[CERT-daily] Tageszusammenfassung - 20.04.2022
Daily end-of-shift report
team at cert.at
Wed Apr 20 18:17:39 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 19-04-2022 18:00 − Mittwoch 20-04-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ CISA warns of attackers now exploiting Windows Print Spooler bug ∗∗∗
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cisa-warns-of-attackers-now-exploiting-windows-print-spooler-bug/
∗∗∗ Emotet botnet switches to 64-bit modules, increases activity ∗∗∗
---------------------------------------------
The Emotet malware is having a burst in distribution and is likely to soon switch to new payloads that are currently detected by fewer antivirus engines.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/
∗∗∗ Google: 2021 war Rekordjahr für entdeckte Zero Days ∗∗∗
---------------------------------------------
Laut Google ändert sich die Ursache der Sicherheitslücken selbst aber kaum. Größtes Problem bleiben Speicherfehler.
---------------------------------------------
https://www.golem.de/news/google-2021-war-rekordjahr-fuer-entdeckte-zero-days-2204-164711-rss.html
∗∗∗ "aa" distribution Qakbot (Qbot) infection with DarkVNC traffic, (Wed, Apr 20th) ∗∗∗
---------------------------------------------
Chain of Events and IOCs of a Qakbot infection.
---------------------------------------------
https://isc.sans.edu/diary/rss/28568
∗∗∗ Phishing-Welle zu Online-Banking rollt durch Postfächer ∗∗∗
---------------------------------------------
Aktuell rollt eine Phishing-Welle durch österreichische E-Mail-Postfächer, mit der es Kriminelle vor allem auf Online-Banking-Daten abgesehen haben.
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-welle-zu-online-banking-rollt-durch-postfaecher/
∗∗∗ CISA Releases Secure Cloud Business Applications (SCuBA) Guidance Documents for Public Comment ∗∗∗
---------------------------------------------
CISA has released draft versions of two guidance documents—along with a request for comment (RFC)—that are a part of the recently launched Secure Cloud Business Applications (SCuBA) project.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/04/19/cisa-releases-secure-cloud-business-applications-scuba-guidance
∗∗∗ Investigating an engineering workstation – Part 3 ∗∗∗
---------------------------------------------
In our third blog post we will focus on information we can get from the projects itself.
---------------------------------------------
https://blog.nviso.eu/2022/04/20/investigating-an-engineering-workstation-part-3/
=====================
= Vulnerabilities =
=====================
∗∗∗ Elliptische Kurven: Java-Signaturprüfung lässt sich mit Nullen austricksen ∗∗∗
---------------------------------------------
Bei der Prüfung von ECDSA-Signaturen in Java fand sich ein Fehler, der dazu führt, dass man eine immer gültige Signatur erstellen kann.
---------------------------------------------
https://www.golem.de/news/elliptische-kurven-java-signaturpruefung-laesst-sich-mit-nullen-austricksen-2204-164719-rss.html
∗∗∗ Oracle stellt 520 Sicherheitspatches für sein Software-Portfolio bereit ∗∗∗
---------------------------------------------
Admins von Oracle-Anwendungen sollten die verfügbaren Aktualisierungen installieren, um zum Teil kritische Sicherheitslücken zu schließen.
---------------------------------------------
https://heise.de/-6746906
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (condor), Red Hat (389-ds:1.4, container-tools:2.0, kernel, kernel-rt, and kpatch-patch), SUSE (chrony, containerd, expat, git, icedtea-web, jsoup, jsr-305, kernel, libeconf, shadow and util-linux, protobuf, python-libxml2-python, python3, slirp4netns, sssd, vim, and wpa_supplicant), and Ubuntu (bash).
---------------------------------------------
https://lwn.net/Articles/892047/
∗∗∗ AWSs Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation ∗∗∗
---------------------------------------------
We identified severe security issues within AWS Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations.
---------------------------------------------
https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/
∗∗∗ SSA-254054: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-254054.txt
∗∗∗ Security Bulletin: IBM Emptoris Strategic Supply Management Platform is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-strategic-supply-management-platform-is-vulnerable-to-unspecified-vulnerability-due-to-oracle-database-server-cve-2021-35576/
∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by Node.js vulnerability (CVE-2021-22939) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-node-js-vulnerability-cve-2021-22939/
∗∗∗ Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-ibm-sdk-java-technology-edition-ibm-tivoli-application-dependency-discovery-manager-taddm-is-vulnerable-to-denial-of-service-2/
∗∗∗ Security Bulletin: IBM Emptoris Sourcing is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-sourcing-is-vulnerable-to-unspecified-vulnerability-due-to-oracle-database-server-cve-2021-35576/
∗∗∗ Security Bulletin: IBM Emptoris Contract Management is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-contract-management-is-vulnerable-to-unspecified-vulnerability-due-to-oracle-database-server-cve-2021-35576/
∗∗∗ Security Bulletin: IBM Emptoris Program Management is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-program-management-is-vulnerable-to-unspecified-vulnerability-due-to-oracle-database-server-cve-2021-35576/
∗∗∗ April 19, 2022 TNS-2022-09 [R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2022-09
∗∗∗ Veritas NetBackup: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0474
∗∗∗ Interlogix Hills ComNav ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-01
∗∗∗ Automated Logic WebCTRL ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-02
∗∗∗ FANUC ROBOGUIDE Simulation Platform ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-03
∗∗∗ Elcomplus SmartPPT SCADA ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-04
∗∗∗ Multiple ctrlX CORE vulnerabilities ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-029150.html
∗∗∗ MISP 2.4.158 security fix and general improvement release ∗∗∗
---------------------------------------------
https://github.com/MISP/MISP/releases/tag/v2.4.158
∗∗∗ Multiple Vulnerabilities in Apache HTTP Server ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-22-11
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list