[CERT-daily] Tageszusammenfassung - 05.05.2022

Daily end-of-shift report team at cert.at
Thu May 5 18:08:38 CEST 2022 

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 04-05-2022 18:00 − Donnerstag 05-05-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ New NetDooka malware spreads via poisoned search results ∗∗∗
---------------------------------------------
A new malware framework known as NetDooka has been discovered being distributed through the PrivateLoader pay-per-install (PPI) malware distribution service, allowing threat actors full access to an infected device.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-netdooka-malware-spreads-via-poisoned-search-results/


∗∗∗ The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet ∗∗∗
---------------------------------------------
Cluster25 researchers, during a comparative analysis performed at the beginning of March 2022, found evidence that suggests a possible relationships between a piece of malware belonging to the Sprite Spider arsenal (or some elements that are or were part of it) and Vavet Loader.
---------------------------------------------
https://cluster25.io/2022/05/03/a-strange-link-between-a-destructive-malware-and-the-loader-of-a-ransomware-group-isaacwiper-vs-vatet/


∗∗∗ The curious case of mavinject.exe ∗∗∗
---------------------------------------------
Mavinject is a LOLBIN currently employed by the infamous adversary group Lazarus successfully evades detection by various security products because the execution is masked under a legitimate process.
---------------------------------------------
https://fourcore.io/blogs/mavinject-curious-process-injection



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Security Advisories 2022-05-04 ∗∗∗
---------------------------------------------
Cisco published 9 Security Advisories (1 Critical, 8 Medium Severity)
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2022%2F05%2F04&firstPublishedEndDate=2022%2F05%2F04&limit=50


∗∗∗ Angreifer könnten die volle Kontrolle über F5 BIG-IP-Systeme erlangen ∗∗∗
---------------------------------------------
Wichtige Sicherheitsupdates schließen unter anderem eine kritische Lücke in BIG-IP-Systemen. Admins sollten jetzt handeln.
---------------------------------------------
https://heise.de/-7075530


∗∗∗ Sicherheitsupdates: Cisco schließt VM-Ausbruch-Lücken mit Root-Zugriff ∗∗∗
---------------------------------------------
Der Netzwerkausrüster Cisco hat unter anderem in Enterprise NFV Infrastrucutre Software eine kritische Lücke geschlossen.
---------------------------------------------
https://heise.de/-7075725


∗∗∗ Sicherheitsupdate schützt IBMs Datenbanksystem Informix Dynamic Server ∗∗∗
---------------------------------------------
Ein wichtiger Sicherheitspatch schließt eine Schwachstelle in IBMs Informix Dynamic Server.
---------------------------------------------
https://heise.de/-7076231


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr), Fedora (firefox, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, recutils, suricata, and zchunk), Oracle (firefox and kernel), Red Hat (firefox), Scientific Linux (firefox), Slackware (mozilla, openssl, and seamonkey), SUSE (apache2-mod_auth_mellon, libvirt, and pgadmin4), and Ubuntu (dpdk, mysql-5.7, networkd-dispatcher, openssl, openssl1.0, sqlite3, and twisted).
---------------------------------------------
https://lwn.net/Articles/894036/


∗∗∗ 10 Jahre alte Schwachstellen in Avast und AVG gefährden Millionen Nutzer ∗∗∗
---------------------------------------------
Sicherheitsforscher von Sentinel One haben in den Sicherheitsprodukten von Avast und AVG zwei seit 10 Jahren bestehende, schwerwiegende Schwachstellen entdeckt, die Millionen von Nutzern gefährden.
---------------------------------------------
https://www.borncity.com/blog/2022/05/05/10-jahre-alte-schwachstellen-in-avast-und-avg-gefhrden-millionen-nutzer/


∗∗∗ Image Field Caption - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-036 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-036


∗∗∗ Doubleclick for Publishers (DFP) - Moderately critical - Cross site scripting - SA-CONTRIB-2022-035 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-035


∗∗∗ Link - Moderately critical - Cross site scripting - SA-CONTRIB-2022-034 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-034


∗∗∗ Duo Two-Factor Authentication - Critical - Unsupported - SA-CONTRIB-2022-039 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-039


∗∗∗ Quick Node Clone - Moderately critical - Access bypass - SA-CONTRIB-2022-038 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-038


∗∗∗ Security Bulletin: Cross-site scripting vulnerabilities in jQuery may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-11022, CVE-2020-11023 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-may-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-11022-cve-2020-11023/


∗∗∗ Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-robotic-process-automation-4/


∗∗∗ Security Bulletin: IBM Robotic Process Automation could allow a user with physical access to create an API request modified to create additional objects (CVE-2022-22434) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-could-allow-a-user-with-physical-access-to-create-an-api-request-modified-to-create-additional-objects-cve-2022-22434/


∗∗∗ Security Bulletin: IBM Robotic Process Automation is vulnerable to an issue where an API could be used to perform a DNS lookup via a third party provider. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-an-issue-where-an-api-could-be-used-to-perform-a-dns-lookup-via-a-third-party-provider/


∗∗∗ Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-7656, CVE-2020-11022, CVE-2020-11023 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023-3/


∗∗∗ Security Bulletin: IBM Robotic Process Automation may allow regular users to view some admin pages. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-may-allow-regular-users-to-view-some-admin-pages/


∗∗∗ Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-robotic-process-automation-3/


∗∗∗ Security Bulletin: IBM Security Guardium Data Encryption has vulnerability ( CVE-2021-39020) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-data-encryption-has-vulnerability-cve-2021-39020/


∗∗∗ Security Vulnerabilities fixed in Thunderbird 91.9 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list