[CERT-daily] Tageszusammenfassung - 20.04.2022

Daily end-of-shift report team at cert.at
Wed Apr 20 18:17:39 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 19-04-2022 18:00 − Mittwoch 20-04-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ CISA warns of attackers now exploiting Windows Print Spooler bug ∗∗∗
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cisa-warns-of-attackers-now-exploiting-windows-print-spooler-bug/


∗∗∗ Emotet botnet switches to 64-bit modules, increases activity ∗∗∗
---------------------------------------------
The Emotet malware is having a burst in distribution and is likely to soon switch to new payloads that are currently detected by fewer antivirus engines.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/


∗∗∗ Google: 2021 war Rekordjahr für entdeckte Zero Days ∗∗∗
---------------------------------------------
Laut Google ändert sich die Ursache der Sicherheitslücken selbst aber kaum. Größtes Problem bleiben Speicherfehler.
---------------------------------------------
https://www.golem.de/news/google-2021-war-rekordjahr-fuer-entdeckte-zero-days-2204-164711-rss.html


∗∗∗ "aa" distribution Qakbot (Qbot) infection with DarkVNC traffic, (Wed, Apr 20th) ∗∗∗
---------------------------------------------
Chain of Events and IOCs of a Qakbot infection.
---------------------------------------------
https://isc.sans.edu/diary/rss/28568


∗∗∗ Phishing-Welle zu Online-Banking rollt durch Postfächer ∗∗∗
---------------------------------------------
Aktuell rollt eine Phishing-Welle durch österreichische E-Mail-Postfächer, mit der es Kriminelle vor allem auf Online-Banking-Daten abgesehen haben.
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-welle-zu-online-banking-rollt-durch-postfaecher/


∗∗∗ CISA Releases Secure Cloud Business Applications (SCuBA) Guidance Documents for Public Comment ∗∗∗
---------------------------------------------
CISA has released draft versions of two guidance documents—along with a request for comment (RFC)—that are a part of the recently launched Secure Cloud Business Applications (SCuBA) project.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/04/19/cisa-releases-secure-cloud-business-applications-scuba-guidance


∗∗∗ Investigating an engineering workstation – Part 3 ∗∗∗
---------------------------------------------
In our third blog post we will focus on information we can get from the projects itself.
---------------------------------------------
https://blog.nviso.eu/2022/04/20/investigating-an-engineering-workstation-part-3/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Elliptische Kurven: Java-Signaturprüfung lässt sich mit Nullen austricksen ∗∗∗
---------------------------------------------
Bei der Prüfung von ECDSA-Signaturen in Java fand sich ein Fehler, der dazu führt, dass man eine immer gültige Signatur erstellen kann.
---------------------------------------------
https://www.golem.de/news/elliptische-kurven-java-signaturpruefung-laesst-sich-mit-nullen-austricksen-2204-164719-rss.html


∗∗∗ Oracle stellt 520 Sicherheitspatches für sein Software-Portfolio bereit ∗∗∗
---------------------------------------------
Admins von Oracle-Anwendungen sollten die verfügbaren Aktualisierungen installieren, um zum Teil kritische Sicherheitslücken zu schließen.
---------------------------------------------
https://heise.de/-6746906


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (condor), Red Hat (389-ds:1.4, container-tools:2.0, kernel, kernel-rt, and kpatch-patch), SUSE (chrony, containerd, expat, git, icedtea-web, jsoup, jsr-305, kernel, libeconf, shadow and util-linux, protobuf, python-libxml2-python, python3, slirp4netns, sssd, vim, and wpa_supplicant), and Ubuntu (bash).
---------------------------------------------
https://lwn.net/Articles/892047/


∗∗∗ AWSs Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation ∗∗∗
---------------------------------------------
We identified severe security issues within AWS Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations.
---------------------------------------------
https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/


∗∗∗ SSA-254054: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-254054.txt


∗∗∗ Security Bulletin: IBM Emptoris Strategic Supply Management Platform is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-strategic-supply-management-platform-is-vulnerable-to-unspecified-vulnerability-due-to-oracle-database-server-cve-2021-35576/


∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by Node.js vulnerability (CVE-2021-22939) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-node-js-vulnerability-cve-2021-22939/


∗∗∗ Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-ibm-sdk-java-technology-edition-ibm-tivoli-application-dependency-discovery-manager-taddm-is-vulnerable-to-denial-of-service-2/


∗∗∗ Security Bulletin: IBM Emptoris Sourcing is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-sourcing-is-vulnerable-to-unspecified-vulnerability-due-to-oracle-database-server-cve-2021-35576/


∗∗∗ Security Bulletin: IBM Emptoris Contract Management is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-contract-management-is-vulnerable-to-unspecified-vulnerability-due-to-oracle-database-server-cve-2021-35576/


∗∗∗ Security Bulletin: IBM Emptoris Program Management is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-program-management-is-vulnerable-to-unspecified-vulnerability-due-to-oracle-database-server-cve-2021-35576/


∗∗∗ April 19, 2022   TNS-2022-09   [R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2022-09


∗∗∗ Veritas NetBackup: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0474


∗∗∗ Interlogix Hills ComNav ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-01


∗∗∗ Automated Logic WebCTRL ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-02


∗∗∗ FANUC ROBOGUIDE Simulation Platform ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-03


∗∗∗ Elcomplus SmartPPT SCADA ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-04


∗∗∗ Multiple ctrlX CORE vulnerabilities ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-029150.html


∗∗∗ MISP 2.4.158 security fix and general improvement release ∗∗∗
---------------------------------------------
https://github.com/MISP/MISP/releases/tag/v2.4.158


∗∗∗ Multiple Vulnerabilities in Apache HTTP Server ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-22-11

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list