===================== = End-of-Day report = =====================
Timeframe: Freitag 29-04-2022 18:00 − Montag 02-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Fake Windows 10 updates infect you with Magniber ransomware ∗∗∗ --------------------------------------------- Fake Windows 10 updates on crack sites are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infec...
∗∗∗ REvil ransomware returns: New malware sample confirms gang is back ∗∗∗ --------------------------------------------- The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-...
∗∗∗ Fake-YouTube-Videos mit Elon Musk führen zu Betrug mit Kryptowährung ∗∗∗ --------------------------------------------- Kriminelle fälschen Videos mit Elon Musk. In diesen Videos erhalten Zuseher:innen angeblich ein Geschenk von Musk. Er bietet die Möglichkeit, Bitcoins oder Ethereum zu verdoppeln. Und das ganz einfach: Sie überweisen Kryptowährung an ein bestimmtes Wallet und erhalten das Doppelte zurück. Achtung: Sie überweisen an Kriminelle und verlieren Geld! --------------------------------------------- https://www.watchlist-internet.at/news/fake-youtube-videos-mit-elon-musk-fue...
∗∗∗ Analysis on recent wiper attacks: examples and how wiper malware works ∗∗∗ --------------------------------------------- This blog post looks to explain how wipers work, what makes them so effective and provides a short overview of the most recent samples that appeared in the eastern Europe geopolitical conflict. --------------------------------------------- https://cybersecurity.att.com/blogs/labs-research/analysis-on-recent-wiper-a...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ffmpeg, ghostscript, libarchive, and tinyxml), Fedora (CuraEngine, epiphany, gzip, usd, vim, xen, and xz), Oracle (maven-shared-utils and qemu), Red Hat (gzip, python27-python and python27-python-pip, rh-maven36-maven-shared-utils, rh-python38-python, rh-python38-python-lxml, and rh-python38-python-pip, and zlib), Slackware (pidgin), SUSE (jasper, java-11-openjdk, libcaca, libslirp, mariadb, mutt, nodejs12, opera, and python-Twisted), [...] --------------------------------------------- https://lwn.net/Articles/893440/
∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to stack-based buffer overflow in GNU C Library (CVE-2022-23219) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services...
∗∗∗ Security Bulletin: IBM Integration Designer is vulnerable to arbitrary code execution because of Apache Log4j (CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-designer-i...
∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a stack-based buffer overflow in GNU C Library (CVE-2022-23218) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services...
∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow and underflow in GNU C Library (CVE-2021-3999) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services...
∗∗∗ Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2022 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerab...
∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 91.8.0ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 – 2022.4.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-o...
∗∗∗ K24207649: GNU C Library (glibc) vulnerability CVE-2021-3999 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24207649
∗∗∗ K52308021: GNU C Library (glibc) vulnerabilities CVE-2022-23218 and CVE-2022-23219 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52308021
∗∗∗ K19473898: Multiple Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, and CVE-2022-23515 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19473898
∗∗∗ K91589041: Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K91589041
∗∗∗ K23421535: Expat vulnerabilities CVE-2022-22822, CVE-2022-22823, and CVE-2022-22824 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23421535
∗∗∗ K23231802: Expat vulnerability CVE-2021-46143 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23231802
∗∗∗ TRUMPF: TruTops Fab, TruTops Boost prone to vulnerability ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-016/
∗∗∗ Vulnerabilities in the communication protocol of the PLC runtime ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-577411.html