===================== = End-of-Day report = =====================
Timeframe: Dienstag 29-03-2022 18:00 − Mittwoch 30-03-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner
===================== = News = =====================
∗∗∗ Mars Stealer malware pushed via OpenOffice ads on Google ∗∗∗ --------------------------------------------- A newly launched information-stealing malware variant called Mars Stealer is rising in popularity, and threat analysts are now spotting the first notable large-scale campaigns employing it. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mars-stealer-malware-pushed-v...
∗∗∗ Viasat shares details on KA-SAT satellite service cyberattack ∗∗∗ --------------------------------------------- US satellite communications provider Viasat has shared an incident report regarding the cyberattack that affected its KA-SAT consumer-oriented satellite broadband service on February 24, the day Russia invaded Ukraine. --------------------------------------------- https://www.bleepingcomputer.com/news/security/viasat-shares-details-on-ka-s...
∗∗∗ Angriff auf Schnellllader: Forscher können Ladevorgänge per Funk unterbrechen ∗∗∗ --------------------------------------------- CCS hat sich als Standard beim Schnellladen von Elektroautos etabliert. Doch der Ladevorgang lässt sich durch Funksignale zum Absturz bringen. --------------------------------------------- https://www.golem.de/news/schnelllladen-forscher-bringen-ccs-ladevorgaenge-p...
∗∗∗ Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks ∗∗∗ --------------------------------------------- Team Nautilus has uncovered a Python-based ransomware attack that, for the first time, was targeting Jupyter Notebook, a popular tool used by data practitioners. The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack. --------------------------------------------- https://blog.aquasec.com/python-ransomware-jupyter-notebook
∗∗∗ Kostenlose Webinar-Reihe: So schützen Sie sich im Internet ∗∗∗ --------------------------------------------- Mit Unterstützung der Arbeiterkammer Burgenland veranstalten unsere KollegInnen von saferinternet.at ab 5. April eine Webinar-Reihe. Die kostenlosen Webinare sind für alle interessierten Erwachsenen offen und beschäftigen sich mit dem sicheren und verantwortungsvollen Umgang mit digitalen Medien. Mit dabei sind auch ExpertInnen der Watchlist Internet. --------------------------------------------- https://www.watchlist-internet.at/news/kostenlose-webinar-reihe-so-schuetzen...
∗∗∗ Investigating an engineering workstation – Part 2 ∗∗∗ --------------------------------------------- In this second post we will focus on specific evidence written by the TIA Portal. As you might remember, in the first part we covered standard Windows-based artefacts regarding execution of the TIA Portal and usage of projects. --------------------------------------------- https://blog.nviso.eu/2022/03/30/investigating-an-engineering-workstation-pa...
∗∗∗ Advanced warning: probable remote code execution (RCE) in Spring, an extremely popular Java framework ∗∗∗ --------------------------------------------- This notice is intended to alert you that there may be a significant issue with Spring which, if confirmed, would require immediate attention.In the morning (New York time) on Wednesday, March 29th, 2022, a member of the security research team KnownSec posted a now-removed screenshot to Twitter purporting to show a trivially-exploited remote code execution vulnerability against Spring core, the most popular Java framework in use on the Internet. The researcher did not provide a proof-of-concept or public details. --------------------------------------------- https://bugalert.org/content/notices/2022-03-29-spring.html
===================== = Vulnerabilities = =====================
∗∗∗ Jetzt aktualisieren! Angriffe auf Sicherheitslücke in Trend Micro Apex Central ∗∗∗ --------------------------------------------- Trend Micro warnt vor Angriffen auf eine Sicherheitslücke in zentralen Verwaltungssoftware Apex Central. Zum Abdichten des Lecks stehen Updates bereit. --------------------------------------------- https://heise.de/-6656849
∗∗∗ VMSA-2022-0009 ∗∗∗ --------------------------------------------- CVSSv3 Range: 5.5 CVE(s): CVE-2022-22948 Synopsis: VMware vCenter Server updates address an information disclosure vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2022-0009.html
∗∗∗ Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk ∗∗∗ --------------------------------------------- On February 15, 2022, the Wordfence Threat Intelligence team finished research on two separate vulnerabilities in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin with over 100,000 installations. [...] A patched version, 5.174.1, was made available on March 25, 2022. --------------------------------------------- https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-anti...
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (expat, firefox, httpd, openssl, and thunderbird), Debian (cacti), Fedora (kernel, rsh, unrealircd, and xen), Mageia (kernel and kernel-linus), openSUSE (apache2, java-1_8_0-ibm, kernel, openvpn, and protobuf), Oracle (openssl), Red Hat (httpd:2.4, kernel, kpatch-patch, and openssl), SUSE (apache2, java-1_7_1-ibm, java-1_8_0-ibm, kernel, openvpn, protobuf, and zlib), and Ubuntu (chromium-browser and paramiko). --------------------------------------------- https://lwn.net/Articles/889682/
∗∗∗ SaltStack Salt: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SaltStack Salt ausnutzen, um Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen, Privilegien zu erweitern oder beliebigen Programmcode auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0371
∗∗∗ Trend Micro AntiVirus für Mac: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro AntiVirus für Mac ausnutzen, um seine Privilegien zu erhöhen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0370
∗∗∗ Google Releases Security Updates for Chrome ∗∗∗ --------------------------------------------- Google has released Chrome version 100.0.4896.60 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/03/30/google-releases-se...
∗∗∗ Password-Hash-Preisgabe im CMS Statamic (SYSS-2022-022) ∗∗∗ --------------------------------------------- Im CMS Statamic können in der REST-API Passwort-Hash-Werte aller Benutzer:innen ausgelesen werden. Dies kann zur Übernahme der Website führen. --------------------------------------------- https://www.syss.de/pentest-blog/password-hash-preisgabe-in-statamic-cms-sys...
∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2021and Jan 2022 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-ed...
∗∗∗ Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-eclipse-jetty-vulnerabi...
∗∗∗ PHOENIX CONTACT: Vulnerabilities in XML parser library Expat (libexpat) ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-005/
∗∗∗ Buffer Overflow Vulnerability in Recovery Image ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-446276-bt.html
∗∗∗ CVE-2022-0778: Sicherheitslücken mit Denial of Service-Potential in OpenSSL ∗∗∗ --------------------------------------------- https://www.sprecher-automation.com/it-sicherheit/security-alerts