[CERT-daily] Tageszusammenfassung - 16.05.2022

Mon May 16 18:16:43 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 13-05-2022 18:00 − Montag 16-05-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Microsoft warnt vor Sysrv-Botnet ∗∗∗
---------------------------------------------
Eine neue Variante des Sysrv-Botnets hat Microsoft beobachtet, die Windows- und Linux-Systeme befällt, um Kryptowährungen zu schürfen.
---------------------------------------------
https://heise.de/-7095053


∗∗∗ HTML attachments in phishing e-mails ∗∗∗
---------------------------------------------
In this article we review phishing HTML attachments, explaining common tricks the attackers use, and give statistics on HTML attachments detected by Kaspersky solutions.
---------------------------------------------
https://securelist.com/html-attachments-in-phishing-e-mails/106481/


∗∗∗ Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys ∗∗∗
---------------------------------------------
We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys. Because of the number and popularity of these apps — some of them have been installed over a hundred thousand times — we decided to shed some light on what these apps actually do by focusing on some of the more notable examples.
---------------------------------------------
https://www.trendmicro.com/en_us/research/22/e/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html


∗∗∗ SIP Digest Leak: Angriff auf SIP-Konten ∗∗∗
---------------------------------------------
Im Fachartikel "SIP Digest Leak" beschreibt IT Security Consultant Moritz Abrell einen SIP-spezifischen Angriff auf VoIP-Systeme.
---------------------------------------------
https://www.syss.de/pentest-blog/sip-digest-leak-angriff-auf-sip-konten


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitslücken in Sonicwall SMA 1000 und SSL-VPN erlauben unbefugten Zugriff ∗∗∗
---------------------------------------------
Sonicwall schließt mehrere Sicherheitslücken in Firmwares von SMA-1000-Geräten und in SSL-VPN NetExtender. Angreifer könnten sich etwa Zugriff verschaffen.
---------------------------------------------
https://heise.de/-7092533


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (gzip, java-1.8.0-openjdk, java-11-openjdk, and zlib), Debian (adminer, htmldoc, imagemagick, libgoogle-gson-java, lrzip, openjdk-8, openssl, and ruby-nokogiri), Fedora (ecdsautils, et, libxml2, podman, and supertux), Mageia (cairo, clamav, curl, fish, freetype2, golang-github-prometheus-client, python-django-registration, python-nbxmpp, python-waitress, and xmlrpc-c), Red Hat (pcs), SUSE (curl, kernel, pidgin, and webkit2gtk3), and Ubuntu (tiff).
---------------------------------------------
https://lwn.net/Articles/895392/


∗∗∗ Security Bulletin: IBM Maximo Asset Management may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-may-be-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-1-2-cve-2021-4104/


∗∗∗ Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center Browser's History (CVE-2022-22484) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-ibm-spectrum-protect-operations-center-browsers-history-cve-2022-22484/


∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22950, XFID:217968) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-multiple-vulnerabilities-cve-2022-22950-xfid217968/


∗∗∗ Security Bulletin: AIX is vulnerable to a denial of service due to OpenSSL (CVE-2022-0778) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-denial-of-service-due-to-openssl-cve-2022-0778/


∗∗∗ Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to sensitive information disclosure (CVE-2020-4957) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-sensitive-information-disclosure-cve-2020-4957/


∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a potential issue in jackson-databind – fasterxml-jackson (217968) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-potential-issue-in-jackson-databind-fasterxml-jackson-217968/


∗∗∗ Security Bulletin: IBM Case Manager is vulnerable to cross-site scripting – CVE-2020-4768 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-case-manager-is-vulnerable-to-cross-site-scripting-cve-2020-4768/


∗∗∗ Security Bulletin: Vulnerabilities with OpenSSL affect IBM Cloud Object Storage Systems (May 2022 V1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-openssl-affect-ibm-cloud-object-storage-systems-may-2022-v1/


∗∗∗ Security Bulletin: Multiple Vulnerabilities have been identified in IBM Cloud Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-cloud-pak-system-2/


∗∗∗ Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks ∗∗∗
---------------------------------------------
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/


∗∗∗ Pepperl+Fuchs: RSM-EX devices - Multiple Bluetooth vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-021/


∗∗∗ Webmin: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K22-0609

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily