[CERT-daily] Tageszusammenfassung - 01.04.2022
Daily end-of-shift report
team at cert.at
Fri Apr 1 18:22:21 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 31-03-2022 18:00 − Freitag 01-04-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ New BlackGuard password-stealing malware sold on hacker forums ∗∗∗
---------------------------------------------
A new information-stealing malware named BlackGuard is winning the attention of the cybercrime community, now sold on numerous darknet markets and forums for a lifetime price of $700 or a subscription of $200 per month.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-blackguard-password-stealing-malware-sold-on-hacker-forums/
∗∗∗ Viasat confirms satellite modems were wiped with AcidRain malware ∗∗∗
---------------------------------------------
A newly discovered data wiper malware that wipes routers and modems has been deployed in the cyberattack that targeted the KA-SAT satellite broadband service to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/viasat-confirms-satellite-modems-were-wiped-with-acidrain-malware/
∗∗∗ Phishing uses Azure Static Web Pages to impersonate Microsoft ∗∗∗
---------------------------------------------
Phishing attacks are abusing Microsoft Azures Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/phishing-uses-azure-static-web-pages-to-impersonate-microsoft/
∗∗∗ FORCEDENTRY: Sandbox Escape ∗∗∗
---------------------------------------------
In this post we'll take a look at that sandbox escape. It's notable for using only logic bugs. In fact it's unclear where the features that it uses end and the vulnerabilities which it abuses begin.
---------------------------------------------
https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html
∗∗∗ iOS-Updates: Automatik braucht mehrere Wochen ∗∗∗
---------------------------------------------
Wer will, dass sein iPhone auf aktuellem Stand ist, sollte händisch aktualisieren. Die automatische Verteilung braucht lange, bestätigt Apples Softwarechef.
---------------------------------------------
https://heise.de/-6657879
∗∗∗ CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) ∗∗∗
---------------------------------------------
CVE-2022-22965, aka SpringShell, is a remote code execution vulnerability in the Spring Framework. We provide a root cause analysis and mitigations.
---------------------------------------------
https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/
∗∗∗ The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities ∗∗∗
---------------------------------------------
The flaws can be exploited to execute code on vulnerable controllers and workstations.
---------------------------------------------
https://www.zdnet.com/article/cisa-issues-alert-on-critical-ics-vulnerabilities-in-rockwell-systems/
∗∗∗ Spring Framework RCE, Mitigation Alternative ∗∗∗
---------------------------------------------
Yesterday we announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcat’s side. While the vulnerability is not in Tomcat itself, in real world situations, it is important to be able to choose among multiple upgrade paths that in turn provides flexibility and layered protection.
---------------------------------------------
https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins 2022-03-31 ∗∗∗
---------------------------------------------
IBM App Connect Enterprise Certified Container, IBM Sterling Partner Engagement Manager, IBM QRadar Network Security, IBM Security Access Manager for Enterprise, IBM Urbancode Deploy, IBM Tivoli Application Dependency Discovery Manager, IBM Tivoli Netcool Impact, Watson Knowledge Catalog InstaScan
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Kritische Sicherheitslücke: Gitlab-Update außer der Reihe ∗∗∗
---------------------------------------------
Die Gitlab-Entwickler haben ein Update veröffentlicht, um Sicherheitslücken zu schließen. Eine kritische Lücke könnte Angreifern die Kontoübernahme ermöglichen.
---------------------------------------------
https://heise.de/-6660080
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (wireshark), Fedora (389-ds-base), Mageia (golang, wavpack, and zlib), openSUSE (yaml-cpp), SUSE (expat and yaml-cpp), and Ubuntu (linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-5.4, linux-azure, linux-gcp, linux-gcp-5.13, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-aws-hwe, linux-gcp-4.15, linux-oracle, linux-intel-5.13, and tomcat9).
---------------------------------------------
https://lwn.net/Articles/889983/
∗∗∗ Sicherheitsupdates: iOS 15.4.1 und macOS Monterey 12.3.1 ∗∗∗
---------------------------------------------
Apple hat zum 31. März 2022 zwei Sicherheitsupdates für macOS 12.3.1 (Monterey) und iOS/iPad OS 15.4.1 freigegeben. Diese schließen die Schwachstellen CVE-2022-22675 (in AppleAVD für iOS und macOS) und CVE-2022-22674 im macOS Intel Grafiktreiber.
---------------------------------------------
https://www.borncity.com/blog/2022/04/01/sicherheitsupdates-ios-15-4-1-und-macos-monterey-12-3-1/
∗∗∗ K56241216: OpenLDAP vulnerabilities CVE-2020-25709 and CVE-2020-25710 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K56241216
∗∗∗ K44994972: Linux kernel vulnerability CVE-2020-25704 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K44994972
∗∗∗ Schneider Electric SCADAPack Workbench ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-01
∗∗∗ Hitachi Energy e-mesh EMS ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-02
∗∗∗ Fuji Electric Alpha5 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03
∗∗∗ Mitsubishi Electric FA Products ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04
∗∗∗ General Electric Renewable Energy MDS Radios ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-06
∗∗∗ CISA Adds Seven Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/03/31/cisa-adds-seven-known-exploited-vulnerabilities-catalog
∗∗∗ Mehrere Schwachstellen in ZA|ARC (SYSS-2021-063/-064/-065/-066/-067) ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/mehrere-schwachstellen-in-zaarc-syss-2021-063/-064/-065/-066/-067
∗∗∗ SA45100 - CVE-2022-0778-OpenSSL-Vulnerability may lead to DoS attack ∗∗∗
---------------------------------------------
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/CVE-2022-0778-OpenSSL-Vulnerability-may-lead-to-DoS-attack
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list