[CERT-daily] Tageszusammenfassung - 05.09.2022

Mon Sep 5 18:10:44 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 02-09-2022 18:00 − Montag 05-09-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Malware dev open-sources CodeRAT after being exposed ∗∗∗
---------------------------------------------
The source code of a remote access trojan (RAT) dubbed CodeRAT has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malware-dev-open-sources-coderat-after-being-exposed/


∗∗∗ Quickie: Grep & Tail -f With Notepad++, (Mon, Sep 5th) ∗∗∗
---------------------------------------------
Notepad++ is a free and open source text editor for Windows. You can simulate grep-like functionality with Notepad++ in 2 steps.
---------------------------------------------
https://isc.sans.edu/diary/rss/29018


∗∗∗ Prynt Stealer Contains a Backdoor to Steal Victims Data Stolen by Other Cybercriminals ∗∗∗
---------------------------------------------
Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims exfiltrated data when used by other cybercriminals.
---------------------------------------------
https://thehackernews.com/2022/09/prynt-stealer-contains-backdoor-to.html


∗∗∗ Win32/Hive.ZY: Update stoppt Fehlalarmserie von Microsoft Defender unter Windows ∗∗∗
---------------------------------------------
Die Windows-Virenabwehr Defender hat fälschlicherweise Chrome, Edge & Co. als Trojaner eingestuft.
---------------------------------------------
https://heise.de/-7253919


∗∗∗ Ransomware: Der Trend geht zum Angriff auf Linux-Server ∗∗∗
---------------------------------------------
Trend Micro sieht im ersten Halbjahr 2022 ein Wachstum bei Ransomware-Angriffen. Linux-Umgebungen sind 75 Prozent häufiger ein Ziel als im Vorjahreszeitraum.
---------------------------------------------
https://heise.de/-7254059


∗∗∗ There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities ∗∗∗
---------------------------------------------
As part of this research, NCC Group focused on the secure boot chain implemented by UNISOC processors used in Android phones and tablets. Several vulnerabilities in the Boot ROM were discovered which could persistently undermine secure boot. 
---------------------------------------------
https://research.nccgroup.com/2022/09/02/theres-another-hole-in-your-soc-unisoc-rom-vulnerabilities/


∗∗∗ Was tun, wenn mein Gerät mit Schadsoftware infiziert wurde? ∗∗∗
---------------------------------------------
Schadsoftware (auch Malware) kann viele Formen annehmen und mit unterschiedlichen Bedrohungen für Sie und Ihr Gerät einhergehen. Schäden, die dabei entstehen können, bewegen sich vom Datendiebstahl, über das Zuspammen mit Werbung bis hin zu Lösegeldforderungen. 
---------------------------------------------
https://www.watchlist-internet.at/news/was-tun-wenn-mein-geraet-mit-schadsoftware-infiziert-wurde/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Jetzt patchen! Google warnt vor möglichen Attacken auf Chrome ∗∗∗
---------------------------------------------
Ein wichtiges Sicherheitsupdate schließt eine Lücke im Webbrowser Chrome.
---------------------------------------------
https://heise.de/-7253510


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (flac, ghostscript, libmodbus, qemu, rails, ruby-rack, and thunderbird), Fedora (kernel, kernel-headers, kernel-tools, libtar, qt5-qtwebengine, subscription-manager-cockpit, tcpreplay, and vim), Mageia (chromium-browser-stable, webkit2, and ytnef), SUSE (curl, firefox, freerdp, gdk-pixbuf, ImageMagick, json-c, libgda, php-composer2, and python-pyxdg), and Ubuntu (libzstd, linux-aws, linux-aws-5.4, linux-azure-5.4, and linux-oem-5.17).
---------------------------------------------
https://lwn.net/Articles/907201/


∗∗∗ DeadBolt Ransomware ∗∗∗
---------------------------------------------
QNAP detected a new DeadBolt ransomware campaign on the morning of September 3rd, 2022 (GMT+8).
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-22-24


∗∗∗ Security Bulletin: DataStage on Cloud Pak for Data Is Vulnerable to Sensitive Information Disclosure Error (CVE-2022-38714) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-datastage-on-cloud-pak-for-data-is-vulnerable-to-sensitive-information-disclosure-error-cve-2022-38714/


∗∗∗ Security Bulletin: Information Disclosure and Denial of Service Vulnerabilities in the IBM Spectrum Protect Backup-Archive Client may affect IBM Spectrum Protect for Space Management (CVE-2022-22478, CVE-2022-22474) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-and-denial-of-service-vulnerabilities-in-the-ibm-spectrum-protect-backup-archive-client-may-affect-ibm-spectrum-protect-for-space-management-cve-2022-22478/


∗∗∗ Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2022 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-cloud-pak-for-business-automation-ifixes-for-august-2022/


∗∗∗ Security Bulletin: Prototype pollution vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – [CVE-2021-23450] ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-prototype-pollution-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2021-23450/


∗∗∗ Security Bulletin: Persistent Cross-Site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2022-35644 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-persistent-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2022-35644/


∗∗∗ OTRS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1286

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily