===================== = End-of-Day report = =====================
Timeframe: Freitag 20-05-2022 18:00 − Montag 23-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Malicious PyPI package opens backdoors on Windows, Linux, and Macs ∗∗∗ --------------------------------------------- Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-...
∗∗∗ How to find NPM dependencies vulnerable to account hijacking ∗∗∗ --------------------------------------------- Following the recent disclosure of a technique for hijacking certain NPM packages, security engineer Danish Tariq has proposed a defensive strategy for those looking to assess whether their web apps include dependencies tied to subvertable email domains. --------------------------------------------- https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/
∗∗∗ Conti Ransomware Operation Shut Down After Brand Becomes Toxic ∗∗∗ --------------------------------------------- The Conti brand’s downfall appears to have started in late February, after Russia launched an invasion of Ukraine. --------------------------------------------- https://www.securityweek.com/conti-ransomware-operation-shut-down-after-bran...
∗∗∗ Wenn nach einer Bestellung auf Vinted ein Zalando-Paket ankommt… ∗∗∗ --------------------------------------------- Sie haben etwas auf Vinted gekauft aber ein Zalando-Paket erhalten? Dann sollten Sie rasch handeln. Dabei handelt es sich nämlich um eine Betrugsmasche. --------------------------------------------- https://www.watchlist-internet.at/news/wenn-nach-einer-bestellung-auf-vinted...
∗∗∗ Botnet bedroht Linux-Server ∗∗∗ --------------------------------------------- Schützen Sie Ihre Linux-Server vor XorDdoS, einem Botnet, das im Internet nach SSH-Servern mit schwachen Passwörtern sucht, warnt Microsoft. --------------------------------------------- https://www.zdnet.de/88401426/botnet-bedroht-linux-server/
∗∗∗ Windows Defender Application Control: Empfohlene Blockierungsregeln (Mai 2022) ∗∗∗ --------------------------------------------- In Windows 10 und Windows 11 sind Windows Defender Application Control (WDAC) und AppLocker als Features in den Unternehmensvarianten (Windows 10/11 Enterprise) als Sicherheitsfunktionen verfügbar. Nun hat Microsoft Mitte Mai 2022 eine Liste der empfohlenen Blockierungsregeln veröffentlicht. --------------------------------------------- https://www.borncity.com/blog/2022/05/22/windows-defender-application-contro...
===================== = Vulnerabilities = =====================
∗∗∗ PDF smuggles Microsoft Word doc to drop Snake Keylogger malware ∗∗∗ --------------------------------------------- Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-d...
∗∗∗ Jetzt patchen! Angreifer attackieren Cisco 8000 Series Router ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Cisco hat Sicherheitsupdates für verschiedene Netzwerk-Komponenten veröffentlicht. --------------------------------------------- https://heise.de/-7102828
∗∗∗ Oracle warnt vor Sicherheitslücke in E-Business Suite ∗∗∗ --------------------------------------------- Oracle veröffentlicht Updates eigentlich quartalsweise zum Critical-Patch-Update-Termin. Ein Patch schließt bereits jetzt eine Lücke in der E-Business-Suite. --------------------------------------------- https://heise.de/-7102875
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (admesh, condor, firefox-esr, libpgjava, libxml2, rsyslog, and thunderbird), Fedora (dotnet6.0, libarchive, php-openpsa-universalfeedcreator, thunderbird, and vim), Mageia (ffmpeg, kernel, kernel-linus, microcode, netatalk, nvidia-current, nvidia390, opencontainers-runc, postgresql, and ruby-nokogiri), Slackware (mariadb and mozilla), and SUSE (curl, firefox, libarchive, librecad, libxls, openldap2, php7, and postgresql10). --------------------------------------------- https://lwn.net/Articles/896032/
∗∗∗ Password policy guidance ∗∗∗ --------------------------------------------- Why do we need strong passwords? Passwords are stored by using a one-way hashing algorithm to generate a representation of the original password on a securely designed system. --------------------------------------------- https://www.pentestpartners.com/security-blog/password-policy-guidance/
∗∗∗ Denial of Service Vulnerability in some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220601-0...
∗∗∗ Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-v...
∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-ser...
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulne...
∗∗∗ Security Bulletin: TXSeries for Multiplatforms is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-txseries-for-multiplatform...
∗∗∗ Security Bulletin: Vulnerability in Curl affects IBM Cloud Private and could allow a remote attacker to bypass security restrictions (CVE-2021-22926) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-affe...
∗∗∗ Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-a...
∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-ser...
∗∗∗ K08832573: DHCP vulnerability CVE-2021-25217 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K08832573