (jackson-databind, kernel, openvpn, and twisted), Fedora (xz), Mageia (chromium-browser-stable and curl), Oracle (vim and xmlrpc-c), Red Hat (gzip), Slackware (libxml2), SUSE (git, python39, and subversion), and Ubuntu (libvirt and mysql-5.7, mysql-8.0).
---------------------------------------------
https://lwn.net/Articles/893681/


∗∗∗ Tenda HG6 v3.3.0 Remote Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5706.php


∗∗∗ Security Bulletin: IBM MaaS360 Cloud Extender Configuration Utility and Mobile Enterprise Gateway have vulnerability (CVE-2021-43797) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maas360-cloud-extender-configuration-utility-and-mobile-enterprise-gateway-have-vulnerability-cve-2021-43797/


∗∗∗ Security Bulletin: Vulnerability in IBM JAVA JDK affects IBM Spectrum Scale (CVE-2022-21291) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-jdk-affects-ibm-spectrum-scale-cve-2022-21291/


∗∗∗ Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to Host Header Injection (CVE-2021-29854) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-and-the-ibm-maximo-manage-application-in-ibm-maximo-application-suite-are-vulnerable-to-host-header-injection-cve-2021-29854/


∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale (CVE-2021-39038) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-scale-cve-2021-39038/


∗∗∗ Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a denial of service in Spring Framework (CVE-2022-22950) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-affected-but-not-classified-as-vulnerable-by-a-denial-of-service-in-spring-framework-cve-2022-22950/


∗∗∗ Security Bulletin: Vulnerability in Intel Xeon affects IBM Cloud Pak System (CVE-2021-0144) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-intel-xeon-affects-ibm-cloud-pak-system-cve-2021-0144-4/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-included-with-ibm-tivoli-monitoring-3/


∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale (CVE-2021-39031) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-scale-cve-2021-39031/


∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow an attacker to decrypt highly sensitive information(CVE-2022-22368) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-that-could-allow-an-attacker-to-decrypt-highly-sensitive-informationcve-2022-22368/


∗∗∗ OpenSSL Security Advisory (CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473) ∗∗∗
---------------------------------------------
https://openssl.org/news/secadv/20220503.txt


∗∗∗ Security Vulnerabilities fixed in Firefox 100 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/


∗∗∗ Yokogawa CENTUM and ProSafe-RS ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-123-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list