[CERT-daily] Tageszusammenfassung - 25.04.2022

Mon Apr 25 18:15:08 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 22-04-2022 18:00 − Montag 25-04-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Einbruch in kritische Infrastrukturen: Experten zeigen, wie einfach es ist ∗∗∗
---------------------------------------------
Niederländische Forscher haben beim Hackerwettbewerb Pwn2Own demonstriert, wie leicht sich Industriesoftware übernehmen lässt, die zentrale Dienste steuert.
---------------------------------------------
https://heise.de/-7062641


∗∗∗ Netzwerkspeicher: Apple-Protokolle reißen Sicherheitslücken in Qnap-NAS ∗∗∗
---------------------------------------------
Die Unterstützung von Apples Netzwerkprotokollen durch netatalk in Qnap-NAS-Systemen bringt teils kritische Sicherheitslücken mit. Erste Updates stehen bereit.
---------------------------------------------
https://heise.de/-7064336


∗∗∗ Hacker-Gruppe Lapsus$ soll Sourcecode von T-Mobile kopiert haben ∗∗∗
---------------------------------------------
Angreifer sind mit erbeuteten Zugangsdaten in Computer-Systeme von T-Mobile eingebrochen. Kundendaten sollen nicht betroffen sein.
---------------------------------------------
https://heise.de/-7063836


∗∗∗ Fake-E-Mail von Spotify: Kriminelle versuchen Ihr Konto zu übernehmen ∗∗∗
---------------------------------------------
Kriminelle versenden momentan gefälschte Spotify-E-Mails, um Ihr Konto zu übernehmen und Kreditkartendaten zu stehlen. Nutzer:innen erhalten vom Absender „Spotify-Rechnung“ ein Schreiben, in dem ein Problem mit Ihrer Zahlung vorgetäuscht wird. Im E-Mail werden Sie gebeten, auf einen Button zu klicken. Dieser führt dann auf eine gefälschte Spotify-Login-Seite. Daten, die dort eingetippt werden, landen direkt bei Kriminellen.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-e-mail-von-spotify-kriminelle-versuchen-ihr-konto-zu-uebernehmen/


∗∗∗ New powerful Prynt Stealer malware sells for just $100 per month ∗∗∗
---------------------------------------------
Threat analysts have spotted yet another addition to the growing space of info-stealer malware infections, named Prynt Stealer, which offers powerful capabilities and extra keylogger and clipper modules.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-powerful-prynt-stealer-malware-sells-for-just-100-per-month/


∗∗∗ DDoS attacks in Q1 2022 ∗∗∗
---------------------------------------------
Against the backdrop of the conflict between Russia and Ukraine, the number of DDoS attacks in Q1 2022 increased by 4.5 times against Q1 2021. A significant proportion of them were by hacktivists.
---------------------------------------------
https://securelist.com/ddos-attacks-in-q1-2022/106358/


∗∗∗ Are Roku Streaming Devices Safe from Exploitation?, (Sat, Apr 23rd) ∗∗∗
---------------------------------------------
I have noticed in the past several weeks random scans specifically for Roku streaming devices (and likely other types) captured by my honeypot. If they can be compromised, what can be gain? Settings like stored payment information, personal information (email/password), subscription, App selected, etc. Like any other devices, it is important to keep the OS and Apps up-to-date.
---------------------------------------------
https://isc.sans.edu/diary/rss/28578


∗∗∗ Simple PDF Linking to Malicious Content, (Mon, Apr 25th) ∗∗∗
---------------------------------------------
Last week, I found an interesting piece of phishing based on a PDF file. Today, most of the PDF files that are delivered to end-user are not malicious, I mean that they dont contain an exploit to trigger a vulnerability and infect the victims computer. They are just used as a transport mechanism to deliver more malicious content. Yesterday, Didier analyzed the same kind of Word document[1]. They are more and more common because they are (usually) not blocked by common filters at the perimeter.
---------------------------------------------
https://isc.sans.edu/diary/rss/28582


