===================== = End-of-Day report = =====================
Timeframe: Dienstag 10-05-2022 18:00 − Mittwoch 11-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ New IceApple exploit toolset deployed on Microsoft Exchange servers ∗∗∗ --------------------------------------------- Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-iceapple-exploit-toolset-...
∗∗∗ New stealthy Nerbian RAT malware spotted in ongoing attacks ∗∗∗ --------------------------------------------- A new remote access trojan called Nerbian RAT has been discovered that includes a rich set of features, including the ability to evade detection and analysis by researchers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-stealthy-nerbian-rat-malw...
∗∗∗ TA578 using thread-hijacked emails to push ISO files for Bumblebee malware, (Wed, May 11th) ∗∗∗ --------------------------------------------- Identified by Proofpoint as the threat actor behind the Contact Forms campaign, TA578 also appears to be pushing ISO files for Bumblebee malware through thread-hijacked emails. --------------------------------------------- https://isc.sans.edu/diary/rss/28636
∗∗∗ Vorsicht vor aktuellen BAWAG-Phishing-Mails! ∗∗∗ --------------------------------------------- Auch aktuell kursieren unzählige Phishing-Nachrichten und landen in den E-Mail-Postfächern potenzieller Opfer. Bei neuen Betrugs-Mails im Namen der BAWAG P.S.K. haben sich die Kriminellen wieder etwas Neues einfallen lassen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-aktuellen-bawag-phishing...
∗∗∗ From Project File to Code Execution: Exploiting Vulnerabilities in XINJE PLC Program Tool ∗∗∗ --------------------------------------------- Team82 has uncovered two vulnerabilities in XINJE’s PLC Program Tool, an engineering workstation. --------------------------------------------- https://claroty.com/2022/05/11/blog-research-from-project-file-to-code-execu...
===================== = Vulnerabilities = =====================
∗∗∗ Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws ∗∗∗ --------------------------------------------- Today is Microsofts May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2022-patch-tue...
∗∗∗ HP fixes bug letting attackers overwrite firmware in over 200 models ∗∗∗ --------------------------------------------- HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which might allow arbitrary code execution. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hp-fixes-bug-letting-attacker...
∗∗∗ Patchday Adobe: Schadcode-Lücken bedrohen ColdFusion, InDesign & Co. ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Anwendungen von Adobe. Den Großteil der Lücken stuft der Software-Hersteller als kritisch ein. --------------------------------------------- https://heise.de/-7081357
∗∗∗ Patchday: SAP behebt acht neu entdeckte Sicherheitsprobleme ∗∗∗ --------------------------------------------- Zum Mai-Patchday meldet SAP acht neue Sicherheitslücken und aktualisiert Artikel zu vier Schwachstellen, die das Unternehmen bereits früher abgedichtet hat. --------------------------------------------- https://heise.de/-7081276
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mutt), Fedora (blender, freerdp, kernel, kernel-headers, kernel-tools, mingw-freetype, and vim), Oracle (kernel and kernel-container), Red Hat (aspell, bind, bluez, c-ares, cairo and pixman, cockpit, compat-exiv2-026, container-tools:3.0, container-tools:rhel8, cpio, dovecot, exiv2, fapolicyd, fetchmail, flatpak, gfbgraph, gnome-shell, go-toolset:rhel8, grafana, grub2, httpd:2.4, keepalived, kernel, kernel-rt, libpq, libreoffice, libsndfile, libssh, [...] --------------------------------------------- https://lwn.net/Articles/894802/
∗∗∗ Intel: May 2022 Patchday ∗∗∗ --------------------------------------------- https://www.intel.com/content/www/us/en/security-center/default.html
∗∗∗ Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to Cross-site Scripting (XSS). (CVE-2021-39059) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-engineering-lifecycle-...
∗∗∗ Security Bulletin: Vulnerability in remote support authentication affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-remote-su...
∗∗∗ Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System (CVE-2021-21994, CVE-2021-21995) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-ed...
∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2022-22345) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnera...
∗∗∗ ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities ∗∗∗ --------------------------------------------- https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-ad...
∗∗∗ PHOENIX CONTACT: Multiple vulnerabilities in RAD-ISM-900-EN-BD devices ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-018/
∗∗∗ AMD Prozessoren: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0567
∗∗∗ Google Releases Security Updates for Chrome ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/05/11/google-releases-se...
∗∗∗ Intel Boot Guard and Intel TXT Advisory ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500488-INTEL-BOOT-GUARD-AND-INT...
∗∗∗ Intel SSD Firmware Advisory ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500487-INTEL-SSD-FIRMWARE-ADVIS...
∗∗∗ Lenovo Smart Standby Driver Vulnerability ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500486-LENOVO-SMART-STANDBY-DRI...