Daily April 2022

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - 14.04.2022
by Daily end-of-shift report 14 Apr '22

14 Apr '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-04-2022 18:00 − Donnerstag 14-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New EnemyBot DDoS botnet recruits routers and IoTs into its army ∗∗∗ --------------------------------------------- A new Mirai-based botnet malware named Enemybot has been observed growing its army of infected devices through vulnerabilities in modems, routers, and IoT devices, with the threat actor operating it known as Keksec. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-enemybot-ddos-botnet-rec… ∗∗∗ An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW, (Thu, Apr 14th) ∗∗∗ --------------------------------------------- If your main concern is that you do not have time to apply the April update, stop wasting more time reading this (or anything else about CVE-2022-26809) and start patching. --------------------------------------------- https://isc.sans.edu/diary/rss/28550 ∗∗∗ A Primer on Cold Boot Attacks Against Embedded Systems ∗∗∗ --------------------------------------------- A computers main memory is volatile, and its content disappears if it is not regularly refreshed. This enables some attacks that exploit this behavior. One fairly well-known attack is called the "cold boot attack". --------------------------------------------- https://sec-consult.com/blog/detail/a-primer-on-cold-boot-attacks-against-e… ∗∗∗ "Pipedream": US-Warnung vor ausgeklügelten Cyberangriffen auf Energiesektor ∗∗∗ --------------------------------------------- Mit einem Werkzeugkasten hochentwickelter Cyberwaffen sollen unbekannte Angreifer industrielle Steuerungslagen übernehmen können. --------------------------------------------- https://heise.de/-6670554 ∗∗∗ Microsoft Seizes Control of Notorious Zloader Cybercrime Botnet ∗∗∗ --------------------------------------------- Microsoft has disrupted the operation of one of the most notorious cybercrime botnets and named a Crimean hacker as an alleged perpetrator behind the distribution of ransomware to the network of infected machines. --------------------------------------------- https://www.securityweek.com/microsoft-seizes-control-notorious-zloader-cyb… ∗∗∗ SMS-Werbung für sichernow.com führt in Crypto-Investment-Falle ∗∗∗ --------------------------------------------- Aktuell versenden Kriminelle SMS, in denen für eine Crypto-Investment-Falle geworben wird. Der enthaltene Link führt zu einer betrügerischen Investment-Plattform. --------------------------------------------- https://www.watchlist-internet.at/news/sms-werbung-fuer-sichernowcom-fuehrt… ∗∗∗ Blinding Snort: Breaking the Modbus OT Preprocessor ∗∗∗ --------------------------------------------- Team82 discovered a means by which it could blind the popular Snort intrusion detection and prevention system to malicious packets. --------------------------------------------- https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-mo… ∗∗∗ Old Gremlins, new methods ∗∗∗ --------------------------------------------- After a long break, the Russian-speaking ransomware group OldGremlin resumes attacks in Russia --------------------------------------------- https://blog.group-ib.com/oldgremlin_comeback ∗∗∗ Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer ∗∗∗ --------------------------------------------- Cisco Talos recently observed a new information stealer, called "ZingoStealer" that has been released for free by a threat actor known as "Haskers Gang." --------------------------------------------- http://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html ∗∗∗ Unfolding the Log4j Security Vulnerability and Log4shell TTPs in AWS ∗∗∗ --------------------------------------------- Orca researcher Lidor Ben Shitrit reveals how Log4 shell TTPs in an AWS cloud environment can be used to open up a Log4j security vulnerability. --------------------------------------------- https://orca.security/resources/blog/log4j-security-vulnerability-log4shell… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Security Advisories 2022-04-13 ∗∗∗ --------------------------------------------- 1 Critical, 13 High, 9 Medium Severity --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&secur… ∗∗∗ Jetzt patchen! Attacken auf VMware Identity Manager und Workspace One Access ∗∗∗ --------------------------------------------- Angreifer schieben Krypto-Miner durch eine kritische Schadcode-Lücke in VMware Identity Manager und Workspace One Access. Updates stehen zum Download bereit. --------------------------------------------- https://heise.de/-6677723 ∗∗∗ Lücken in mehren Komponente machen Datenmanagement-Software IBM Db2 angreifbar ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für IBM Db2, IBM Db2 On Openshift und IBM Db2 Warehouse on Cloud Pak for Data. --------------------------------------------- https://heise.de/-6677497 ∗∗∗ Sicherheitsupdate: Admin-Tool Grafana ist verwundbar ∗∗∗ --------------------------------------------- Angreifer könnten Systeme mit der Datenvisualisierungssoftware Grafana attackieren. --------------------------------------------- https://heise.de/-6678300 ∗∗∗ VMSA-2022-0013 ∗∗∗ --------------------------------------------- VMware Cloud Director update addresses remote code execution vulnerability (CVE-2022-22966) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2022-0013.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (lrzip), Fedora (community-mysql, expat, firefox, kernel, mingw-openjpeg2, nss, and openjpeg2), Mageia (ceph, subversion, and webkit2), openSUSE (chromium), Oracle (httpd:2.4), Red Hat (kpatch-patch), Slackware (ruby), SUSE (kernel and netatalk), and Ubuntu (gzip and xz-utils). --------------------------------------------- https://lwn.net/Articles/891354/ ∗∗∗ Security Bulletin: IBM Security Guardium is vulnerable to arbitrary code execution due to Apache log4j (CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Vulnerabilities with libxml2 affect IBM Cloud Object Storage Systems (Apr 2022 V2) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-libx… ∗∗∗ Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint are vulnerable to exposing sensitive information (CVE-2022-22391) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-high-speed-tra… ∗∗∗ Security Bulletin: Vulnerabilities have been identified in Apache Log4j and the application code shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been… ∗∗∗ Security Bulletin: OpenSSL vulnerability impacting Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint 4.3.0 and earlier (CVE-2021-3712) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-imp… ∗∗∗ Security Bulletin: Vulnerability in Apache Struts affects IBM Tivoli Application Dependency Discovery Manager (CVE-2020-17530) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-s… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ K11455641: NGINX LDAP Reference Implementation security exposure ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11455641 ∗∗∗ Juniper JUNOS (J-Web): Mehrere Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0444 ∗∗∗ CVE-2022-0023 PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy (Severity: MEDIUM) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2022-0023 ∗∗∗ PAN-SA-2022-0002 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator (Severity: NONE) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/PAN-SA-2022-0002 ∗∗∗ PAN-SA-2022-0001 Cortex XDR Agent: Supervisor Password Hash Disclosure Vulnerability When Generating Support Files (Severity: LOW) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/PAN-SA-2022-0001 ∗∗∗ CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed) ∗∗∗ --------------------------------------------- https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-ads… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.04.2022
by Daily end-of-shift report 13 Apr '22

13 Apr '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-04-2022 18:00 − Mittwoch 13-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Emotet modules and recent attacks ∗∗∗ --------------------------------------------- Emotet was disrupted in January 2021 and returned in November. This report provides technical description of its active modules and statistics on the malwares recent attacks. --------------------------------------------- https://securelist.com/emotet-modules-and-recent-attacks/106290/ ∗∗∗ Fodcha, a new DDos botnet ∗∗∗ --------------------------------------------- Recently, CNCERT and 360netlab worked together and discovered a rapidly spreading DDoS botnet on the Internet. The global infection looks fairly big as just in China there are more than 10,000 daily active bots (IPs) and alsomore than 100 DDoS victims being targeted on a daily basis. --------------------------------------------- https://blog.netlab.360.com/fodcha-a-new-ddos-botnet/ ∗∗∗ TallGrass - A Python script that enumerates supported antiviruses and their exclusions on Windows hosts within a domain ∗∗∗ --------------------------------------------- Some antiviruses, like Windows Defender, expose their exclusions through the registry. Because of this, it is possible, and somewhat trivial, to enumerate them for potential means of AV evasion. TallGrass queries the domain controller for all domain-joined Windows hosts, then enumerates the AV exclusions for each host. --------------------------------------------- https://github.com/chdav/TallGrass ∗∗∗ PCI DSS 4.0 veröffentlicht: Mehr Sicherheit für Kreditkartendaten ∗∗∗ --------------------------------------------- Die neue Version 4.0 von PCI DSS erweitert den De-facto-Standard der Security für Zahlungssysteme. Vor allem sollen die Ziele flexibler umzusetzen sein. --------------------------------------------- https://heise.de/-6671323 ∗∗∗ Achtung vor unseriösen Urlaubsangeboten wie reisebuero-fuchs.com! ∗∗∗ --------------------------------------------- Die Urlaubsplanungen für Frühling und Sommer sind längst voll in Gang. Das nützen auch Kriminelle und veröffentlichen betrügerische Plattformen zur Urlaubsbuchung. Dort finden Sie tolle Unterkünfte zu top Konditionen. Der Haken: Sie sollen vorab Anzahlungen leisten, die Inhaber:innen der Unterkünfte erfahren aber nichts von Ihren Buchungen und das Geld landet in der Tasche Krimineller! Fazit: Nichts bezahlen! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-unserioesen-urlaubsangeb… ∗∗∗ Coercing NTLM Authentication from SCCM ∗∗∗ --------------------------------------------- tl;dr: Disable NTLM for Client Push Installation [...] Client push installation accounts require local admin privileges to install software on systems in an SCCM site, so it is often possible to relay the credentials and execute actions in the context of a local admin on other SCCM clients in the site. --------------------------------------------- https://posts.specterops.io/coercing-ntlm-authentication-from-sccm-e6e23ea8… ∗∗∗ CVE-2022-26809: All your RPC are belong to us ∗∗∗ --------------------------------------------- Im April 2022 Patchday von Microsoft findet man wieder Updates [...] Spannender ist das Pärchen CVE-2022-26809/CVE-2022-24491 mit RCE: hier kommt zwar der Patch vor der ersten bekannten Ausnutzung der Schwachstelle, dafür sollten bei CVSS 9.8 die Alarmglocken laut läuten. Beim ersten geht es um das generische RPC Service, beim zweiten um den NFS Server. Während NFS nicht überall im Einsatz sein wird, ist Windows RPC auf Port 445 sehr weit verbreitet und innerhalb von Firmennetzen auch zwangsläufig sehr selten durch Firewalls geschützt. --------------------------------------------- https://cert.at/de/aktuelles/2022/4/2022-04-windows-patchday ∗∗∗ [Caution] Virus/XLS Xanpei Infecting Normal Excel Files ∗∗∗ --------------------------------------------- The ASEC analysis team has recently discovered the constant distribution of malware strains that spread the infection when Excel file is opened. Besides infecting normal Excel files, they can also perform additional malicious behaviors such as acting as a downloader and performing DNS Spoofing, therefore, users need to take great caution. --------------------------------------------- https://asec.ahnlab.com/en/33630/ ===================== = Vulnerabilities = ===================== ∗∗∗ Critical flaw in Elementor WordPress plugin may affect 500k sites ∗∗∗ --------------------------------------------- The authors of the Elementor Website Builder plugin for WordPress have just released version 3.6.3 to address a critical remote code execution flaw that may impact as many as 500,000 websites. [..] The latest version includes a commit that implements an additional check on the nonce access, using the "current_user_can" WordPress function. While this should address the security gap, the researchers haven't validated the fix yet, and the Elementor team hasn't published any details about the patch. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-flaw-in-elementor-w… ∗∗∗ Sicherheit: Git gibt Sicherheitslücken bekannt und veröffentlicht Patch ∗∗∗ --------------------------------------------- Git hat zwei Sicherheitslücken bekannt gegeben und gleich auch einen Patch bereitgestellt, der diese stopft: Update dringend empfohlen. --------------------------------------------- https://www.golem.de/news/sicherheit-git-gibt-sicherheitsluecken-bekannt-un… ∗∗∗ Patchday: SAP dichtet 30 Sicherheitslücken ab ∗∗∗ --------------------------------------------- SAP hat zu Lücken in diversen Produkten 21 neue Meldungen veröffentlicht und neun ältere aktualisiert. Administratoren sollten die Updates bald installieren. --------------------------------------------- https://heise.de/-6670382 ∗∗∗ Sicherheitspatch für Apache Struts unvollständig – neues Updates soll es richten ∗∗∗ --------------------------------------------- Aufgrund der Gefahr von möglichen Schadcode-Attacken sollten Admins ihre Apache-Struts-Systeme auf den aktuellen Stand bringen. --------------------------------------------- https://heise.de/-6670584 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (gzip, python-django, and xz), Debian (chromium, subversion, and zabbix), Red Hat (expat, kernel, and thunderbird), SUSE (go1.16, go1.17, kernel, libexif, libsolv, libzypp, zypper, opensc, subversion, thunderbird, and xz), and Ubuntu (git, linux-bluefield, nginx, and subversion). --------------------------------------------- https://lwn.net/Articles/891182/ ∗∗∗ Apache Subversion: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Apache Subversion ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0436 ∗∗∗ Citrix Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- Original release date: April 12, 2022Citrix has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the following Citrix security bulletins and apply the necessary updates. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/04/12/citrix-releases-s… ∗∗∗ Motorola Android App Vulnerabilities ∗∗∗ --------------------------------------------- Some Motorola Android applications do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. [..] Update to latest version of the applications in the Product Impact section below. App Name: 'Ready For', 'Device Help' --------------------------------------------- http://support.lenovo.com/product_security/PS500482-MOTOROLA-ANDROID-APP-VU… ∗∗∗ ThinkPad BIOS Vulnerabilities ∗∗∗ --------------------------------------------- The following vulnerabilities were reported in ThinkPad BIOS. CVE IDs: CVE-2022-1107, CVE-2022-1108 Update system firmware to the version (or newer) indicated for your model [..] --------------------------------------------- http://support.lenovo.com/product_security/PS500480-THINKPAD-BIOS-VULNERABI… ∗∗∗ Lenovo System Update Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. --------------------------------------------- http://support.lenovo.com/product_security/PS500483-LENOVO-SYSTEM-UPDATE-PR… ∗∗∗ Spring Framework Data Binding Rules Vulnerability (CVE-2022-22968) ∗∗∗ --------------------------------------------- While investigating the Spring Framework RCE vulnerability CVE-2022-22965 and the suggested workaround, we realized that the disallowedFields configuration setting on WebDataBinder is not intuitive and is not clearly documented. We have fixed that but also decided to be on the safe side and announce a follow-up CVE, in order to ensure application developers are alerted and have a chance to review their configuration. --------------------------------------------- https://spring.io/blog/2022/04/13/spring-framework-data-binding-rules-vulne… ∗∗∗ Bentley Security Advisory BE-2022-0006: IFC File Parsing Vulnerabilities in MicroStation and MicroStation-based applications ∗∗∗ --------------------------------------------- https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006 ∗∗∗ Security Bulletin: IBM Security SOAR is affected but not classified as vulnerable to remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-affe… ∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to arbitrary code exection due to Apache Log4j (CVE-2022-23307) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact… ∗∗∗ Security Bulletin: Publicly disclosed vulnerability in GNU binutils affects IBM Netezza Analytics for NPS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Valmet DNA ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-102-01 ∗∗∗ Mitsubishi Electric MELSEC-Q Series C Controller Module ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-102-02 ∗∗∗ Inductive Automation Ignition ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-102-03 ∗∗∗ Mitsubishi Electric GT25-WLAN ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-102-04 ∗∗∗ Aethon TUG Home Base Server ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-102-05 ∗∗∗ NetApp Active IQ Unified Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500484-NETAPP-ACTIVE-IQ-UNIFIE… ∗∗∗ Post-Auth Arbitrary File Read vulnerability Impacting End-Of-Life SRA Appliances and End-Of-Support SMA100 firmware versions ∗∗∗ --------------------------------------------- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0006 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.04.2022
by Daily end-of-shift report 12 Apr '22

12 Apr '22