∗∗∗ Researcher Releases PoC for Recent Java Cryptographic Vulnerability ∗∗∗
---------------------------------------------
A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following versions of Java SE and Oracle GraalVM Enterprise Edition - [...]
---------------------------------------------
https://thehackernews.com/2022/04/researcher-releases-poc-for-recent-java.html


∗∗∗ Defeating BazarLoader Anti-Analysis Techniques ∗∗∗
---------------------------------------------
Anti-analysis techniques make it harder for malware analysts to do their work. We cover BazarLoader anti-analysis techniques and how to defeat them.
---------------------------------------------
https://unit42.paloaltonetworks.com/bazarloader-anti-analysis-techniques/


∗∗∗ Webcam hacking: How to know if someone may be spying on you through your webcam ∗∗∗
---------------------------------------------
Camfecting doesn’t ‘just’ invade your privacy – it could seriously impact your mental health and wellbeing. Here’s how to keep an eye on your laptop camera.
---------------------------------------------
https://www.welivesecurity.com/2022/04/25/webcam-hacking-how-know-someone-spying/


∗∗∗ Quantum Ransomware ∗∗∗
---------------------------------------------
In one of the fastest ransomware cases we have observed, in under four hours the threat actors went from initial access, to domain wide ransomware. The initial access vector for [...]
---------------------------------------------
https://thedfirreport.com/2022/04/25/quantum-ransomware/


∗∗∗ FBI Releases IOCs Associated with BlackCat/ALPHV Ransomware ∗∗∗
---------------------------------------------
The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks involving BlackCat/ALPHV, a Ransomware-as-a-Service that has compromised at least 60 entities worldwide. CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000167-MW and apply the recommended mitigations.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/04/22/fbi-releases-iocs-associated-blackcatalphv-ransomware


∗∗∗ Malware analysis report on SparrowDoor malware ∗∗∗
---------------------------------------------
A technical analysis of a new variant of the SparrowDoor malware.
---------------------------------------------
https://www.ncsc.gov.uk/report/mar-sparrowdoor


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical Bug in Everscale Wallet Couldve Let Attackers Steal Cryptocurrencies ∗∗∗
---------------------------------------------
A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victims wallet.
---------------------------------------------
https://thehackernews.com/2022/04/critical-bug-in-everscale-wallet.html


∗∗∗ IBM Security Bulletins 2022-04-22 ∗∗∗
---------------------------------------------
IBM Cloud Private, IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data, IBM Sterling File Gateway, IBM Watson Explorer, IBM Planning Analytics, IBM App Connect Enterprise
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ IBM schließt kritische Sicherheitslücken in Cognos Analytics ∗∗∗
---------------------------------------------
In der Business-Intelligence-Software IBM Cognos Analytics könnten Angreifer unter anderem Schadcode einschleusen. Aktualisierte Software behebt die Probleme.
---------------------------------------------
https://heise.de/-7063645


∗∗∗ Sicherheitsupdates Atlassian Jira: Angreifer könnten Authentifizierung umgehen ∗∗∗
---------------------------------------------
Die Entwickler haben eine kritische Sicherheitslücke im Projektmanagement-Tool Jira geschlossen.
---------------------------------------------
https://heise.de/-7063649


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (kernel, kernel-headers, kernel-tools, libinput, podman-tui, and vim), Mageia (git, gzip/xz, libdxfrw, libinput, librecad, and openscad), and SUSE (dnsmasq, git, libinput, libslirp, libxml2, netty, podofo, SDL, SDL2, and tomcat).
---------------------------------------------
https://lwn.net/Articles/892536/


∗∗∗ Opportunistic Exploitation of WSO2 CVE-2022-29464 ∗∗∗
---------------------------------------------
On April 18, 2022, MITRE published CVE-2022-29464, an unrestricted file upload vulnerability affecting various WSO2 products.
---------------------------------------------
https://www.rapid7.com/blog/post/2022/04/22/opportunistic-exploitation-of-wso2-cve-2022-29464/


∗∗∗ FreeRADIUS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0496


∗∗∗ Multiple Vulnerabilities in Netatalk ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-22-12

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily