[CERT-daily] Tageszusammenfassung - 20.04.2022

===================== = End-of-Day report = =====================

Timeframe: Dienstag 19-04-2022 18:00 − Mittwoch 20-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

===================== = News = =====================

∗∗∗ CISA warns of attackers now exploiting Windows Print Spooler bug ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisa-warns-of-attackers-now-e...

∗∗∗ Emotet botnet switches to 64-bit modules, increases activity ∗∗∗ --------------------------------------------- The Emotet malware is having a burst in distribution and is likely to soon switch to new payloads that are currently detected by fewer antivirus engines. --------------------------------------------- https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-...

∗∗∗ Google: 2021 war Rekordjahr für entdeckte Zero Days ∗∗∗ --------------------------------------------- Laut Google ändert sich die Ursache der Sicherheitslücken selbst aber kaum. Größtes Problem bleiben Speicherfehler. --------------------------------------------- https://www.golem.de/news/google-2021-war-rekordjahr-fuer-entdeckte-zero-day...

∗∗∗ "aa" distribution Qakbot (Qbot) infection with DarkVNC traffic, (Wed, Apr 20th) ∗∗∗ --------------------------------------------- Chain of Events and IOCs of a Qakbot infection. --------------------------------------------- https://isc.sans.edu/diary/rss/28568

∗∗∗ Phishing-Welle zu Online-Banking rollt durch Postfächer ∗∗∗ --------------------------------------------- Aktuell rollt eine Phishing-Welle durch österreichische E-Mail-Postfächer, mit der es Kriminelle vor allem auf Online-Banking-Daten abgesehen haben. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-welle-zu-online-banking-roll...

∗∗∗ CISA Releases Secure Cloud Business Applications (SCuBA) Guidance Documents for Public Comment ∗∗∗ --------------------------------------------- CISA has released draft versions of two guidance documents—along with a request for comment (RFC)—that are a part of the recently launched Secure Cloud Business Applications (SCuBA) project. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/04/19/cisa-releases-secu...

∗∗∗ Investigating an engineering workstation – Part 3 ∗∗∗ --------------------------------------------- In our third blog post we will focus on information we can get from the projects itself. --------------------------------------------- https://blog.nviso.eu/2022/04/20/investigating-an-engineering-workstation-pa...

===================== = Vulnerabilities = =====================

∗∗∗ Elliptische Kurven: Java-Signaturprüfung lässt sich mit Nullen austricksen ∗∗∗ --------------------------------------------- Bei der Prüfung von ECDSA-Signaturen in Java fand sich ein Fehler, der dazu führt, dass man eine immer gültige Signatur erstellen kann. --------------------------------------------- https://www.golem.de/news/elliptische-kurven-java-signaturpruefung-laesst-si...

∗∗∗ Oracle stellt 520 Sicherheitspatches für sein Software-Portfolio bereit ∗∗∗ --------------------------------------------- Admins von Oracle-Anwendungen sollten die verfügbaren Aktualisierungen installieren, um zum Teil kritische Sicherheitslücken zu schließen. --------------------------------------------- https://heise.de/-6746906

∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (condor), Red Hat (389-ds:1.4, container-tools:2.0, kernel, kernel-rt, and kpatch-patch), SUSE (chrony, containerd, expat, git, icedtea-web, jsoup, jsr-305, kernel, libeconf, shadow and util-linux, protobuf, python-libxml2-python, python3, slirp4netns, sssd, vim, and wpa_supplicant), and Ubuntu (bash). --------------------------------------------- https://lwn.net/Articles/892047/

∗∗∗ AWSs Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation ∗∗∗ --------------------------------------------- We identified severe security issues within AWS Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations. --------------------------------------------- https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/

∗∗∗ SSA-254054: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-254054.txt

∗∗∗ Security Bulletin: IBM Emptoris Strategic Supply Management Platform is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-strategic-sup...

∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by Node.js vulnerability (CVE-2021-22939) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insi...

∗∗∗ Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-ibm-sdk-java...

∗∗∗ Security Bulletin: IBM Emptoris Sourcing is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-sourcing-is-v...

∗∗∗ Security Bulletin: IBM Emptoris Contract Management is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-contract-mana...

∗∗∗ Security Bulletin: IBM Emptoris Program Management is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-program-manag...

∗∗∗ April 19, 2022 TNS-2022-09 [R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2022-09

∗∗∗ Veritas NetBackup: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0474

∗∗∗ Interlogix Hills ComNav ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-109-01

∗∗∗ Automated Logic WebCTRL ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-109-02

∗∗∗ FANUC ROBOGUIDE Simulation Platform ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-109-03

∗∗∗ Elcomplus SmartPPT SCADA ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-109-04

∗∗∗ Multiple ctrlX CORE vulnerabilities ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-029150.html

∗∗∗ MISP 2.4.158 security fix and general improvement release ∗∗∗ --------------------------------------------- https://github.com/MISP/MISP/releases/tag/v2.4.158

∗∗∗ Multiple Vulnerabilities in Apache HTTP Server ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-22-11