[CERT-daily] Tageszusammenfassung - 11.05.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 10-05-2022 18:00 − Mittwoch 11-05-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ New IceApple exploit toolset deployed on Microsoft Exchange servers ∗∗∗
---------------------------------------------
Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-iceapple-exploit-toolset-deployed-on-microsoft-exchange-servers/


∗∗∗ New stealthy Nerbian RAT malware spotted in ongoing attacks ∗∗∗
---------------------------------------------
A new remote access trojan called Nerbian RAT has been discovered that includes a rich set of features, including the ability to evade detection and analysis by researchers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-stealthy-nerbian-rat-malware-spotted-in-ongoing-attacks/


∗∗∗ TA578 using thread-hijacked emails to push ISO files for Bumblebee malware, (Wed, May 11th) ∗∗∗
---------------------------------------------
Identified by Proofpoint as the threat actor behind the Contact Forms campaign, TA578 also appears to be pushing ISO files for Bumblebee malware through thread-hijacked emails.
---------------------------------------------
https://isc.sans.edu/diary/rss/28636


∗∗∗ Vorsicht vor aktuellen BAWAG-Phishing-Mails! ∗∗∗
---------------------------------------------
Auch aktuell kursieren unzählige Phishing-Nachrichten und landen in den E-Mail-Postfächern potenzieller Opfer. Bei neuen Betrugs-Mails im Namen der BAWAG P.S.K. haben sich die Kriminellen wieder etwas Neues einfallen lassen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-aktuellen-bawag-phishing-mails/


∗∗∗ From Project File to Code Execution: Exploiting Vulnerabilities in XINJE PLC Program Tool ∗∗∗
---------------------------------------------
Team82 has uncovered two vulnerabilities in XINJE’s PLC Program Tool, an engineering workstation.
---------------------------------------------
https://claroty.com/2022/05/11/blog-research-from-project-file-to-code-execution-exploiting-vulnerabilities-in-xinje-plc-program-tool/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws ∗∗∗
---------------------------------------------
Today is Microsofts May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2022-patch-tuesday-fixes-3-zero-days-75-flaws/


∗∗∗ HP fixes bug letting attackers overwrite firmware in over 200 models ∗∗∗
---------------------------------------------
HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which might allow arbitrary code execution.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hp-fixes-bug-letting-attackers-overwrite-firmware-in-over-200-models/


∗∗∗ Patchday Adobe: Schadcode-Lücken bedrohen ColdFusion, InDesign & Co. ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für Anwendungen von Adobe. Den Großteil der Lücken stuft der Software-Hersteller als kritisch ein.
---------------------------------------------
https://heise.de/-7081357


∗∗∗ Patchday: SAP behebt acht neu entdeckte Sicherheitsprobleme ∗∗∗
---------------------------------------------
Zum Mai-Patchday meldet SAP acht neue Sicherheitslücken und aktualisiert Artikel zu vier Schwachstellen, die das Unternehmen bereits früher abgedichtet hat.
---------------------------------------------
https://heise.de/-7081276


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mutt), Fedora (blender, freerdp, kernel, kernel-headers, kernel-tools, mingw-freetype, and vim), Oracle (kernel and kernel-container), Red Hat (aspell, bind, bluez, c-ares, cairo and pixman, cockpit, compat-exiv2-026, container-tools:3.0, container-tools:rhel8, cpio, dovecot, exiv2, fapolicyd, fetchmail, flatpak, gfbgraph, gnome-shell, go-toolset:rhel8, grafana, grub2, httpd:2.4, keepalived, kernel, kernel-rt, libpq, libreoffice, libsndfile, libssh, [...]
---------------------------------------------
https://lwn.net/Articles/894802/


∗∗∗ Intel: May 2022 Patchday ∗∗∗
---------------------------------------------
https://www.intel.com/content/www/us/en/security-center/default.html


∗∗∗ Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to Cross-site Scripting (XSS). (CVE-2021-39059) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-engineering-lifecycle-management-is-vulnerable-to-cross-site-scripting-xss-cve-2021-39059/


∗∗∗ Security Bulletin: Vulnerability in remote support authentication affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-remote-support-authentication-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System (CVE-2021-21994, CVE-2021-21995) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-esxi-affect-ibm-cloud-pak-system-cve-2021-21994-cve-2021-21995-4/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-october-2021-2/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2022-22345) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-xss-cve-2022-22345/


∗∗∗ ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities ∗∗∗
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-address-43-vulnerabilities


∗∗∗ PHOENIX CONTACT: Multiple vulnerabilities in RAD-ISM-900-EN-BD devices ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-018/


∗∗∗ AMD Prozessoren: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0567


∗∗∗ Google Releases Security Updates for Chrome ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/05/11/google-releases-security-updates-chrome


∗∗∗ Intel Boot Guard and Intel TXT Advisory ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500488-INTEL-BOOT-GUARD-AND-INTEL-TXT-ADVISORY


∗∗∗ Intel SSD Firmware Advisory ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500487-INTEL-SSD-FIRMWARE-ADVISORY


∗∗∗ Lenovo Smart Standby Driver Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500486-LENOVO-SMART-STANDBY-DRIVER-VULNERABILITY

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily