===================== = End-of-Day report = =====================
Timeframe: Dienstag 08-03-2022 18:00 − Mittwoch 09-03-2022 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Betrug auf Discord: „Sorry, ich habe deinen Steam-Account gemeldet!“ ∗∗∗ --------------------------------------------- Gamerinnen und Gamer aufgepasst: Auf Discord kommt es momentan zu Kontaktaufnahmen durch Kriminelle, die sich für das Melden des Steam-Accounts entschuldigen. --------------------------------------------- https://www.watchlist-internet.at/news/betrug-auf-discord-sorry-ich-habe-dei...
∗∗∗ Daxin Backdoor: In-Depth Analysis, Part Two ∗∗∗ --------------------------------------------- In the second of a two-part series of blogs, we examine the communications and networking features of Daxin. --------------------------------------------- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/dax...
===================== = Vulnerabilities = =====================
∗∗∗ Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint ∗∗∗ --------------------------------------------- Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. --------------------------------------------- https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoof...
∗∗∗ New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices ∗∗∗ --------------------------------------------- Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. --------------------------------------------- https://thehackernews.com/2022/03/new-16-high-severity-uefi-firmware.html
∗∗∗ Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses ∗∗∗ --------------------------------------------- Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System (CPS) that could be combined to achieve a full pre-authenticated remote code execution of affected systems. --------------------------------------------- https://thehackernews.com/2022/03/critical-rce-bugs-found-in-pascom-cloud.ht...
∗∗∗ TLStorm: Three critical vulnerabilities discovered in APC Smart-UPS devices ∗∗∗ --------------------------------------------- Armis has discovered a set of three critical zero-day vulnerabilities in APC Smart-UPS devices that can allow remote attackers to take over Smart-UPS devices and carry out extreme attacks targeting both physical devices and IT assets. --------------------------------------------- https://www.armis.com/research/tlstorm/
∗∗∗ Patchday: SAP behebt 16 Schwachstellen ∗∗∗ --------------------------------------------- Zum März-Patchday bei SAP liefert das Unternehmen Aktualisierungen für zwölf neue Sicherheitslücken aus. Zudem aktualisiert es vier ältere Sicherheitsmeldungen. --------------------------------------------- https://heise.de/-6543439
∗∗∗ Alte Lücke in Pulse Connect Secure-VPN wird angegriffen ∗∗∗ --------------------------------------------- Schon Mitte 2020 hat Pulse Secure in seiner VPN-Lösung Aktualisierungen veröffentlicht, die Sicherheitslücken schließen. Die Lücken werden jetzt angegriffen. --------------------------------------------- https://heise.de/-6544328
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel, linux-4.19, spip, and thunderbird), Fedora (cyrus-sasl and libxml2), Mageia (firefox and thunderbird), openSUSE (buildah and tcpdump), Red Hat (cyrus-sasl, kernel, kernel-rt, and kpatch-patch), Slackware (kernel), SUSE (buildah, kernel, libcaca, and tcpdump), and Ubuntu (linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oem-5.14, linux-oracle, linux-oracle-5.13, [...] --------------------------------------------- https://lwn.net/Articles/887309/
∗∗∗ Microsoft Releases March 2022 Security Updates ∗∗∗ --------------------------------------------- Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/03/08/microsoft-releases...
∗∗∗ SAP Releases March 2022 Security Updates ∗∗∗ --------------------------------------------- SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/03/08/sap-releases-march...
∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/03/08/adobe-releases-sec...
∗∗∗ ZDI-22-492: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-492/
∗∗∗ ZDI-22-491: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-491/
∗∗∗ ZDI-22-490: (0Day) Ecava IntegraXor Inkscape WMF File Parsing Memory Corruption Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-490/
∗∗∗ ZDI-22-489: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-489/
∗∗∗ ZDI-22-488: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-488/
∗∗∗ ZDI-22-487: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-487/
∗∗∗ ZDI-22-486: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-486/
∗∗∗ ZDI-22-485: (0Day) Ecava IntegraXor Inkscape PCX File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-485/
∗∗∗ AMD: LFENCE/JMP Mitigation Update for CVE-2017-5715 ∗∗∗ --------------------------------------------- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
∗∗∗ Intel Processor Advisory: INTEL-SA-00598 ∗∗∗ --------------------------------------------- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00...
∗∗∗ Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-...
∗∗∗ Security Bulletin: Vulnerability in ISC BIND affects IBM Integrated Analytics System. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-isc-bind-...
∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Watson Explorer Content Analytics Studio ( CVE-2021-2341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-...
∗∗∗ Security Bulletin: Vulnerability in Intel Xeon affects IBM Cloud Pak System (CVE-2021-0144) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-intel-xeo...
∗∗∗ XSA-398 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-398.html
∗∗∗ F-Secure Produkte: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0279
∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0276
∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX341586
∗∗∗ NetApp SnapCenter Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500477-NETAPP-SNAPCENTER-INFORM...
∗∗∗ Brocade Fabric OS Vulnerabilities ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500476-BROCADE-FABRIC-OS-VULNER...
∗∗∗ Lenovo Thin Installer Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500475-LENOVO-THIN-INSTALLER-DE...
∗∗∗ Glance by Mirametrix Vulnerability ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500474-GLANCE-BY-MIRAMETRIX-VUL...