[CERT-daily] Tageszusammenfassung - 20.05.2022

Daily end-of-shift report team at cert.at
Fri May 20 18:28:47 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 19-05-2022 18:00 − Freitag 20-05-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices ∗∗∗
---------------------------------------------
Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malwares capabilities and key infection signs.
---------------------------------------------
https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/


∗∗∗ Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware ∗∗∗
---------------------------------------------
Fraudulent domains masquerading as Microsofts Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware.
---------------------------------------------
https://thehackernews.com/2022/05/hackers-trick-users-with-fake-windows.html


∗∗∗ Cytroxs Predator Spyware Targeted Android Users with Zero-Day Exploits ∗∗∗
---------------------------------------------
Googles Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users.
---------------------------------------------
https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.html


∗∗∗ Metastealer – filling the Racoon void ∗∗∗
---------------------------------------------
MetaStealer is a new information stealer variant designed to fill the void following Racoon stealer suspending operations in March of this year.
---------------------------------------------
https://research.nccgroup.com/2022/05/20/metastealer-filling-the-racoon-void/


∗∗∗ Emotet Being Distributed Using Various Files ∗∗∗
---------------------------------------------
The ASEC analysis team has recently discovered the distribution of Emotet through link files (.lnk). The malware has been steadily distributed in the past, but starting from April, it was found that the Emotet downloader uses Excel files as well as link files (.lnk).
---------------------------------------------
https://asec.ahnlab.com/en/34556/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Oracle Security Alert for CVE-2022-21500 - 19 May 2022 ∗∗∗
---------------------------------------------
This Security Alert addresses vulnerability CVE-2022-21500, which affects some deployments of Oracle E-Business Suite.
---------------------------------------------
https://www.oracle.com/security-alerts/alert-cve-2022-21500.html


∗∗∗ Angreifer könnten mit DNS-Software BIND erstellte TLS-Sessions "zerstören" ∗∗∗
---------------------------------------------
Es gibt ein wichtiges Sicherheitsupdate für BIND, welches Admins zeitnah installieren sollten.
---------------------------------------------
https://heise.de/-7101032


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (kernel), Debian (ark, openldap, and thunderbird), Fedora (freetype and vim), Oracle (.NET 5.0, .NET 6.0, .NET Core 3.1, container-tools:3.0, glibc, kernel, rsync, and subversion:1.10), Scientific Linux (kernel), SUSE (dcraw, firefox, glib2, ImageMagick, kernel-firmware, libxml2, libyajl, php7, ucode-intel, and unrar), and Ubuntu (openldap).
---------------------------------------------
https://lwn.net/Articles/895862/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-process-designer-in-ibm-business-automation-workflow-and-ibm-business-process-manager-2/


∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities. (CVE-2021-23450, CVE-1999-0001) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-two-websphere-application-server-vulnerabilities-cve-2021-23450-cve-1999-0001/


∗∗∗ Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-is-vulnerable-to-spoofing-cve-2022-22365/


∗∗∗ Security Bulletin: IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-with-automation-anywhere-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/


∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities. (CVE-2021-39038, CVE-1999-0002) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-two-websphere-application-server-vulnerabilities-cve-2021-39038-cve-1999-0002/


∗∗∗ Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to Cross-site Scripting (XSS) vulnerability (CVE-2021-39043) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-engineering-lifecycle-management-is-vulnerable-to-cross-site-scripting-xss-vulnerability-cve-2021-39043/


∗∗∗ Galleon NTS-6002-GPS Command Injection vulnerability (CVE-2022-27224) ∗∗∗
---------------------------------------------
https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/


∗∗∗ Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/


∗∗∗ Grafana: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0639


∗∗∗ Trend Micro Security Produkte: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0638

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list