===================== = End-of-Day report = ===================== Timeframe: Montag 11-04-2022 18:00 − Dienstag 12-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Qbot malware switches to new Windows Installer infection vector ∗∗∗ --------------------------------------------- The Qbot botnet is now pushing malware payloads via phishing emails with password-protected ZIP archive attachments containing malicious MSI Windows Installer packages. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qbot-malware-switches-to-new… ∗∗∗ Discord-Konten im Visier von Cyberkriminellen ∗∗∗ --------------------------------------------- Seit Jahresanfang sehen GDatas Sicherheitsforscher einen Anstieg an Malware, die Zugangstoken zu Discord stehlen will. Nutzer sollten Maßnahmen ergreifen. --------------------------------------------- https://heise.de/-6669765 ∗∗∗ Terrible cloud security is leaving the door open for hackers. Heres what youre doing wrong ∗∗∗ --------------------------------------------- A rise in hybrid work and a shift to cloud platforms has changed how businesses operate - but its also leaving them vulnerable to cyberattacks. --------------------------------------------- https://www.zdnet.com/article/terrible-cloud-security-is-leaving-the-door-o… ∗∗∗ Industroyer2: Industroyer reloaded ∗∗∗ --------------------------------------------- This ICS-capable malware targets a Ukrainian energy company --------------------------------------------- https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/ ∗∗∗ F5 investigating reports of NGINX zero day ∗∗∗ --------------------------------------------- UPDATE 4/12: On Monday evening, NGINX released a blog about the issue, writing that it only affects reference implementations and does not affect NGINX Open Source or NGINX Plus. The company said deployments of the LDAP reference implementation are affected by the vulnerabilities if command-line parameters are used to configure the Python daemon, if there are unused, optional configuration parameters and if LDAP authentication depends on specific group membership. --------------------------------------------- https://therecord.media/f5-investigating-reports-of-nginx-zero-day/ ∗∗∗ SystemBC Being Used by Various Attackers ∗∗∗ --------------------------------------------- SystemBC is a proxy malware that has been used by various attackers for the last few years. While it is recently distributed through SmokeLoader or Emotet, this malware has steadily been used in various ransomware attacks in the past. When an attacker attempts to access a certain address with malicious intent, the system can be used as a passage if the infected system utilizes SystemBC, which acts as a Proxy Bot. --------------------------------------------- https://asec.ahnlab.com/en/33600/ ===================== = Vulnerabilities = ===================== ∗∗∗ Critical LFI Vulnerability Reported in Hashnode Blogging Platform ∗∗∗ --------------------------------------------- Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, servers IP address, and other network information. --------------------------------------------- https://thehackernews.com/2022/04/critical-lfi-vulnerability-reported-in.ht… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (thunderbird and usbguard), Fedora (containerd, firefox, golang-github-containerd-imgcrypt, nss, and vim), Oracle (firefox, kernel, kernel-container, and thunderbird), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (libexif, mozilla-nss, mysql-connector-java, and qemu), and Ubuntu (libarchive and python-django). --------------------------------------------- https://lwn.net/Articles/891048/ ∗∗∗ Amazon RDS Vulnerability Led to Exposure of Credentials ∗∗∗ --------------------------------------------- Amazon Web Services (AWS) on Monday announced that it recently addressed a vulnerability in Amazon Relational Database Service (RDS) that could lead to the exposure of internal credentials. --------------------------------------------- https://www.securityweek.com/amazon-rds-vulnerability-led-exposure-credenti… ∗∗∗ SSA-350757 V1.0: Improper Access Control Vulnerability in TIA Portal Affecting S7-1200 and S7-1500 CPUs Web Server (Incl. Related ET200 CPUs and SIPLUS variants) ∗∗∗ --------------------------------------------- An attacker could achieve privilege escalation on the web server of certain devices configured by SIMATIC STEP 7 (TIA Portal) due to incorrect handling of the webserverâ€™s user management configuration during downloading. This only affects the S7-1200 and S7-1500 CPUsâ€™ (incl.Â related ET200 CPUs and SIPLUS variants) web server, when activated. Siemens has released updates for several affected products and recommends to update to the latest versions. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-350757.txt ∗∗∗ SSA-392912 V1.0: Multiple Denial Of Service Vulnerabilities in SCALANCE W1700 Devices ∗∗∗ --------------------------------------------- Vulnerabilities have been identified in devices of the SCALANCE W-1700 (11ac) family that could allow an attacker to cause various denial of service conditions. Siemens has released updates for the affected products and recommends to update to the latest versions. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-392912.txt ∗∗∗ SSA-414513 V1.0: Information Disclosure Vulnerability in Mendix ∗∗∗ --------------------------------------------- An information disclosure vulnerability in Mendix applications was discovered. The vulnerability could allow to read sensitive data. Siemens has released an update for the Mendix Applications using Mendix 9 and recommends to update to the latest version. Siemens recommends countermeasures for products where updates are not, or not yet available. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-414513.txt ∗∗∗ SSA-446448 V1.0: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack ∗∗∗ --------------------------------------------- The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-446448.txt ∗∗∗ SSA-557541 V1.0: Denial-of-Service Vulnerability in SIMATIC S7-400 CPUs ∗∗∗ --------------------------------------------- SIMATIC S7-400 CPU devices contain an input validation vulnerability that could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations. Siemens has released an update for SIMATIC S7-410 V10 CPU family and SIMATIC S7-400 H V6 CPU family (incl.Â SIPLUS variants for both) and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not yet --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-557541.txt ∗∗∗ SSA-655554 V1.0: Multiple Vulnerabilities in SIMATIC Energy Manager before V7.3 Update 1 ∗∗∗ --------------------------------------------- SIMATIC Energy Manager is affected by multiple vulnerabilities that could allow an attacker to gain local privilege escalation, local code execution or remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-655554.txt ∗∗∗ SSA-711829 V1.0: Denial of Service Vulnerability in TIA Administrator ∗∗∗ --------------------------------------------- In conjunction with the installation of the affected products listed in the table below, a vulnerability in TIA Administrator occurs that could allow an unauthenticated attacker to perform a denial of service attack. Siemens has released a first update for one of the affected products and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-711829.txt ∗∗∗ SSA-836527 V1.0: Multiple Vulnerabilities in SCALANCE X-300 Switch Family Devices ∗∗∗ --------------------------------------------- Several SCALANCE X-300 switches contain multiple vulnerabilities. An unauthenticated attacker could reboot, cause denial of service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-836527.txt ∗∗∗ SSA-870917 V1.0: Improper Access Control Vulnerability in Mendix ∗∗∗ --------------------------------------------- When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field. Siemens has released updates for the affected products and recommends to update to the latest versions. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-870917.txt ∗∗∗ SSA-998762 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.1.2 ∗∗∗ --------------------------------------------- Siemens Simcenter Femap versions before V2022.1.2 are affected by vulnerabilities that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or potentially perform remote code execution in the context of the current process. Siemens recommends to update to the latest version line of Simcenter Femap and to avoid opening of untrusted files --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-998762.txt ∗∗∗ SSA-316850: Unauthenticated File Access in SICAM A8000 Devices ∗∗∗ --------------------------------------------- SICAM A8000 CP-8050 and CP-8031 devices contain vulnerabilities that could allow an attacker to access files without authentication. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-316850.txt ∗∗∗ SAP Patchday April 2022 ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K22-0414 ∗∗∗ Citrix SD-WAN Security Bulletin for CVE-2022-27505 and CVE-2022-27506 ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX370550 ∗∗∗ Citrix StoreFront Security Bulletin for CVE-2022-27503 ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX377814 ∗∗∗ Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827 ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX341455 ∗∗∗ PHOENIX CONTACT: Multiple Linux component vulnerabilities fixed in latest AXC F x152 LTS release ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-010/ ∗∗∗ PHOENIX CONTACT: mGuard Device Manager affected by HTTP Request Smuggling of Apache Webserver ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-014/ ∗∗∗ PHOENIX CONTACT: Multiple products affected by possible infinite loop within OpenSSL library ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-013/ ∗∗∗ Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Spring Framework ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrat… ∗∗∗ Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrat… ∗∗∗ Security Bulletin: IBM Maximo For Civil infrastructure is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-for-civil-infr… ∗∗∗ Security Bulletin: Vulnerability which affects Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-which-affec… ∗∗∗ Security Bulletin: IBM Process Mining is vulnerable to Prototype Pollution due to json-schema CVE-2021-3918 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vul… ∗∗∗ Security Bulletin: Vulnerabilities in Dojo and dom4j libraries affect Tivoli Netcool/OMNIbus WebGUI (CVE-2020-10683, CVE-2021-23450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-dojo-a… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Performance Management products (CVE-2021-23450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-… ∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServers that use the Box connector may be vulnerable to arbitrary code execution due to CVE-2021-23555 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ Security Bulletin: Multiple Vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to CKEditor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrat… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.04.2022
by Daily end-of-shift report 11 Apr '22

11 Apr '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-04-2022 18:00 − Montag 11-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Android banking malware takes over calls to customer support ∗∗∗ --------------------------------------------- A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a banks customer support number and connect the victim directly with the cybercriminals operating the malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-banking-malware-take… ∗∗∗ Security: OpenSSH 9.0 veröffentlicht ∗∗∗ --------------------------------------------- Die neue Version von OpenSSH bringt unter anderem eine Härtung gegen Faktorisierungsattacken mit zukünftigen Quantencomputern mit. --------------------------------------------- https://www.golem.de/news/security-openssh-9-0-veroeffentlicht-2204-164550-… ∗∗∗ Method For String Extraction Filtering, (Sat, Apr 9th) ∗∗∗ --------------------------------------------- In diary entry "XLSB Files: Because Binary is Stealthier Than XML", Xavier shows how to extract strings (URLs) from binary files that make up an Excel spreadsheet. This inspired me to make a tool to parse this XLSB file format: "Quickie: Parsing XLSB Documents". Now I'm presenting another method, one that uses string analysis. --------------------------------------------- https://isc.sans.edu/diary/rss/28532 ∗∗∗ Mirai-Botnet missbraucht Spring4Shell-Sicherheitsleck ∗∗∗ --------------------------------------------- Sicherheitsforscher haben beobachtet, dass das Mirai-Botnet die Spring4Shell-Schwachstelle angreift und dadurch die Malware verbreitet. --------------------------------------------- https://heise.de/-6668646 ∗∗∗ Denonia cryptominer is first malware to target AWS Lambda ∗∗∗ --------------------------------------------- There is now malware in serverless environments. Dubbed Denonia, it specifically targets the AWS Lambda to perform cryptojacking. --------------------------------------------- https://blog.malwarebytes.com/business-2/2022/04/denonia-cryptominer-is-fir… ∗∗∗ Octo Android Trojan Allows Cybercrooks to Conduct On-Device Fraud ∗∗∗ --------------------------------------------- Threat Fabric security researchers have analyzed an Android banking trojan that allows its operators to perform on-device fraud. --------------------------------------------- https://www.securityweek.com/octo-android-trojan-allows-cybercrooks-conduct… ∗∗∗ Think Like a Criminal: Knowing Popular Attack Techniques to Stop Bad Actors Faster ∗∗∗ --------------------------------------------- Analyzing the attack goals of adversaries is important to be able to better align defenses against the speed of changing attack techniques. By focusing on a handful of techniques, you can effectively shut down malware’s methods of choice for getting in and making itself at home. To achieve this, you need to know which key areas to be focusing on in the coming months. --------------------------------------------- https://www.securityweek.com/think-criminal-knowing-popular-attack-techniqu… ∗∗∗ Love-Scam - Wie unterstütze ich Betroffene? ∗∗∗ --------------------------------------------- Hilfe! Mein Mutter, mein Onkel, meine Bekannte liebt eine:n Internetbetrüger:in. Für Außenstehende ist der Fall meist klar: Die Internetliebe ist ein:e Betrüger:in. Das Opfer möchte dies aber nicht glauben und überweist immer wieder Geld. Was tun? Wie können Sie Opfer von Liebesbetrüger:innen unterstützen? --------------------------------------------- https://www.watchlist-internet.at/news/love-scam-wie-unterstuetze-ich-betro… ∗∗∗ New SolarMarker (Jupyter) Campaign Demonstrates the Malware's Changing Attack Patterns ∗∗∗ --------------------------------------------- A new version of SolarMarker malware appears to upgrade evasion abilities and demonstrates that the infostealer and backdoor continues to evolve. --------------------------------------------- https://unit42.paloaltonetworks.com/solarmarker-malware/ ∗∗∗ Insider-Bedrohungen greifen nach außen ∗∗∗ --------------------------------------------- Wenn Mitarbeiter auf eigene Faust zum Cyberkrieger werden wollen, kann das die Unternehmenssicherheit ebenso gefährden wie traditionelle Insider- und externe Bedrohungen, berichtet Andreas Riepen, Regional Sales Director Central Europe bei Vectra AI, in einem Gastbeitrag. --------------------------------------------- https://www.zdnet.de/88400523/insider-bedrohungen-greifen-nach-aussen/ ∗∗∗ Cyber-Sicherheit im Gesundheitswesen ∗∗∗ --------------------------------------------- Das Gesundheitswesen ist nach wie vor einer der am häufigsten durch Hacker angegriffenen Bereiche. Lieder wurden in der Vergangenheit entsprechende Hausaufgaben lange aufgeschobene. --------------------------------------------- https://www.borncity.com/blog/2022/04/10/cyber-sicherheit-im-gesundheitswes… ===================== = Vulnerabilities = ===================== ∗∗∗ Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now! ∗∗∗ --------------------------------------------- A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it. --------------------------------------------- https://nakedsecurity.sophos.com/2022/04/08/popular-ruby-asciidoc-toolkit-p… ∗∗∗ Spring: It isnt just about Spring4Shell. Spring Cloud Function Vulnerabilities are being probed too., (Mon, Apr 11th) ∗∗∗ --------------------------------------------- Our "First Seen URL" page did show attempts to access /actuator/gateway/routes this weekend. So I dug in a bit deeper to see what these scans are all about. [...] The scan for /actuator/gateway/routes may be looking for systems that are possibly vulnerable to CVE-2022-22947 or other vulnerabilities in the Spring Cloud function (we had at least three different vulnerabilities recently). --------------------------------------------- https://isc.sans.edu/diary/rss/28538 ∗∗∗ ABB Cyber Security Advisory: ARM600 M2M Gateway NSS library and polkit vulnerabilities ∗∗∗ --------------------------------------------- These vulnerabilities affect cryptographic libraries and privilege handling. Subsequently, a successful exploit could allow attackers to execute code with root user privileges or to elevate a non-privileged user to a privileged user. --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2NGA001254&Language… ∗∗∗ ABB Cyber Security Advisory: Arctic Wireless Gateway Firewall vulnerability (CVE-2022-0947) ∗∗∗ --------------------------------------------- A vulnerability is found in the ABB Arctic wireless gateways in a specific configuration and when using firmware versions from 2.4.0 or later until version 3.4.10. --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2NGA001253&Language… ∗∗∗ Verschlüsselungsschwächen in Datenmanagementsoftware Dell EMC PowerScale OneFS ∗∗∗ --------------------------------------------- Admins von Systemen mit Dell EMC PowerScale OneFS sollten die Software aus Sicherheitsgründen auf den aktuellen Stand bringen. --------------------------------------------- https://heise.de/-6668566 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gzip, libxml2, minidlna, openjpeg2, thunderbird, webkit2gtk, wpewebkit, xen, and xz-utils), Fedora (crun, unrealircd, and vim), Mageia (389-ds-base, busybox, flatpak, fribidi, gdal, python-paramiko, and usbredir), openSUSE (opera and seamonkey), Oracle (kernel and kernel-container), Red Hat (firefox), Scientific Linux (firefox), Slackware (libarchive), SUSE (389-ds, libsolv, libzypp, zypper, and python), and Ubuntu (python-django and tcpdump). --------------------------------------------- https://lwn.net/Articles/890936/ ∗∗∗ XSS vulnerability patched in Directus data engine platform ∗∗∗ --------------------------------------------- The platform is described as a "flexible powerhouse for engineers." --------------------------------------------- https://www.zdnet.com/article/xss-vulnerability-patched-in-directus-data-en… ∗∗∗ Webmin: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K22-0412 ∗∗∗ Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23806 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-v… ∗∗∗ Security Bulletin: Vulnerabilities have been identified in Apache Log4j and the application code shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been… ∗∗∗ Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to spoofing and clickjacking attacks due to swagger-ui (CVE-2018-25031, CVE-2021-46708) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: IBM Sterling Global Mailbox is vulnerable to denial of service due to Jackson-Databind (217968 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-global-mailb… ∗∗∗ Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to log4js-node CVE-2022-21704 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-au… ∗∗∗ Security Bulletin: A cross-site scripting (XSS) vulnerability may impact IBM Cúram Social Program Management(CVE-2021-39068) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-cross-site-scripting-xs… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in Google Gson (217225) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-manag… ∗∗∗ Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-24921 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-v… ∗∗∗ Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23772 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-v… ∗∗∗ Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23773 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-v… ∗∗∗ Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to node-request-retry CVE-2022-0654 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-au… ∗∗∗ Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2020-5421). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-spring… ∗∗∗ Security Bulletin: IBM Sterling B2B Integrator vulnerable to cross-site Ajax request vulnerability due to Prototype JavaScript (CVE-2008-7220) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrat… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple CVEs in Node.js ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-au… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.04.2022
by Daily end-of-shift report 08 Apr '22

08 Apr '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-04-2022 18:00 − Freitag 08-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Malicious web redirect service infects 16,500 sites to push malware ∗∗∗ --------------------------------------------- A new TDS (Traffic Direction System) operation called Parrot has emerged in the wild, having already infected servers hosting 16,500 websites of universities, local governments, adult content platforms, and personal blogs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malicious-web-redirect-servi… ∗∗∗ Mirai malware now delivered using Spring4Shell exploits ∗∗∗ --------------------------------------------- The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mirai-malware-now-delivered-… ∗∗∗ CVE-2021-30737, @xerubs 2021 iOS ASN.1 Vulnerability ∗∗∗ --------------------------------------------- Originally this post was just a series of notes I took last year as I was trying to understand this bug. But the bug itself and the narrative around it are so fascinating that I thought it would be worth writing up these notes into a more coherent form to share with the community. --------------------------------------------- https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-i… ∗∗∗ Public Report – Google Enterprise API Security Assessment ∗∗∗ --------------------------------------------- During the autumn of 2021, Google engaged NCC Group to perform a review of the Android 12 Enterprise API to evaluate its compliance with the Security Technical Implementation Guides (STIG) matrix provided by Google. --------------------------------------------- https://research.nccgroup.com/2022/04/07/public-report-google-enterprise-ap… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libtiff), Debian (chromium), Fedora (buildah and chromium), openSUSE (firefox), SUSE (firefox, libsolv, libzypp, and openjpeg2), and Ubuntu (firefox and python-oslo.utils). --------------------------------------------- https://lwn.net/Articles/890718/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM SPSS Analytic Server is vulnerable to LDAP Injection (CVE-2021-39031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spss-analytic-server-… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2021-22931) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2022-21824) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-relea… ∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site request forgery (CVE-2020-4668) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrat… ∗∗∗ Security Bulletin: Vulnerability in json4j – CVE-2021-3918 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-json4j-c… ∗∗∗ Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-wo… ∗∗∗ Security Bulletin: Apache Log4j vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilit… ∗∗∗ Security Bulletin: LDAP vulnerability in WebSphere Liberty Profile can affect IBM InfoSphere Global Name Management ENS (CVE-2021-39031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ldap-vulnerability-in-web… ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2022-0004.html ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0405 ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0406 ∗∗∗ Microsoft Edge 100.0.1185.36 fixt Schwachstelle ∗∗∗ --------------------------------------------- https://www.borncity.com/blog/2022/04/08/microsoft-edge-100-0-1185-36-fixt-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.04.2022
by Daily end-of-shift report 07 Apr '22

07 Apr '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-04-2022 18:00 − Donnerstag 07-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New FFDroider malware steals Facebook, Instagram, Twitter accounts ∗∗∗ --------------------------------------------- A new information stealer named FFDroider has emerged, stealing credentials and cookies stored in browsers to hijack victims social media accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-ffdroider-malware-steals… ∗∗∗ A Bad Luck BlackCat ∗∗∗ --------------------------------------------- A new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, but the group is also known as BlackCat. --------------------------------------------- https://securelist.com/a-bad-luck-blackcat/106254/ ∗∗∗ What is BIMI and how is it supposed to help with Phishing., (Thu, Apr 7th) ∗∗∗ --------------------------------------------- Phishing works because it is hard to figure out if an email or a website is authentic. Over the years, many technical solutions have been implemented to make it easier to recognize valid senders or a valid website. --------------------------------------------- https://isc.sans.edu/diary/rss/28528 ∗∗∗ SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps ∗∗∗ --------------------------------------------- As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. --------------------------------------------- https://thehackernews.com/2022/04/sharkbot-banking-trojan-resurfaces-on.html ∗∗∗ Whatsapp-Kettenbrief: "Milka" erneut Köder für gefälschte Gewinnspiele ∗∗∗ --------------------------------------------- Kriminelle werden nicht müde, die Schokoladenmarke für ihre Zwecke zu nutzen. Erst recht kurz vor Ostern. --------------------------------------------- https://heise.de/-6665629 ∗∗∗ DSGVO-Verstoß auf Ihrer Webseite? Lassen Sie sich nicht verunsichern! ∗∗∗ --------------------------------------------- Uns wurden zahlreiche E-Mails gemeldet, die auf einen DSGVO-Verstoß auf der Website von Unternehmen hinweisen. Das E-Mail bezieht sich auf die Verwendung von Google Analytics. Es besteht kein Grund zur Sorge, doch langfristig sollten Sie nach Alternativen zu dem Google-Dienst suchen. --------------------------------------------- https://www.watchlist-internet.at/news/dsgvo-verstoss-auf-ihrer-webseite-la… ∗∗∗ CISA Adds Three Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/04/06/cisa-adds-three-k… ∗∗∗ CVE-2022-26381: Gone by others! Triggering a UAF in Firefox ∗∗∗ --------------------------------------------- Memory corruption vulnerabilities have been well known for a long time and programmers have developed various methods to prevent them. One type of memory corruption that is very hard to prevent is the use-after-free and the reason is that it has too many faces! --------------------------------------------- https://www.thezdi.com/blog/2022/4/7/cve-2022-26381-gone-by-others-triggeri… ===================== = Vulnerabilities = ===================== ∗∗∗ Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug ∗∗∗ --------------------------------------------- American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago. --------------------------------------------- https://www.bleepingcomputer.com/news/security/palo-alto-networks-firewalls… ∗∗∗ Jetzt aktualisieren: VMware patcht teils kritische Sicherheitslücken ∗∗∗ --------------------------------------------- Mehrere VMware-Produkte sind von teils kritischen Lücken betroffen, durch die Angreifer Schadcode einschleusen könnten. Es gibt Updates und Gegenmaßnahmen. --------------------------------------------- https://heise.de/-6665440 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind), Debian (firefox-esr), Fedora (fribidi, gdal, and mingw-gdal), openSUSE (pdns-recursor and SDL2), Oracle (kernel), Slackware (mozilla), SUSE (glibc and openvpn-openssl1), and Ubuntu (fribidi and linux-azure-5.13, linux-oracle-5.13). --------------------------------------------- https://lwn.net/Articles/890620/ ∗∗∗ Multiple Cisco Security Products Simple Network Management Protocol Service Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings Java Deserialization Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Filter Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Secure Network Analytics Network Diagrams Application Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnera… ∗∗∗ Security Bulletin: Apache Log4j vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilit… ∗∗∗ April 6, 2022 TNS-2022-08 [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.20.1: Patch 202204.1 ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2022-08 ∗∗∗ VMSA-2022-0012 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2022-0012.html ∗∗∗ K51048910: Eclipse Jetty vulnerability CVE-2021-28169 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K51048910 ∗∗∗ Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin ∗∗∗ --------------------------------------------- https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulne… ∗∗∗ WEIDMUELLER: Multiple vulnerabilities in Modbus TCP/RTU Gateways ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-008/ ∗∗∗ Pepperl+Fuchs WirelessHART-Gateway ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01 ∗∗∗ ABB SPIET800 and PNI800 ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-097-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.04.2022
by Daily end-of-shift report 06 Apr '22

