[CERT-daily] Tageszusammenfassung - 27.09.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 26-09-2022 18:00 − Dienstag 27-09-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Hackers use PowerPoint files for mouseover malware delivery ∗∗∗
---------------------------------------------
The threat actor lures targets with a PowerPoint (.PPT) file allegedly linked to the Organization for Economic Co-operation and Development (OECD), an intergovernmental organization working towards stimulating economic progress and trade worldwide.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-use-powerpoint-files-for-mouseover-malware-delivery/


∗∗∗ New Erbium password-stealing malware spreads as game cracks, cheats ∗∗∗
---------------------------------------------
The new Erbium information-stealing malware is being distributed as fake cracks and cheats for popular video games to steal victims credentials and cryptocurrency wallets.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-erbium-password-stealing-malware-spreads-as-game-cracks-cheats/


∗∗∗ Pass-the-Hash Attacks and How to Prevent them in Windows Domains ∗∗∗
---------------------------------------------
Hackers often start out with nothing more than a low-level user account and then work to gain additional privileges that will allow them to take over the network. One of the methods that is commonly used to acquire these privileges is a pass-the-hash attack.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/pass-the-hash-attacks-and-how-to-prevent-them-in-windows-domains/


∗∗∗ Anlagebetrug: Vorsicht vor Diensten, die Ihnen helfen wollen, Ihr verlorenes Geld zurückzubekommen ∗∗∗
---------------------------------------------
Haben Sie bei einer betrügerischen Investmentplattform Geld verloren? Dann nehmen Sie sich vor Folgebetrug in Acht. Kriminelle bewerben Dienstleistung, die Ihnen angeblich dabei helfen, Ihr verlorenes Geld zurückzubekommen. Angebote von finanzaufsicht.com oder firstmoneyback.com sind aber Fake! Sie werden erneut betrogen!
---------------------------------------------
https://www.watchlist-internet.at/news/anlagebetrug-vorsicht-vor-diensten-die-ihnen-helfen-wollen-ihr-verlorenes-geld-zurueckzubekommen/


∗∗∗ More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID ∗∗∗
---------------------------------------------
Polyglot files, such as the malicious CHM file analyzed here, can be abused to hide from anti-malware systems that rely on file format identification.
---------------------------------------------
https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload/


∗∗∗ What happens with a hacked Instagram account – and how to recover it ∗∗∗
---------------------------------------------
Had your Instagram account stolen? Don’t panic – here’s how to get your account back and how to avoid getting hacked (again).
---------------------------------------------
https://www.welivesecurity.com/2022/09/26/what-happens-hacked-instagram-account-how-recover/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dovecot and firefox-esr), Fedora (firefox and grafana), Red Hat (firefox and thunderbird), Slackware (dnsmasq and vim), SUSE (dpdk, firefox, kernel, libarchive, libcaca, mariadb, openvswitch, opera, permissions, podofo, snakeyaml, sqlite3, unzip, and vsftpd), and Ubuntu (expat, libvpx, linux-azure-fde, linux-oracle, squid, squid3, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/909576/


∗∗∗ SECURITY - ABB Central Licensing System Vulnerabilities, impact on ABB Ability SCADAvantage ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A3198&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-commons-fileupload-affects-ibm-tivoli-business-service-manager-cve-2013-2186-cve-2013-0248-cve-2016-3092-cve-2014-0050-220723/


∗∗∗ Security Bulletin: A vulnerability in FasterXML Woodstox affects IBM Tivoli Business Service Manager (220573) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-fasterxml-woodstox-affects-ibm-tivoli-business-service-manager-220573/


∗∗∗ Veritas NetBackup: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1541


∗∗∗ Publish SBA-ADV-20220328-01: Vtiger CRM Stored Cross-Site Scripting ∗∗∗
---------------------------------------------
https://github.com/sbaresearch/advisories/commit/28e164f1cb73e4885a58616d1b0f9e40309c5e02


∗∗∗ Hitachi Energy APM Edge ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-270-02


∗∗∗ Rockwell Automation ThinManager ThinServer ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-270-03


∗∗∗ Hitachi Energy AFS660/AFS665 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-270-01


∗∗∗ September 23rd 2022 Security Releases ∗∗∗
---------------------------------------------
https://nodejs.org/en/blog/vulnerability/september-2022-security-releases

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily