===================== = End-of-Day report = =====================
Timeframe: Donnerstag 07-04-2022 18:00 − Freitag 08-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Malicious web redirect service infects 16,500 sites to push malware ∗∗∗ --------------------------------------------- A new TDS (Traffic Direction System) operation called Parrot has emerged in the wild, having already infected servers hosting 16,500 websites of universities, local governments, adult content platforms, and personal blogs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malicious-web-redirect-servic...
∗∗∗ Mirai malware now delivered using Spring4Shell exploits ∗∗∗ --------------------------------------------- The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mirai-malware-now-delivered-u...
∗∗∗ CVE-2021-30737, @xerubs 2021 iOS ASN.1 Vulnerability ∗∗∗ --------------------------------------------- Originally this post was just a series of notes I took last year as I was trying to understand this bug. But the bug itself and the narrative around it are so fascinating that I thought it would be worth writing up these notes into a more coherent form to share with the community. --------------------------------------------- https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-io...
∗∗∗ Public Report – Google Enterprise API Security Assessment ∗∗∗ --------------------------------------------- During the autumn of 2021, Google engaged NCC Group to perform a review of the Android 12 Enterprise API to evaluate its compliance with the Security Technical Implementation Guides (STIG) matrix provided by Google. --------------------------------------------- https://research.nccgroup.com/2022/04/07/public-report-google-enterprise-api...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libtiff), Debian (chromium), Fedora (buildah and chromium), openSUSE (firefox), SUSE (firefox, libsolv, libzypp, and openjpeg2), and Ubuntu (firefox and python-oslo.utils). --------------------------------------------- https://lwn.net/Articles/890718/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: IBM SPSS Analytic Server is vulnerable to LDAP Injection (CVE-2021-39031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spss-analytic-server-i...
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2021-22931) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-releas...
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2022-21824) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-releas...
∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-...
∗∗∗ Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site request forgery (CVE-2020-4668) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrato...
∗∗∗ Security Bulletin: Vulnerability in json4j – CVE-2021-3918 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-json4j-cv...
∗∗∗ Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-managemen...
∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-wor...
∗∗∗ Security Bulletin: Apache Log4j vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability...
∗∗∗ Security Bulletin: LDAP vulnerability in WebSphere Liberty Profile can affect IBM InfoSphere Global Name Management ENS (CVE-2021-39031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ldap-vulnerability-in-webs...
∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2022-0004.html
∗∗∗ D-LINK Router: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0405
∗∗∗ D-LINK Router: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0406
∗∗∗ Microsoft Edge 100.0.1185.36 fixt Schwachstelle ∗∗∗ --------------------------------------------- https://www.borncity.com/blog/2022/04/08/microsoft-edge-100-0-1185-36-fixt-s...