Daily

daily@lists.cert.at

1 participants
3182 discussions

Tageszusammenfassung - 03.06.2022
by Daily end-of-shift report 03 Jun '22

03 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-06-2022 18:00 − Freitag 03-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Chinese LuoYu hackers deploy cyber-espionage malware via app updates ∗∗∗ --------------------------------------------- A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy… ∗∗∗ Evil Corp switches to LockBit ransomware to evade sanctions ∗∗∗ --------------------------------------------- The Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets networks to evade sanctions imposed by the U.S. Treasury Departments Office of Foreign Assets Control (OFAC). --------------------------------------------- https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbi… ∗∗∗ Analysis of the Massive NDSW/NDSX Malware Campaign ∗∗∗ --------------------------------------------- Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive infections don’t go unnoticed by Sucuri and we immediately recognized that the infection in their writeup belonged to the campaign we internally refer to as “ndsw/ndsx” malware. --------------------------------------------- https://blog.sucuri.net/2022/06/analysis-massive-ndsw-ndsx-malware-campaign… ∗∗∗ Reich mit Öl? Vorsicht vor der betrügerischen Investment-Plattform „Öl-Profit“! ∗∗∗ --------------------------------------------- Noch nie war der Online-Ölhandel so einfach wie heute. Jede Person könne hier reich werden – ohne etwas über Öl oder Wirtschaft zu wissen. So heißt es in einem angeblichen Artikel der deutschen Tageszeitung BILD. --------------------------------------------- https://www.watchlist-internet.at/news/reich-mit-oel-vorsicht-vor-der-betru… ∗∗∗ Popping Eagle: How We Leveraged Global Analytics to Discover a Sophisticated Threat Actor ∗∗∗ --------------------------------------------- We observed a specially crafted DLL hijacking attack used by a previously unknown piece of malware that we dubbed Popping Eagle. --------------------------------------------- https://unit42.paloaltonetworks.com/popping-eagle-malware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Angriffe auf Code-Execution-Lücke bedrohen Confluence-Installationen ∗∗∗ --------------------------------------------- Seit Anfang der Woche installieren Angreifer Backdoors über eine neue Lücke in Confluence. Admins sollten noch vor dem langen Wochenende Maßnahmen ergreifen. --------------------------------------------- https://heise.de/-7131081 ∗∗∗ GitLab Issues Security Patch for Critical Account Takeover Vulnerability ∗∗∗ --------------------------------------------- GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. --------------------------------------------- https://thehackernews.com/2022/06/gitlab-issues-security-patch-for.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cifs-utils, debian-security-support, and pypdf2), Fedora (fapolicyd, mariadb, openssl, and qt5-qtbase), Oracle (firefox, maven:3.5, maven:3.6, postgresql:10, postgresql:12, and postgresql:13), Red Hat (.NET 6.0, firefox, gzip, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, pcs, rsync, subversion, thunderbird, and zlib), Scientific Linux (thunderbird), Slackware (mozilla), SUSE (firefox, hdf5, suse-hpc, kernel-firmware, libarchive, patch, php8, and redis), and Ubuntu (cifs-utils and vim). --------------------------------------------- https://lwn.net/Articles/897016/ ∗∗∗ Security Bulletin: IBM Edge Application Manager is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-edge-application-mana… ∗∗∗ Security Bulletin: IBM DataPower Gateway Virtual Edition uses out of date ICU libraries in open-vm-tools ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vir… ∗∗∗ Security Bulletin: IBM Telco Network Cloud Manager – Performance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832,CVE-2022-23302 and CVE-2022-23305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-telco-network-cloud-m… ∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to improper input validation in Spring Framework (CVE-2022-22950) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-service… ∗∗∗ Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Kerberos ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-aff… ∗∗∗ Security Bulletin: IBM Flex System switch firmware products are affected by a vulnerability in glibc (CVE-2021-35942) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-fi… ∗∗∗ Security Bulletin: IBM RackSwitch firmware products are affected by a vulnerability in glibc (CVE-2021-35942) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-p… ∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthenticated attacker obtaining sensitive information and other attacks due to multiple vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java… ∗∗∗ Security Bulletin: IBM Spectrum Protect Plus may disclose sensitive information in virgo log file (CVE-2022-22396) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-plus… ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0682 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.06.2022
by Daily end-of-shift report 02 Jun '22

02 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 01-06-2022 18:00 − Donnerstag 02-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Conti ransomware targeted Intel firmware for stealthy attacks ∗∗∗ --------------------------------------------- Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-in… ∗∗∗ Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks ∗∗∗ --------------------------------------------- As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns. --------------------------------------------- https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.ht… ∗∗∗ Europol: FluBot-Infrastruktur unter Kontrolle von Strafverfolgern ∗∗∗ --------------------------------------------- Internationale Strafverfolger konnten die SMS-basierte Android-Spyware FluBot einbremsen. Dies gelang durch die Übernahme der FluBot-Infrastruktur. --------------------------------------------- https://heise.de/-7130270 ∗∗∗ Warnung vor Spoofing mit BSI-Rufnummer ∗∗∗ --------------------------------------------- Das BSI erhält derzeit Meldungen, dass vermehrte Anrufe mit der Rufnummer des BSI und einer zweistelligen Durchwahl erfolgen. Es handelt sich nicht um Anrufe des BSI. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldunge… ∗∗∗ Vorsicht Telefon-Betrug: Tonbandstimme lockt in die Falle! ∗∗∗ --------------------------------------------- Zahlreiche Meldungen berichten von Anrufen einer Tonbandstimme, die dazu auffordert auf die Taste 1 zu drücken. Folgen Sie den Anweisungen nicht! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-telefon-betrug-tonbandstimm… ===================== = Vulnerabilities = ===================== ∗∗∗ SearchNightmare: Windows 10 search-ms: URI Handler 0-day Exploit mit Office 2019 ∗∗∗ --------------------------------------------- Nach der Entdeckung des Missbrauchs der Follina-Schwachstelle (CVE-2022-30190) über das Windows ms-msdt-Protokolls wird diese Bastion "sturmreif" geschossen. Ein Hacker hat sich den search-ms: URI Handler in Windows 10 angesehen und einen ähnlichen Exploit wie Follina entwickelt. --------------------------------------------- https://www.borncity.com/blog/2022/06/02/searchnightmare-windows-10-search-… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (thunderbird and vim), Red Hat (firefox, postgresql:10, postgresql:12, and postgresql:13), Scientific Linux (firefox and rsyslog), SUSE (hdf5, hdf5, suse-hpc, postgresql14, rubygem-yajl-ruby, and udisks2), and Ubuntu (imagemagick and influxdb). --------------------------------------------- https://lwn.net/Articles/896896/ ∗∗∗ Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks ∗∗∗ --------------------------------------------- Millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability discovered recently by researchers at cybersecurity firm Check Point. --------------------------------------------- https://www.securityweek.com/millions-budget-smartphones-unisoc-chips-vulne… ∗∗∗ Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2022-0391) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-usin… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in Node.js affects IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability CVE-2021-35550 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-manage… ∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-v… ∗∗∗ Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-common-licensing-is-v… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Java SE that could allow an unauthenticated attacker to obtain sensitive information affect IBM® Db2®. (CVE-2021-35603, CVE-2021-35550, CVE-2021-2341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Vulnerability in Nginx affects IBM Cloud Private and could allow a remote attacker to obtain sensitive information (177988) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nginx-af… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: Watson Machine Learning Accelerator is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-watson-machine-learning-a… ∗∗∗ Security Bulletin: CVE-2022-21299 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2022-21299-may-affect… ∗∗∗ Security Bulletin: HMC is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-hmc-is-affected-but-not-c… ∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting due to Angular (220414) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-v… ∗∗∗ Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-manage… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-v… ∗∗∗ Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities – IBM JDK 8.0.7.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-usin… ∗∗∗ Security Bulletin: IBM Robotic Process Automation is vulnerable to cross tenant information exposure (CVE-2022-22506) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-autom… ∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: CVE-2021-35561 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35561-may-affect… ∗∗∗ Long Term Support Channel Update for ChromeOS ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2022/05/long-term-support-channel-upda… ∗∗∗ Security Vulnerabilities fixed in Firefox for iOS 101 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-23/ ∗∗∗ Autodesk AutoCAD: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0677 ∗∗∗ Illumina Local Run Manager ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-153-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.06.2022
by Daily end-of-shift report 01 Jun '22

01 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 31-05-2022 18:00 − Mittwoch 01-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Zero-Day-Lücke: Erste Cybergangs greifen MSDT-Sicherheitslücke an ∗∗∗ --------------------------------------------- Die Zero-Day-Lücke von Microsoft wird inzwischen von Cybergangs für Angriffe missbraucht. Der Hersteller ordnete das Problem erst falsch als irrelevant ein. --------------------------------------------- https://heise.de/-7128265 ∗∗∗ FluBot Android malware operation shutdown by law enforcement ∗∗∗ --------------------------------------------- Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence. --------------------------------------------- https://www.bleepingcomputer.com/news/security/flubot-android-malware-opera… ∗∗∗ New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers ∗∗∗ --------------------------------------------- An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. --------------------------------------------- https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html ∗∗∗ New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email ∗∗∗ --------------------------------------------- A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. --------------------------------------------- https://thehackernews.com/2022/06/new-unpatched-horde-webmail-bug-lets.html ∗∗∗ Watch out for phishing emails that inject spyware trio ∗∗∗ --------------------------------------------- You wait for one infection and then three come along at once. An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2022/06/01/phishing-rat… ∗∗∗ Certificate Transparency data is used to compromise WordPress before installation ∗∗∗ --------------------------------------------- Recently in the community forums of WordPress and Lets Encrypt, reports have shown up about webshells on freshly installed WordPress blogs that were later used for DDoS attacks. --------------------------------------------- https://www.feistyduck.com/bulletproof-tls-newsletter/issue_89_certificate_… ∗∗∗ AA22-152A: Karakurt Data Extortion Group ∗∗∗ --------------------------------------------- The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group, also known as the Karakurt Team and Karakurt Lair. --------------------------------------------- https://us-cert.cisa.gov/ncas/alerts/aa22-152a ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libjpeg-turbo, webkit2gtk, and wpewebkit), Fedora (golang-github-opencontainers-runc, mingw-pcre2, python-jwt, python-ujson, and weechat), Oracle (nodejs:16 and rsyslog), Red Hat (container-tools:3.0, expat, fapolicyd, kernel, kernel-rt, kpatch-patch, mariadb:10.3, postgresql:12, rsyslog and rsyslog7, and zlib), Slackware (mozilla), SUSE (bind, dpdk, fribidi, hdf5, librelp, php74, postgresql12, and postgresql13), and Ubuntu (cups, linux-gcp-5.13, linux-oracle, linux-oracle-5.13, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/896803/ ∗∗∗ T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN28659051/ ∗∗∗ Security Advisory - Insufficient Input Verification Vulnerability In Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220601-… ∗∗∗ Security Bulletin: IBM® PureData System for Operational Analytics is vulnerable to arbitrary code execution, remote code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-puredata-system-for-o… ∗∗∗ Security Bulletin: IBM CICS TX Standard is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-standard-is-v… ∗∗∗ Security Bulletin: Vulnerability in bind (CVE-2021-25214) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-cve… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM CICS TX Advanced is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-advanced-is-v… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to code injection due to CVE-2022-29078 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-data-synchroni… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow an attacker to decrypt highly sensitive information(CVE-2022-22368) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: Vulnerability in Apache HTTP (CVE-2022-22720) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-h… ∗∗∗ K43541501: Intel CPU vulnerabilities CVE-2022-21131 and CVE-2022-21136 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43541501 ∗∗∗ Security Vulnerabilities fixed in Thunderbird 91.10 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/ ∗∗∗ BD Pyxis ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-22-151-01 ∗∗∗ BD Synapsys ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-22-151-02 ∗∗∗ Fuji Electric Alpha7 PC Loader ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-151-01 ∗∗∗ SSRF-Schwachstelle in Canto Cumulus (SYSS-2022-023) ∗∗∗ --------------------------------------------- https://www.syss.de/pentest-blog/ssrf-schwachstelle-in-canto-cumulus-syss-2… ∗∗∗ Microsoft Edge 102.0.1245.30 schließt Schwachstellen ∗∗∗ --------------------------------------------- https://www.borncity.com/blog/2022/06/01/microsoft-edge-102-0-1245-30-schli… ∗∗∗ Security Advisory: Multiple Vulnerabilities Impact 3CX Phone System ∗∗∗ --------------------------------------------- https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.05.2022
by Daily end-of-shift report 31 May '22

31 May '22

===================== = End-of-Day report = ===================== Timeframe: Montag 30-05-2022 18:00 − Dienstag 31-05-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Meeting Owl Pro: Konferenzeule hat viele Sicherheitslücken ∗∗∗ --------------------------------------------- Das Konferenzsystem Meeting Owl Pro sieht putzig aus, hat aber viele Sicherheitslücken, die auch nach vier Monaten nicht geschlossen wurden. --------------------------------------------- https://www.golem.de/news/meeting-owl-pro-konferenzeule-hat-viele-sicherhei… ∗∗∗ GSM-Codes: Whatsapp-Konten per Anruf übernehmen ∗∗∗ --------------------------------------------- Mit einer neuen Masche können Betrüger Whatsapp-Konten übernehmen. Nutzer sollen zum Anrufen dubioser Telefonnummern verleitet werden. --------------------------------------------- https://www.golem.de/news/gsm-codes-whatsapp-konten-per-anruf-uebernehmen-2… ∗∗∗ Over 3.6 million exposed MySQL servers on IPv4 and IPv6 ∗∗∗ --------------------------------------------- We have recently began scanning for accessible MySQL server instances on port 3306/TCP. These are instances that respond to our MySQL connection request with a Server Greeting. Surprisingly to us, we found around 2.3M IPv4 addresses responding with such a greeting to our queries. Even more surprisingly, we found over 1.3M IPv6 devices responding as well (though mostly associated with a single AS). IPv4 and IPv6 scans together uncover 3.6M accessible MySQL servers worldwide. --------------------------------------------- https://www.shadowserver.org/news/over-3-6m-exposed-mysql-servers-on-ipv4-a… ∗∗∗ Buchen Sie Ihre Unterkunft nicht auf ferienhaeuser-porec.de ∗∗∗ --------------------------------------------- ferienhaeuser-porec.de ist eine betrügerische Buchungswebseite für „Exklusive Villen und Ferienhäuser“ in Porec, Kroatien. Auf den ersten Blick wirkt die Webseite professionell. Das Impressum sowie das Foto der deutschen Inhaber stiften Vertrauen. Aber: Wer dort bucht und bezahlt verliert sein Geld und hat keine Unterkunft. --------------------------------------------- https://www.watchlist-internet.at/news/buchen-sie-ihre-unterkunft-nicht-auf… ∗∗∗ Nächste Runde: FluBot-Banking-Malware (Mai 2022) ∗∗∗ --------------------------------------------- Kleines Update in Sachen Flubot. Die Cyberkriminellen hinter FluBot greifen Smartphone-Nutzer in Europa mit einer Neuauflage ihrer Smishing-Kampagne an, um die Malware zum Stehlen persönlicher Banking-Daten auf mobilen Telefonen in Europa zu verbreiten. --------------------------------------------- https://www.borncity.com/blog/2022/05/31/nchste-rund-flubot-banking-malware… ∗∗∗ CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations ∗∗∗ --------------------------------------------- In this blogpost we discuss a zero-day topic for finding privilege escalation vulnerabilities discovered by Ahmad Mahfouz. It abuses applications like Software Center, which are typically used in large-scale environments for automated software deployment performed on demand by regular (i.e. unprivileged) users. --------------------------------------------- https://blog.nviso.eu/2022/05/31/cve-farming-through-software-center-a-grou… ===================== = Vulnerabilities = ===================== ∗∗∗ Zero-Day-Lücke in MS Office: Microsoft gibt Empfehlungen ∗∗∗ --------------------------------------------- Microsoft gibt Handlungsempfehlungen gegen die Zero-Day-Schwachstelle in Office. Angreifer könnten diese zum Einschleusen von Schadcode missbrauchen. --------------------------------------------- https://heise.de/-7126993 ∗∗∗ Content Management System: Sicherheitslücke in Drupal erlaubt Website-Übernahme ∗∗∗ --------------------------------------------- Die Sicherheitslücke findet sich nicht im eigentlichen Drupal-Code, sondern in der Drittherstellerbibliothek Guzzle. Darüber wickelt Drupal HTTP-Anfragen und -Antworten an externe Dienste ab. Das Guzzle-Projekt hat ein Update veröffentlicht, dass zwar nicht den Drupal-Core betreffe, jedoch Auswirkungen auf beigesteuerte Projekte oder individuell angepassten Code von Drupal-Seiten haben könnte. --------------------------------------------- https://heise.de/-7127268 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (haproxy, libdbi-perl, pjproject, spip, and trafficserver), Oracle (firefox, kernel, kernel-container, libvirt libvirt-python, and thunderbird), Red Hat (maven:3.5, maven:3.6, nodejs:16, postgresql, postgresql:10, and rsyslog), SUSE (gimp, helm-mirror, ImageMagick, mailman, openstack-neutron, pcmanfm, pcre2, postgresql10, and tiff), and Ubuntu (dpkg and freetype). --------------------------------------------- https://lwn.net/Articles/896721/ ∗∗∗ Siemens Healthineers SHSA-455016: Deserialization Vulnerability in Healthcare Products ∗∗∗ --------------------------------------------- https://www.siemens-healthineers.com/support-documentation/cybersecurity/sh… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-34798 and CVE-2021-39275) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin:IBM Common Licensing is affected but not classified as vulnerable by a remote code execution in Spring Framework (220575,CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletinibm-common-licensing-is-af… ∗∗∗ Security Bulletin: Vulnerability in IBM SDK, Java Technology (CVE-2022-21341, CVE-2022-21294, CVE-2022-21293 and CVE-2022-21248) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-sdk-… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL (CVE-2021-3712) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Vulnerabilities fixed in Firefox ESR 91.10 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/ ∗∗∗ Security Vulnerabilities fixed in Firefox 101 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.05.2022
by Daily end-of-shift report 30 May '22

30 May '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-05-2022 18:00 − Montag 30-05-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Clop ransomware gang is back, hits 21 victims in a single month ∗∗∗ --------------------------------------------- After effectively shutting down their entire operation for several months, between November and February, the Clop ransomware is now back according to NCC Group researchers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-is-back… ∗∗∗ New Windows Subsystem for Linux malware steals browser auth cookies ∗∗∗ --------------------------------------------- Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-windows-subsystem-for-li… ∗∗∗ New GoodWill Ransomware Forces Victims to Donate Money and Clothes to the Poor ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need. --------------------------------------------- https://thehackernews.com/2022/05/new-goodwill-ransomware-forces-victims.ht… ∗∗∗ Understanding CVE-2022-22972 (VMWare Workspace One Access Auth Bypass) ∗∗∗ --------------------------------------------- We’ve got a copy of the vulnerable version of VMWare Workspace One Access, and we’ve gone through the extremely boring process of setting it up (oh the joys of vulnerability research). At this stage, we want to try and narrow down exactly where this vulnerability exists in code. --------------------------------------------- https://blog.assetnote.io/2022/05/27/understanding-cve-2022-22972-vmware-wo… ∗∗∗ Bösartige Browser-Erweiterung: ChromeLoader kommt als ISO getarnt ∗∗∗ --------------------------------------------- Eine bösartige Erweiterung kann allen Browserverkehr über unerwünschte Server leiten und so Daten abschöpfen. ChromeLoader geht dabei trickreich vor. --------------------------------------------- https://heise.de/-7126317 ∗∗∗ Probleme mit Ihrer Lebensversicherung? Vorsicht vor Beratungsleistungen von konsumentenschuetzer.com ∗∗∗ --------------------------------------------- Im Internet finden Sie die Beratungsagentur „Konsumentenschützer“, die Ihren Vertrag prüft und bei Bedarf eine Klage bei Ihrer Versicherung einbringt. Wir raten zur Vorsicht. --------------------------------------------- https://www.watchlist-internet.at/news/probleme-mit-ihrer-lebensversicherun… ∗∗∗ Microsoft findet Schwachstellen in Apps großer Mobilfunkprovider (Mai 2022) ∗∗∗ --------------------------------------------- Das Microsoft 365 Defender Research Team hat in einem mobilen Framework von mce Systems einige Schwachstellen gefunden. --------------------------------------------- https://www.borncity.com/blog/2022/05/30/microsoft-findet-schwachstellen-in… ∗∗∗ Detecting BCD Changes To Inhibit System Recovery ∗∗∗ --------------------------------------------- Earlier this year, we observed a rise in malware that inhibits system recovery. This tactic is mostly used by ransomware and wiper malware. One notable example of such malware is “Hermetic wiper”. To inhibit recovery an attacker has many possibilities, one of which is changing the Boot Configuration Database (BCD). --------------------------------------------- https://blog.nviso.eu/2022/05/30/detecting-bcd-changes-to-inhibit-system-re… ∗∗∗ Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices ∗∗∗ --------------------------------------------- Alien Labs has discovered that EnemyBot is expanding its capabilities, exploiting recently identified vulnerabilities (2022), and now targeting IoT devices, web servers, Android devices and content management system (CMS) servers. --------------------------------------------- https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malw… ∗∗∗ GitHub RepoJacking Weakness Exploited in the Wild by Attackers ∗∗∗ --------------------------------------------- A logical flaw in GitHub allows attackers to take control over thousands of repositories, enabling the poisoning of popular open-source packages. This flaw is yet to be fixed and the steps to exploit it were recently published. --------------------------------------------- https://checkmarx.com/blog/github-repojacking-weakness-exploited-in-the-wil… ===================== = Vulnerabilities = ===================== ∗∗∗ New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme, (Mon, May 30th) ∗∗∗ --------------------------------------------- It was a long weekend for many European countries and it’s an off-day in the US but we were aware of a new attack vector for Microsoft Office documents. --------------------------------------------- https://isc.sans.edu/diary/rss/28694 ∗∗∗ Zero-Day-Lücke in Microsoft Office ermöglicht Codeschmuggel ∗∗∗ --------------------------------------------- Sicherheitsforscher haben ein Word-Dokument entdeckt, das beim Öffnen Schadcode nachladen und ausführen kann. Aktuelle Software scheint davor zu schützen. --------------------------------------------- https://heise.de/-7125635 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (modsecurity-apache, pngcheck, rsyslog, and smarty3), Fedora (firefox, golang-github-opencontainers-runc, gron, kernel, kernel-headers, kernel-tools, logrotate, mingw-pcre2, and rubygem-git), Mageia (admesh, chromium-browser-stable, golang, kernel, kernel-linus, and pidgin), Red Hat (firefox, openvswitch2.13, openvswitch2.15, openvswitch2.16, rsyslog, and thunderbird), SUSE (bind, curl, opera, pcp, postgresql12, and postgresql14), [...] --------------------------------------------- https://lwn.net/Articles/896640/ ∗∗∗ Security Bulletin: PowerVC installation on RHEL is vulnerable to MariaDB with CVE-2021-46669, CVE-2022-24048, MariaDB – 219814, MariaDB – 219815, CVE-2022-24050, CVE-2022-24052 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-powervc-installation-on-r… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a number of security vulnerabilities in Netty, which is used by Guardium (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A vulnerability exists in golang x/crypto (CVE-2020-9283) which is consumed by IBM CICS TX Standard ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in… ∗∗∗ Security Bulletin: A vulnerability exists in golang x/crypto (CVE-2020-9283) which is consumed by IBM CICS TX Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote attack due to Moment.js CVE-2022-24785 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-automation-assets-in-ibm-… ∗∗∗ Security Bulletin: Cross-Site Request Forgery vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2022-22361 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-request-forger… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by path traversal and crypto vulnerabilities (CVE-2021-29425, CVE-2021-39076) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ MariaDB: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0665 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.05.2022
by Daily end-of-shift report 27 May '22

27 May '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-05-2022 18:00 − Freitag 27-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ New ChromeLoader malware surge threatens browsers worldwide ∗∗∗ --------------------------------------------- The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable operation volume since the start of the year, which means that the malvertiser is now becoming a widespread threat. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-chromeloader-malware-sur… ∗∗∗ New ‘Cheers’ Linux ransomware targets VMware ESXi servers ∗∗∗ --------------------------------------------- A new ransomware named Cheers has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-… ∗∗∗ New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps ∗∗∗ --------------------------------------------- The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-ermac-20-android-malware… ∗∗∗ Microsoft shares mitigation for Windows KrbRelayUp LPE attacks ∗∗∗ --------------------------------------------- Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigation-… ∗∗∗ Windows 11 KB5014019 breaks Trend Micro ransomware protection ∗∗∗ --------------------------------------------- This weeks Windows optional cumulative update previews have introduced a compatibility issue with some of Trend Micros security products that breaks some of their capabilities, including the ransomware protection feature. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-… ∗∗∗ Warten auf abgesicherte Version: Anonymes Surfen unter Tails gefährdet ∗∗∗ --------------------------------------------- Wer mit dem Tor Browser des Tails-Systems surft, könnte Passwörter an Angreifer preisgeben. --------------------------------------------- https://heise.de/-7123771 ∗∗∗ Sie sollen Zollgebühren mit einer Paysafecard bezahlen? Achtung, Betrug! ∗∗∗ --------------------------------------------- Kriminelle versenden betrügerische E-Mails im Namen des Zolls und behaupten, dass Sie Zollgebühren bezahlen müssen, und zwar in Form einer Paysafecard. Nur so könne Ihr Paket zugestellt werden. Ignorieren Sie solche E-Mails, Kriminelle versuchen nur an Ihr Geld zu kommen. --------------------------------------------- https://www.watchlist-internet.at/news/sie-sollen-zollgebuehren-mit-einer-p… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins 2022-05-26 - 2022-05-27 ∗∗∗ --------------------------------------------- IBM MQ Internet Pass-Thru, IBM MQ Operator, IBM MQ Appliance, IBM MQ trace, IBM Semeru Runtime, IBM Sterling Control Center, IBM App Connect Enterprise, IBM Watson Discovery, IBM Spectrum Control, IBM Netezza Host Management, IBM Tivoli Netcool/OMNIbus Probe Integrations, IBM DataPower. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Sicherheitsupdates: Angreifer könnten Netzwerk-Hardware von Citrix lahmlegen ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitspatches für Citritx ADC und Citrix Gateway. Angreifer könnten die Netzwerk-Hardware lahmlegen. --------------------------------------------- https://heise.de/-7123795 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, dpkg, filezilla, irssi, puma, and python-django), Fedora (firefox, ignition, and pcre2), Mageia (cockpit, firefox/thunderbird, openldap, supertux, unrar, and vim), Oracle (firefox and thunderbird), Red Hat (rh-varnish6-varnish), SUSE (cups, fribidi, kernel-firmware, redis, and wpa_supplicant), and Ubuntu (dpkg, logrotate, and subversion). --------------------------------------------- https://lwn.net/Articles/896346/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (atftp, cups, neutron, and zipios++), Fedora (clash, moodle, python-jwt, and thunderbird), Red Hat (thunderbird), Slackware (cups), SUSE (go1.17, libredwg, opera, seamonkey, and varnish), and Ubuntu (libxv, ncurses, openssl, and subversion). --------------------------------------------- https://lwn.net/Articles/896465/ ∗∗∗ ABB Cyber Security Advisory: e-Design - Multiple vulnerabilities ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2%20CMT%200%200%206… ∗∗∗ K32760744: libxml2 vulnerability CVE-2022-23308 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32760744 ∗∗∗ K54724312: Linux kernel vulnerability CVE-2022-0492 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54724312 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0661 ∗∗∗ Drupal CORE: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0662 ∗∗∗ Keysight N6854A Geolocation server and N6841A RF Sensor software ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-146-01 ∗∗∗ Horner Automation Cscape Csfont ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-146-02 ∗∗∗ Cross-Site Request Forgery Vulnerability in Proxy Server ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-22-18 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.05.2022
by Daily end-of-shift report 25 May '22

25 May '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-05-2022 18:00 − Mittwoch 25-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Vorsicht vor unseriösen Spendenaufrufen für krebskranke Kinder ∗∗∗ --------------------------------------------- Immer wieder stoßen Watchlist Internet Leser:innen auf betrügerische Spendenaufrufe für krebskranke Kinder. Insbesondere in Werbeeinschaltungen auf YouTube werden häufig derartige Kampagnen angezeigt. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-unserioesen-spendenaufr… ∗∗∗ Bablosoft; Lowering the Barrier of Entry for Malicious Actors ∗∗∗ --------------------------------------------- Summary Evidence suggests an increasing number of threat actor groups are making use of a free-to-use browser automation framework. The framework contains numerous features which we assess may be utilized in the enablement of malicious activities. --------------------------------------------- https://team-cymru.com/blog/2022/05/25/bablosoft-lowering-the-barrier-of-en… ∗∗∗ How the Saitama backdoor uses DNS tunnelling ∗∗∗ --------------------------------------------- A walkthrough of one of the stealthy communication techniques employed in a recent attack using APT34s Saitama backdoor. --------------------------------------------- https://blog.malwarebytes.com/threat-intelligence/2022/05/how-the-saitama-b… ∗∗∗ Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service ∗∗∗ --------------------------------------------- Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service. --------------------------------------------- http://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-pl… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (lrzip and puma), Fedora (plantuml and plib), Oracle (kernel and kernel-container), Red Hat (firefox, kernel, kpatch-patch, subversion:1.14, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (kernel-firmware, libxml2, pcre2, and postgresql13), and Ubuntu (accountsservice, postgresql-10, postgresql-12, postgresql-13, postgresql-14, and rsyslog). --------------------------------------------- https://lwn.net/Articles/896216/ ∗∗∗ CISA Adds 34 Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- CISA has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/05/25/cisa-adds-34-know… ∗∗∗ Chrome 102.0.5005.61/62/63 fixen kritische Schwachstellen ∗∗∗ --------------------------------------------- Google hat zum 24. Mai 2022 die Updates des 102.0.5005.61/62/63 Google Chrome Browsers für Windows und Mac auf dem Desktop im Stable Channel freigegeben (Chrome 102 wird auch im Stable Channel für Windows und Mac aufgenommen). --------------------------------------------- https://www.borncity.com/blog/2022/05/25/chrome-102-0-5005-61-62-63-fixen-s… ∗∗∗ Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vuln… ∗∗∗ Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-node-js-as-used-by-ibm-se… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-deployment-int… ∗∗∗ Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vuln… ∗∗∗ Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vuln… ∗∗∗ VMSA-2022-0015 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2022-0015.html ∗∗∗ Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508 ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX457048 ∗∗∗ Rockwell Automation Logix Controllers ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-144-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.05.2022
by Daily end-of-shift report 24 May '22

24 May '22

===================== = End-of-Day report = ===================== Timeframe: Montag 23-05-2022 18:00 − Dienstag 24-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Researchers to release exploit for new VMware auth bypass, patch now ∗∗∗ --------------------------------------------- Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products. --------------------------------------------- https://www.bleepingcomputer.com/news/security/researchers-to-release-explo… ∗∗∗ Beneath the surface: Uncovering the shift in web skimming ∗∗∗ --------------------------------------------- Web skimming campaigns now employ various obfuscation techniques to deliver and hide the skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected the malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to traditional security solutions. --------------------------------------------- https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-unco… ∗∗∗ Anatomy of a DDoS amplification attack ∗∗∗ --------------------------------------------- Amplification attacks are one of the most common distributed denial of service (DDoS) attack vectors. These attacks are typically categorized as flooding or volumetric attacks, where the attacker succeeds in generating more traffic than the target can process, resulting in exhausting its resources due to the amount of traffic it receives. --------------------------------------------- https://www.microsoft.com/security/blog/2022/05/23/anatomy-of-ddos-amplific… ∗∗∗ New Research Paper: Pre-hijacking Attacks on Web User Accounts ∗∗∗ --------------------------------------------- In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. --------------------------------------------- https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/ ∗∗∗ Cybersecurity Community Warned of Fake PoC Exploits Delivering Malware ∗∗∗ --------------------------------------------- Researchers have spotted fake proof-of-concept (PoC) exploits that appear to have been created by threat actors in an effort to deliver malware to members of the cybersecurity community. --------------------------------------------- https://www.securityweek.com/cybersecurity-community-warned-fake-poc-exploi… ∗∗∗ Die wichtigsten Einstellungen für ein sicheres Smartphone ∗∗∗ --------------------------------------------- Das Smartphone ist mittlerweile ein treuer Begleiter. Kontaktinformationen, Termine, Fotos, Bankdaten und Nachrichten befinden sich auf unseren Geräten. Kein Wunder, dass uns ein ungutes Gefühl überkommt, wenn das Smartphone nicht auffindbar und möglicherweise verloren gegangen ist. Am Smartphone sind viele persönliche Daten gespeichert und diese gilt es zu schützen. --------------------------------------------- https://www.watchlist-internet.at/news/die-wichtigsten-einstellungen-fuer-e… ∗∗∗ Breaking out of Windows Kiosks using only Microsoft Edge ∗∗∗ --------------------------------------------- I will take you through the steps that I performed to get code execution on a Windows kiosk host using ONLY Microsoft Edge. --------------------------------------------- https://blog.nviso.eu/2022/05/24/breaking-out-of-windows-kiosks-using-only-… ===================== = Vulnerabilities = ===================== ∗∗∗ Zyxel: Lücken in Access-Points, Access-Point-Controllern und Firewalls ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Zyxel warnt vor mehreren Sicherheitslücken in den Access-Points, Access-Point-Controllern sowie Firewalls. Updates sind verfügbar. --------------------------------------------- https://heise.de/-7108626 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr and openldap), Fedora (curl), Oracle (kernel and kernel-container), Red Hat (maven:3.5), SUSE (cacti, cacti-spine, firefox, go1.18, openldap2, python-requests, rsyslog, and slurm_20_11), and Ubuntu (firefox, htmldoc, libpng, libxfixes, libxrender, thunderbird, and vim). --------------------------------------------- https://lwn.net/Articles/896114/ ∗∗∗ CVE-2022-25237: Bonitasoft Authorization Bypass and RCE ∗∗∗ --------------------------------------------- https://rhinosecuritylabs.com/application-security/cve-2022-25237-bonitasof… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale which is packaged in IBM ESS (CVE-2022-22368) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: IBM DataPower Gateway Operand affected by vulnerabilities in Go (CVE-2021-44716, CVE-2021-44717) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-ope… ∗∗∗ Security Bulletin: IBM DataPower Gateway potentially vulnerable to DNS spoofing ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-pot… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unauthorized user can send arbitrary data to the CLI commands and daemon (CVE-2020-4926) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: This Power System update is being released to address CVE 2022-22309 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM ESS ( CVE-2021-39031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-4083) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-linux-kernel-vulnerabilit… ∗∗∗ Security Bulletin: A vulnerability in IBM JAVA JDK affects IBM Spectrum Scale packaged in IBM Elastic Storage System (CVE-2022-21291) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System (CVE-2021-39031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-we… ∗∗∗ Security Bulletin: This Power System update is being released to address CVE-2020-1968 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-… ∗∗∗ Security Bulletin: IBM Security Verify Adapters are vulnerable to denial of service and bypass security restrictions due to OpenSSL (CVE-2021-3449, CVE-2021-3450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-adapt… ∗∗∗ Security Bulletin: IBM Navigator for i is vulnerable to an SQL injection (CVE-2022-22495) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-navigator-for-i-is-vu… ∗∗∗ Security Bulletin: IBM DataPower Gateway affected by vulnerability in JRE ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-aff… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow an attacker to decrypt highly sensitive information(CVE-2022-22368) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale which is packaged in IBM ESS (CVE-2020-4926) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container Operator may be vulnerable to denial of service due to CVE-2021-38561 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ F-Secure Produkte: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K22-0646 ∗∗∗ Matrikon OPC Server ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-144-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.05.2022
by Daily end-of-shift report 23 May '22

23 May '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-05-2022 18:00 − Montag 23-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Malicious PyPI package opens backdoors on Windows, Linux, and Macs ∗∗∗ --------------------------------------------- Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens… ∗∗∗ How to find NPM dependencies vulnerable to account hijacking ∗∗∗ --------------------------------------------- Following the recent disclosure of a technique for hijacking certain NPM packages, security engineer Danish Tariq has proposed a defensive strategy for those looking to assess whether their web apps include dependencies tied to subvertable email domains. --------------------------------------------- https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/ ∗∗∗ Conti Ransomware Operation Shut Down After Brand Becomes Toxic ∗∗∗ --------------------------------------------- The Conti brand’s downfall appears to have started in late February, after Russia launched an invasion of Ukraine. --------------------------------------------- https://www.securityweek.com/conti-ransomware-operation-shut-down-after-bra… ∗∗∗ Wenn nach einer Bestellung auf Vinted ein Zalando-Paket ankommt… ∗∗∗ --------------------------------------------- Sie haben etwas auf Vinted gekauft aber ein Zalando-Paket erhalten? Dann sollten Sie rasch handeln. Dabei handelt es sich nämlich um eine Betrugsmasche. --------------------------------------------- https://www.watchlist-internet.at/news/wenn-nach-einer-bestellung-auf-vinte… ∗∗∗ Botnet bedroht Linux-Server ∗∗∗ --------------------------------------------- Schützen Sie Ihre Linux-Server vor XorDdoS, einem Botnet, das im Internet nach SSH-Servern mit schwachen Passwörtern sucht, warnt Microsoft. --------------------------------------------- https://www.zdnet.de/88401426/botnet-bedroht-linux-server/ ∗∗∗ Windows Defender Application Control: Empfohlene Blockierungsregeln (Mai 2022) ∗∗∗ --------------------------------------------- In Windows 10 und Windows 11 sind Windows Defender Application Control (WDAC) und AppLocker als Features in den Unternehmensvarianten (Windows 10/11 Enterprise) als Sicherheitsfunktionen verfügbar. Nun hat Microsoft Mitte Mai 2022 eine Liste der empfohlenen Blockierungsregeln veröffentlicht. --------------------------------------------- https://www.borncity.com/blog/2022/05/22/windows-defender-application-contr… ===================== = Vulnerabilities = ===================== ∗∗∗ PDF smuggles Microsoft Word doc to drop Snake Keylogger malware ∗∗∗ --------------------------------------------- Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-… ∗∗∗ Jetzt patchen! Angreifer attackieren Cisco 8000 Series Router ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Cisco hat Sicherheitsupdates für verschiedene Netzwerk-Komponenten veröffentlicht. --------------------------------------------- https://heise.de/-7102828 ∗∗∗ Oracle warnt vor Sicherheitslücke in E-Business Suite ∗∗∗ --------------------------------------------- Oracle veröffentlicht Updates eigentlich quartalsweise zum Critical-Patch-Update-Termin. Ein Patch schließt bereits jetzt eine Lücke in der E-Business-Suite. --------------------------------------------- https://heise.de/-7102875 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (admesh, condor, firefox-esr, libpgjava, libxml2, rsyslog, and thunderbird), Fedora (dotnet6.0, libarchive, php-openpsa-universalfeedcreator, thunderbird, and vim), Mageia (ffmpeg, kernel, kernel-linus, microcode, netatalk, nvidia-current, nvidia390, opencontainers-runc, postgresql, and ruby-nokogiri), Slackware (mariadb and mozilla), and SUSE (curl, firefox, libarchive, librecad, libxls, openldap2, php7, and postgresql10). --------------------------------------------- https://lwn.net/Articles/896032/ ∗∗∗ Password policy guidance ∗∗∗ --------------------------------------------- Why do we need strong passwords? Passwords are stored by using a one-way hashing algorithm to generate a representation of the original password on a securely designed system. --------------------------------------------- https://www.pentestpartners.com/security-blog/password-policy-guidance/ ∗∗∗ Denial of Service Vulnerability in some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220601-… ∗∗∗ Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-… ∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-se… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: TXSeries for Multiplatforms is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-txseries-for-multiplatfor… ∗∗∗ Security Bulletin: Vulnerability in Curl affects IBM Cloud Private and could allow a remote attacker to bypass security restrictions (CVE-2021-22926) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-aff… ∗∗∗ Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-… ∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-se… ∗∗∗ K08832573: DHCP vulnerability CVE-2021-25217 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K08832573 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.05.2022
by Daily end-of-shift report 20 May '22

20 May '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-05-2022 18:00 − Freitag 20-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices ∗∗∗ --------------------------------------------- Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malwares capabilities and key infection signs. --------------------------------------------- https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper… ∗∗∗ Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware ∗∗∗ --------------------------------------------- Fraudulent domains masquerading as Microsofts Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. --------------------------------------------- https://thehackernews.com/2022/05/hackers-trick-users-with-fake-windows.html ∗∗∗ Cytroxs Predator Spyware Targeted Android Users with Zero-Day Exploits ∗∗∗ --------------------------------------------- Googles Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. --------------------------------------------- https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.h… ∗∗∗ Metastealer – filling the Racoon void ∗∗∗ --------------------------------------------- MetaStealer is a new information stealer variant designed to fill the void following Racoon stealer suspending operations in March of this year. --------------------------------------------- https://research.nccgroup.com/2022/05/20/metastealer-filling-the-racoon-voi… ∗∗∗ Emotet Being Distributed Using Various Files ∗∗∗ --------------------------------------------- The ASEC analysis team has recently discovered the distribution of Emotet through link files (.lnk). The malware has been steadily distributed in the past, but starting from April, it was found that the Emotet downloader uses Excel files as well as link files (.lnk). --------------------------------------------- https://asec.ahnlab.com/en/34556/ ===================== = Vulnerabilities = ===================== ∗∗∗ Oracle Security Alert for CVE-2022-21500 - 19 May 2022 ∗∗∗ --------------------------------------------- This Security Alert addresses vulnerability CVE-2022-21500, which affects some deployments of Oracle E-Business Suite. --------------------------------------------- https://www.oracle.com/security-alerts/alert-cve-2022-21500.html ∗∗∗ Angreifer könnten mit DNS-Software BIND erstellte TLS-Sessions "zerstören" ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für BIND, welches Admins zeitnah installieren sollten. --------------------------------------------- https://heise.de/-7101032 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel), Debian (ark, openldap, and thunderbird), Fedora (freetype and vim), Oracle (.NET 5.0, .NET 6.0, .NET Core 3.1, container-tools:3.0, glibc, kernel, rsync, and subversion:1.10), Scientific Linux (kernel), SUSE (dcraw, firefox, glib2, ImageMagick, kernel-firmware, libxml2, libyajl, php7, ucode-intel, and unrar), and Ubuntu (openldap). --------------------------------------------- https://lwn.net/Articles/895862/ ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities. (CVE-2021-23450, CVE-1999-0001) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-i… ∗∗∗ Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-autom… ∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities. (CVE-2021-39038, CVE-1999-0002) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-i… ∗∗∗ Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to Cross-site Scripting (XSS) vulnerability (CVE-2021-39043) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-engineering-lifecycle… ∗∗∗ Galleon NTS-6002-GPS Command Injection vulnerability (CVE-2022-27224) ∗∗∗ --------------------------------------------- https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-… ∗∗∗ Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/ ∗∗∗ Grafana: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0639 ∗∗∗ Trend Micro Security Produkte: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0638 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily