[CERT-daily] Tageszusammenfassung - 25.02.2022
Daily end-of-shift report
team at cert.at
Fri Feb 25 18:12:10 CET 2022
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 24-02-2022 18:00 − Freitag 25-02-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ US and UK expose new malware used by MuddyWater hackers ∗∗∗
---------------------------------------------
MuddyWater is "targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/us-and-uk-expose-new-malware-used-by-muddywater-hackers/
∗∗∗ Jester Stealer malware adds more capabilities to entice hackers ∗∗∗
---------------------------------------------
An infostealing piece of malware called Jester Stealer has been gaining popularity in the underground cybercrime community for its functionality and affordable prices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/jester-stealer-malware-adds-more-capabilities-to-entice-hackers/
∗∗∗ Cyberangriffe im Ukraine-Krieg: BSI warnt Behörden und Unternehmen nachdrücklich ∗∗∗
---------------------------------------------
Das BSI hat ein weiteres Warnschreiben an Unternehmen und Behörden geschickt. Demnach gibt es Netzwerkscans und erste Wiper in Partnerstaaten.
---------------------------------------------
https://www.golem.de/news/cyberangriffe-im-ukraine-krieg-bsi-warnt-behoerden-und-unternehmen-nachdruecklich-2202-163457-rss.html
∗∗∗ Some details of the DDoS attacks targeting Ukraine and Russia in recent days ∗∗∗
---------------------------------------------
At 360Netlab, we continuously track botnets on a global scale through our BotMon system. In particular, for DDoS-related botnets, we further tap into their C2 communications to enable us really see the details of the attacks.
---------------------------------------------
https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/
∗∗∗ Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure ∗∗∗
---------------------------------------------
The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years.
---------------------------------------------
https://thehackernews.com/2022/02/notorious-trickbot-malware-gang-shuts.html
∗∗∗ „ID-app aktivieren“: Betrügerisches Mail im Namen der Volksbank im Umlauf ∗∗∗
---------------------------------------------
Kriminelle versenden derzeit betrügerische E-Mails im Namen der Volksbank, in der dazu aufgefordert wird die ID-app zu aktivieren. Diese App wird von der Volksbank tatsächlich angeboten, um mehr Sicherheit zu gewährleisten. In diesem Fall missbrauchen aber Kriminelle diese Sicherheitsmaßnahme, um an Ihre Zugangsdaten zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/id-app-aktivieren-betruegerisches-mail-im-namen-der-volksbank-im-umlauf/
∗∗∗ Russia-Ukraine Crisis: How to Protect Against the Cyber Impact (Updated Feb. 24 to Include New Information on DDoS, HermeticWiper and Defacement) ∗∗∗
---------------------------------------------
We provide an overview of known cyberthreats related to the Russia-Ukraine crisis including DDoS attacks, HermeticWiper and defacement and share recommendations for proactive defense.
---------------------------------------------
https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/
∗∗∗ Mac-Malware auf dem Vormarsch ∗∗∗
---------------------------------------------
Die Sicherheitsgefahren für mobile Geräte und Macs nehmen zu. Festgestellt wurden die Mac-Malware-Familien Cimpli, Pirrit, Imobie, Shlayer und Genieo.
---------------------------------------------
https://www.zdnet.de/88399571/mac-malware-auf-dem-vormarsch/
∗∗∗ Threat Update – Ukraine & Russia conflict ∗∗∗
---------------------------------------------
In this report, NVISO CTI describes the cyber threat landscape of Ukraine and by extension the current situation.
---------------------------------------------
https://blog.nviso.eu/2022/02/24/threat-update-ukraine-russia-tensions/
∗∗∗ New Infostealer ‘ColdStealer’ Being Distributed ∗∗∗
---------------------------------------------
The ASEC analysis team has discovered the distribution of ColdStealer that appears to be a new type of infostealer.
---------------------------------------------
https://asec.ahnlab.com/en/32090/
=====================
= Vulnerabilities =
=====================
∗∗∗ Sicherheitsupdates: Java- und Kernel-Lücken in IBM AIX bedrohen Server ∗∗∗
---------------------------------------------
Angreifer könnten Server mit IBM AIX attackieren und im schlimmsten Fall die volle Kontrolle über Systeme erlangen.
---------------------------------------------
https://heise.de/-6526120
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (dotnet6.0, kernel, libarchive, libxml2, and wireshark), openSUSE (opera), Oracle (cyrus-sasl), Red Hat (cyrus-sasl, python-pillow, and ruby:2.5), Scientific Linux (cyrus-sasl), and Ubuntu (snapd).
---------------------------------------------
https://lwn.net/Articles/886124/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-http-server-used-by-ibm-websphere-application-server-due-to-expat-vulnerabilities/
∗∗∗ Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832-4/
∗∗∗ Security Bulletin: CVE-2021-35550 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35550-may-affect-ibm-sdk-java-technology-edition/
∗∗∗ Security Bulletin: Vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-se-affect-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data/
∗∗∗ Security Bulletin: CVE-2021-35603 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35603-may-affect-ibm-sdk-java-technology-edition/
∗∗∗ Security Bulletin: Vulnerability in the AIX smbcd daemon (CVE-2021-38993) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-the-aix-smbcd-daemon-cve-2021-38993/
∗∗∗ Security Bulletin: IBM PowerVM Novalink is vulnerable to provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-powervm-novalink-is-vulnerable-to-provide-weaker-than-expected-security-a-remote-attacker-could-exploit-this-weakness-to-obtain-sensitive-information-and-gain-unauthorized-acce/
∗∗∗ Security Bulletin: IBM PowerVM Novalink could allow a remote authenticated attacker to conduct an LDAP injection. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-powervm-novalink-could-allow-a-remote-authenticated-attacker-to-conduct-an-ldap-injection/
∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM Application Server Liberty due to January 2022 CPU plus deferred CVE-2021-35550 and CVE-2021-35603 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-application-server-and-ibm-application-server-liberty-due-to-january-2022-cpu-plus-deferred-cve-2021-35550-and-cv/
∗∗∗ Mozilla VPN local privilege escalation via uncontrolled OpenSSL search path ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/
∗∗∗ FATEK Automation FvDesigner ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-055-01
∗∗∗ Mitsubishi Electric EcoWebServerIII ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-055-02
∗∗∗ Schneider Electric Easergy P5 and P3 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-055-03
∗∗∗ Baker Hughes Bently Nevada 3500 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-231-02
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list