06 Apr '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-04-2022 18:00 − Mittwoch 06-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Microsoft detects Spring4Shell attacks across its cloud services ∗∗∗ --------------------------------------------- Microsoft said that its currently tracking a "low volume of exploit attempts" targeting the critical Spring4Shell (aka SpringShell) remote code execution (RCE) vulnerability across its cloud services. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-detects-spring4she… ∗∗∗ Windows MetaStealer Malware, (Wed, Apr 6th) ∗∗∗ --------------------------------------------- The malware abuses legitimate services by Github and transfer.sh to host these data binaries. All URLs, domains, and IP addresses were still active for the infection approximately 3 hours before I posted this diary. --------------------------------------------- https://isc.sans.edu/diary/rss/28522 ∗∗∗ Zero-Day-Lücken: Ältere macOS- und iOS-Versionen weiter angreifbar ∗∗∗ --------------------------------------------- Aktiv ausgenutzte Lücken hat Apple nur in iOS 15 und macOS 12 gestopft. Sicherheitsforschern zufolge sind aber auch ältere Betriebssystemversionen verwundbar. --------------------------------------------- https://heise.de/-6664730 ∗∗∗ Wenn der PC plötzlich steckenbleibt, nicht bei Microsoft anrufen! ∗∗∗ --------------------------------------------- Die Betrugsmasche, bei der sich Kriminelle als Microsoft-Angestellte ausgeben und ihre Opfer telefonisch kontaktieren, ist weitläufig bekannt. Aktuell erhalten Betroffene vermehrt keinen Anruf, sondern werden durch Pop-ups auf ihren Bildschirmen, die die Nutzung des Computers einschränken, zu Anrufen bewegt. Achtung: Nicht anrufen, sonst drohen Geld- und Datenverluste! --------------------------------------------- https://www.watchlist-internet.at/news/wenn-der-pc-ploetzlich-steckenbleibt… ∗∗∗ Fake e‑shops on the prowl for banking credentials using Android malware ∗∗∗ --------------------------------------------- This campaign was first identified at the end of 2021, with the attackers impersonating the legitimate cleaning service Maid4u. Distributed through Facebook ads, the campaign tempts potential victims to download Android malware from a malicious website. It is still ongoing as of the publication of this blogpost, with even more distribution domains registered after its discovery. In January 2022, MalwareHunterTeam shared three more malicious websites and Android trojans attributed to this campaign. --------------------------------------------- https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credent… ∗∗∗ Analyzing a “multilayer” Maldoc: A Beginner’s Guide ∗∗∗ --------------------------------------------- In this blog post, we will not only analyze an interesting malicious document, but we will also demonstrate the steps required to get you up and running with the necessary analysis tools. There is also a howto video for this blog post. --------------------------------------------- https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-… ===================== = Vulnerabilities = ===================== ∗∗∗ Fortinet Security Advisories (FortiClient, FortiEDR, FortiWAN) ∗∗∗ --------------------------------------------- * FortiClient (Linux) - Improper directories permissions * FortiClient (Linux) - external access to confighandler webserver * FortiClient (Windows) - privilege escalation in online installer due to incorrect working directory * FortiEDR - Denial of service due to folder access permission change * FortiEDR - Hardcoded AES key enable disabling local Collector * FortiEDR - Insecure RSA key transport * FortiWAN - Improper cryptographic operations in Dynamic Tunnel Protocol * FortiWAN - Pervasive OS command --------------------------------------------- https://www.fortiguard.com/psirt?date=04-2022 ∗∗∗ VMSA-2022-0011 ∗∗∗ --------------------------------------------- CVSSv3 Range: 5.3-9.8 CVE(s): CVE-2022-22954, CVE-2022-22955,CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 Synopsis: VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2022-0011.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (rizin), Fedora (fish, gdal, mingw-fribidi, mingw-gdal, mingw-openexr, mingw-python-pillow, mingw-python3, and python-pillow), Mageia (chromium-browser-stable), Oracle (Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel and kernel), Red Hat (kernel, kernel-rt, and Red Hat OpenStack Platform 16.2 (python-waitress)), Scientific Linux (kernel), Slackware (mozilla), SUSE (mozilla-nss), and Ubuntu (h2database). --------------------------------------------- https://lwn.net/Articles/890404/ ∗∗∗ Security Vulnerabilities fixed in Thunderbird 91.8 ∗∗∗ --------------------------------------------- CVE-2022-1097, CVE-2022-28281, CVE-2022-1197, CVE-2022-1196, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-24713, CVE-2022-28289 In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/ ∗∗∗ Spring Cloud Data Flow 2.9.4 Released ∗∗∗ --------------------------------------------- On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Cloud Dataflow 2.9.4 has been released and is now available from Maven Central. This release contains an update of the Spring Boot version and addresses a couple of CVEs. Notable Changes in 2.9.4: * Update to Spring Boot 2.5.12 * Resolves CVE-2022-22965 * Resolves CVE-2021-29425 --------------------------------------------- https://spring.io/blog/2022/04/05/spring-cloud-data-flow-2-9-4-released ∗∗∗ Improper Authentication Management Vulnerability in some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220406-… ∗∗∗ Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: Watson Query potentially exposes adminstrator's key under some conditions due to CVE-2022-22410 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-watson-query-potentially-… ∗∗∗ Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2021-38893 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: Vulnerabilities with Apache HTTP Server affect IBM Cloud Object Storage Systems (Apr 2022 V1) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-apac… ∗∗∗ K49419538: libxml2 vulnerability CVE 2016-4658 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K49419538?utm_source=f5support&utm_mediu… ∗∗∗ WAGO: Multiple Products affected by Linux Kernel Vulnerability Dirty Pipe ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-009/ ∗∗∗ LifePoint Informatics Patient Portal ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-22-095-01 ∗∗∗ Rockwell Automation ISaGRAF ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-095-01 ∗∗∗ Johnson Controls Metasys ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-095-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.04.2022
by Daily end-of-shift report 05 Apr '22

05 Apr '22

===================== = End-of-Day report = ===================== Timeframe: Montag 04-04-2022 18:00 − Dienstag 05-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ WhatsApp voice message phishing emails push info-stealing malware ∗∗∗ --------------------------------------------- A new WhatsApp phishing campaign impersonating WhatsApps voice message feature has been discovered, attempting to spread information-stealing malware to at least 27,655 email addresses. --------------------------------------------- https://www.bleepingcomputer.com/news/security/whatsapp-voice-message-phish… ∗∗∗ SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965 ∗∗∗ --------------------------------------------- Microsoft provides guidance for customers looking for protection against exploitation and ways to detect vulnerable installations on their network of the critical vulnerability CVE-2022-22965, also known as SpringShell or Spring4Shell. --------------------------------------------- https://www.microsoft.com/security/blog/2022/04/04/springshell-rce-vulnerab… ∗∗∗ WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools, (Tue, Apr 5th) ∗∗∗ --------------------------------------------- Looking through my honeypot logs for some Spring4Shell exploits (I didn't find anything interesting), I came across this attempt to exploit an older WebLogic vulnerability (likely %%cve:2020-14882%% or %%cve:2020-14883%%). The exploit itself is "run of the mill," but the script downloaded is going through an excessively long list of competitors to disable and disabled cloud monitoring tools, likely to make detecting and response more difficult. --------------------------------------------- https://isc.sans.edu/diary/rss/28520 ∗∗∗ ZDI-22-547: (0Day) (Pwn2Own) Samsung Galaxy S21 Exposed Dangerous Method Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-547/ ∗∗∗ Phishing-Angriffe auf Kryptowährungssektor nach Einbruch bei MailChimp ∗∗∗ --------------------------------------------- Nach einem Einbruch beim Marketing-Mail-Anbieter MailChimp haben Cyberkriminelle versucht, per Phishing an Kryptowährungen von Krypto-Wallet-Kunden zu gelangen. --------------------------------------------- https://heise.de/-6662971 ∗∗∗ CISA advises D-Link users to take vulnerable routers offline ∗∗∗ --------------------------------------------- CISA has advised users to take certain vulnerable D-Link routers offline since the existing vulnerabilities are know to be actively exploited and the models have reached EOL and will not get patched. --------------------------------------------- https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/04/cisa-adv… ∗∗∗ Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter ∗∗∗ --------------------------------------------- Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.The infections leverage process injection to evade detection by endpoint security software. --------------------------------------------- http://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin—April 2022 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2022-04-05 or later address all of these issues. --------------------------------------------- https://source.android.com/security/bulletin/2022-04-01 ∗∗∗ Xen Security Advisory CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 / XSA-400 ∗∗∗ --------------------------------------------- IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues. The precise impact is system specific, but would likely be a Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be ruled out. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-400.html ∗∗∗ Xen Security Advisory CVE-2022-26357 / XSA-399 ∗∗∗ --------------------------------------------- race in VT-d domain ID cleanup. The precise impact is system specific, but would typically be a Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be ruled out. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-399.html ∗∗∗ Xen Security Advisory CVE-2022-26356 / XSA-397 ∗∗∗ --------------------------------------------- Racy interactions between dirty vram tracking and paging log dirty hypercalls. An attacker can cause Xen to leak memory, eventually leading to a Denial of Service (DoS) affecting the entire host. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-397.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (polkit, postgresql, and zlib), openSUSE (389-ds and opera), Red Hat (kpatch-patch), SUSE (389-ds and util-linux), and Ubuntu (waitress). --------------------------------------------- https://lwn.net/Articles/890258/ ∗∗∗ Kyocera Printer: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Kyocera Printer ausnutzen, um Informationen offenzulegen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0391 ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- This issue may allow privileged code in a guest VM to cause the host to crash or become unresponsive. The issue only affects systems with Intel CPUs where the malicious guest VM has had a physical PCI device assigned to it by the host administrator using the PCI passthrough feature. The issue has the following identifier: CVE-2022-26357 Customers who have not assigned a physical PCI device to a guest VM are not affected by this issue. Customers who are running on systems with only AMD CPUs are also not affected by this issue. --------------------------------------------- https://support.citrix.com/article/CTX390511 ∗∗∗ Sicherheitsupdate für Webbrowser Google Chrome ∗∗∗ --------------------------------------------- https://heise.de/-6662814 ∗∗∗ Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple issues within Red Hat UBI packages and the IBM WebSphere Application Server Liberty shipped with IBM MQ Operator v1.7 CD Release ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue… ∗∗∗ Security Bulletin: A security vulnerability has been identified in Dojo Toolkil shipped with IBM Tivoli Netcool Impact (CVE-2021-23450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Log4j vulnerability (CVE-2022-23302) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2021-39031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-22310) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: IBM Maximo Asset Management may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Log4j vulnerability (CVE-2022-23305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact… ∗∗∗ Security Bulletin: IBM MQ Appliance affected by account enumeration and denial of service vulnerabilities (CVE-2022-22356 and CVE-2022-22355) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected… ∗∗∗ Security Bulletin: One or more security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-one-or-more-security-vuln… ∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by gson vulnerability (C2021-0419) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact… ∗∗∗ K29855410: Vim vulnerabilities CVE-2022-0261, CVE-2022-0318, CVE-2022-0361, CVE-2022-0392, and CVE-2022-0413 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K29855410?utm_source=f5support&utm_mediu… ∗∗∗ K08827426: Vim vulnerability CVE-2022-0359 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K08827426?utm_source=f5support&utm_mediu… ∗∗∗ Security Vulnerabilities fixed in Firefox ESR 91.8 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/ ∗∗∗ Security Vulnerabilities fixed in Firefox 99 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.04.2022
by Daily end-of-shift report 04 Apr '22

04 Apr '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-04-2022 18:00 − Montag 04-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fake-Shop-Alarm: Vorsicht beim Online-Einkauf von Markenware! ∗∗∗ --------------------------------------------- Wer Markenkleidung oder -schuhe online kaufen will, sollte sich vergewissern, dass das Angebot seriös ist. Denn derzeit tauchen zahlreiche Fake-Shops auf, die angeben, beliebte Markenware zu verkaufen. Keine dieser betrügerischen Shops hat ein Impressum auf der Seite, die Webadresse hat außerdem nichts mit den angebotenen Waren zu tun. Das sind typische Merkmale für Fake-Shops und gute Gründe, hier nicht einzukaufen! --------------------------------------------- https://www.watchlist-internet.at/news/fake-shop-alarm-vorsicht-beim-online… ∗∗∗ Explaining Spring4Shell: The Internet security disaster that wasn’t ∗∗∗ --------------------------------------------- Vulnerability in the Spring Java Framework is important, but its no Log4Shell. --------------------------------------------- https://arstechnica.com/?p=1845362 ∗∗∗ Beastmode botnet boosts DDoS power with new router exploits ∗∗∗ --------------------------------------------- A Mirai-based distributed denial-of-service (DDoS) botnet tracked as Beastmode (aka B3astmode) has updated its list of exploits to include several new ones, three of them targeting various models of Totolink routers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/beastmode-botnet-boosts-ddos… ∗∗∗ Emptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet?, (Mon, Apr 4th) ∗∗∗ --------------------------------------------- In November, an accountant working for a construction company received an innocent enough-looking email: An update on the terms to submit bills to a local county. Seeing the email, the accountant clicked on the link and quickly downloaded the new document after entering their Outlook 365 credentials. The PDF looked all right but was something the accountant had already downloaded a couple of weeks ago from the county’s official website. [...] This, turns out, was a typical case of “business email compromise.” --------------------------------------------- https://isc.sans.edu/diary/rss/28516 ∗∗∗ WordPress Popunder Malware Redirects to Scam Sites ∗∗∗ --------------------------------------------- Over the last year we’ve seen an ongoing malware infection which redirects website visitors to scam sites. So far this year our monitoring has detected over 3,000 websites infected with this injection this year and over 17,000 in total since we first detected it in March of 2021. The reported behaviour is always the same: After a few seconds of loading, the website will redirect to a dodgy scam site. --------------------------------------------- https://blog.sucuri.net/2022/04/wordpress-popunder-malware-redirects-to-sca… ∗∗∗ Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles ∗∗∗ --------------------------------------------- A group of academics from the University of Oxford and Armasuisse S+T has disclosed details of a new attack technique against the popular Combined Charging System (CCS) that could potentially disrupt the ability to charge electric vehicles at scale. Dubbed "Brokenwire," the method interferes with the control communications that transpire between the vehicle and charger to wirelessly abort the abort the charging sessions from a distance of as far as 47m (151ft). --------------------------------------------- https://thehackernews.com/2022/04/brokenwire-hack-could-let-remote.html ∗∗∗ Deep Dive Analysis - Borat RAT ∗∗∗ --------------------------------------------- [...] During our regular OSINT research, Cyble Research Labs came across a new Remote Access Trojan (RAT) named Borat. Unlike other RATs, the Borat provides Ransomware, DDOS services, etc., to Threat Actors along with usual RAT features, further expanding the malware capabilities. --------------------------------------------- https://blog.cyble.com/2022/03/31/deep-dive-analysis-borat-rat/ ∗∗∗ FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 ∗∗∗ --------------------------------------------- Recent public research asserts threat groups sharing overlaps with FIN7 transitioned to targeted ransomware operations involving REVIL, DARKSIDE, BLACKMATTER, and ALPHV ransomware. With the purported shift to ransomware operations, Mandiant is publishing our research on the evolution of FIN7 which we haven’t publicly written about since Mahalo FIN7, published in 2019. --------------------------------------------- https://www.mandiant.com/resources/evolution-of-fin7 ∗∗∗ Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said ∗∗∗ --------------------------------------------- Email marketing firm Mailchimp announced on Monday that a hacker breached its internal tools and managed to gain access to 319 Mailchimp accounts for companies in the cryptocurrency and finance industries. --------------------------------------------- https://therecord.media/hacker-accessed-319-crypto-and-finance-related-mail… ∗∗∗ Kaseya Full Disclosure ∗∗∗ --------------------------------------------- In honor of our appearance on the Ransomware Files podcast episode #5 we are releasing the full details of the vulnerabilities we found during our research into Kaseya VSA of which some were used by REvil to attack Kaseya’s customers. The details can be found in our CVE entries: [...] --------------------------------------------- https://csirt.divd.nl/2022/04/04/Kaseya-VSA-Full-Disclosure/ ===================== = Vulnerabilities = ===================== ∗∗∗ 15-Year-Old Bug in PEAR PHP Repository Couldve Enabled Supply Chain Attacks ∗∗∗ --------------------------------------------- A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. --------------------------------------------- https://thehackernews.com/2022/04/15-year-old-bug-in-pear-php-repository.ht… ∗∗∗ FG-IR-22-059: Vulnerability in OpenSSL library ∗∗∗ --------------------------------------------- A security advisory was released affecting the version of OpenSSL library used in some Fortinet products. --------------------------------------------- https://fortiguard.fortinet.com/psirt/FG-IR-22-059 ∗∗∗ VMSA-2022-0010 ∗∗∗ --------------------------------------------- A critical vulnerability in Spring Framework project identified by CVE-2022-22965 has been publicly disclosed which impacts VMware products. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2022-0010.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (asterisk, qemu, and zlib), Fedora (389-ds-base, ghc-cmark-gfm, ghc-hakyll, gitit, libkiwix, openssl, pandoc, pandoc-citeproc, patat, phoronix-test-suite, seamonkey, and skopeo), Mageia (libtiff, openjpeg2, and php-smarty), openSUSE (python), Oracle (httpd), Red Hat (httpd), and SUSE (libreoffice, python, and python36). --------------------------------------------- https://lwn.net/Articles/890187/ ∗∗∗ Microsoft Edge 100.0.1185.29 fixt Schwachstellen ∗∗∗ --------------------------------------------- Microsoft hat zum 1. April 2022 (kein April-Scherz) den Chromium-Edge Browser auf die Version Edge 100.0.1185.29 aktualisiert. Es handelt sich um ein Wartungsupdate, das eine Reihe Schwachstellen schließt und den 100er-Entwicklungszweig einleitet. --------------------------------------------- https://www.borncity.com/blog/2022/04/02/microsoft-edge-100-0-1185-29-fixt-… ∗∗∗ Kaspersky Anti-Virus: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K22-0384 ∗∗∗ Vulnerability in Spring Framework Affecting Cisco Products: March 2022 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in Netty – CVE-2021-43797 may affect IBM Watson Assistant for IBM Cloud Pak for Data. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-netty-cv… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are vulnerable to arbitrary code execution due to Apache Log4j (CVE-2022-23307, CVE-2022-23302) and SQL injection due to Apache Log4j (CVE-2022-23305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-co… ∗∗∗ Security Bulletin: Cross-Site Scripting and information disclosure vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2022 (CVE-2021-29835, CVE-39046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-and-… ∗∗∗ Security Bulletin: IBM Spectrum Discover is vulnerable to Docker CLI (CVE-2021-41092) and Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) weaknesses ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-discover-is-… ∗∗∗ Security Bulletin: IBM Informix Dynamic Server in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-informix-dynamic-serv… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.04.2022
by Daily end-of-shift report 01 Apr '22

01 Apr '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 31-03-2022 18:00 − Freitag 01-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New BlackGuard password-stealing malware sold on hacker forums ∗∗∗ --------------------------------------------- A new information-stealing malware named BlackGuard is winning the attention of the cybercrime community, now sold on numerous darknet markets and forums for a lifetime price of $700 or a subscription of $200 per month. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-blackguard-password-stea… ∗∗∗ Viasat confirms satellite modems were wiped with AcidRain malware ∗∗∗ --------------------------------------------- A newly discovered data wiper malware that wipes routers and modems has been deployed in the cyberattack that targeted the KA-SAT satellite broadband service to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe. --------------------------------------------- https://www.bleepingcomputer.com/news/security/viasat-confirms-satellite-mo… ∗∗∗ Phishing uses Azure Static Web Pages to impersonate Microsoft ∗∗∗ --------------------------------------------- Phishing attacks are abusing Microsoft Azures Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/phishing-uses-azure-static-… ∗∗∗ FORCEDENTRY: Sandbox Escape ∗∗∗ --------------------------------------------- In this post we'll take a look at that sandbox escape. It's notable for using only logic bugs. In fact it's unclear where the features that it uses end and the vulnerabilities which it abuses begin. --------------------------------------------- https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.h… ∗∗∗ iOS-Updates: Automatik braucht mehrere Wochen ∗∗∗ --------------------------------------------- Wer will, dass sein iPhone auf aktuellem Stand ist, sollte händisch aktualisieren. Die automatische Verteilung braucht lange, bestätigt Apples Softwarechef. --------------------------------------------- https://heise.de/-6657879 ∗∗∗ CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) ∗∗∗ --------------------------------------------- CVE-2022-22965, aka SpringShell, is a remote code execution vulnerability in the Spring Framework. We provide a root cause analysis and mitigations. --------------------------------------------- https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/ ∗∗∗ The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities ∗∗∗ --------------------------------------------- The flaws can be exploited to execute code on vulnerable controllers and workstations. --------------------------------------------- https://www.zdnet.com/article/cisa-issues-alert-on-critical-ics-vulnerabili… ∗∗∗ Spring Framework RCE, Mitigation Alternative ∗∗∗ --------------------------------------------- Yesterday we announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcat’s side. While the vulnerability is not in Tomcat itself, in real world situations, it is important to be able to choose among multiple upgrade paths that in turn provides flexibility and layered protection. --------------------------------------------- https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternati… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins 2022-03-31 ∗∗∗ --------------------------------------------- IBM App Connect Enterprise Certified Container, IBM Sterling Partner Engagement Manager, IBM QRadar Network Security, IBM Security Access Manager for Enterprise, IBM Urbancode Deploy, IBM Tivoli Application Dependency Discovery Manager, IBM Tivoli Netcool Impact, Watson Knowledge Catalog InstaScan --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Kritische Sicherheitslücke: Gitlab-Update außer der Reihe ∗∗∗ --------------------------------------------- Die Gitlab-Entwickler haben ein Update veröffentlicht, um Sicherheitslücken zu schließen. Eine kritische Lücke könnte Angreifern die Kontoübernahme ermöglichen. --------------------------------------------- https://heise.de/-6660080 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (wireshark), Fedora (389-ds-base), Mageia (golang, wavpack, and zlib), openSUSE (yaml-cpp), SUSE (expat and yaml-cpp), and Ubuntu (linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-5.4, linux-azure, linux-gcp, linux-gcp-5.13, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-aws-hwe, linux-gcp-4.15, linux-oracle, linux-intel-5.13, and tomcat9). --------------------------------------------- https://lwn.net/Articles/889983/ ∗∗∗ Sicherheitsupdates: iOS 15.4.1 und macOS Monterey 12.3.1 ∗∗∗ --------------------------------------------- Apple hat zum 31. März 2022 zwei Sicherheitsupdates für macOS 12.3.1 (Monterey) und iOS/iPad OS 15.4.1 freigegeben. Diese schließen die Schwachstellen CVE-2022-22675 (in AppleAVD für iOS und macOS) und CVE-2022-22674 im macOS Intel Grafiktreiber. --------------------------------------------- https://www.borncity.com/blog/2022/04/01/sicherheitsupdates-ios-15-4-1-und-… ∗∗∗ K56241216: OpenLDAP vulnerabilities CVE-2020-25709 and CVE-2020-25710 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K56241216 ∗∗∗ K44994972: Linux kernel vulnerability CVE-2020-25704 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44994972 ∗∗∗ Schneider Electric SCADAPack Workbench ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-090-01 ∗∗∗ Hitachi Energy e-mesh EMS ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-090-02 ∗∗∗ Fuji Electric Alpha5 ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03 ∗∗∗ Mitsubishi Electric FA Products ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04 ∗∗∗ General Electric Renewable Energy MDS Radios ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-090-06 ∗∗∗ CISA Adds Seven Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/03/31/cisa-adds-seven-k… ∗∗∗ Mehrere Schwachstellen in ZA|ARC (SYSS-2021-063/-064/-065/-066/-067) ∗∗∗ --------------------------------------------- https://www.syss.de/pentest-blog/mehrere-schwachstellen-in-zaarc-syss-2021-… ∗∗∗ SA45100 - CVE-2022-0778-OpenSSL-Vulnerability may lead to DoS attack ∗∗∗ --------------------------------------------- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/CVE-2022-0778… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily April 2022