[CERT-daily] Tageszusammenfassung - 15.07.2022

Fri Jul 15 18:49:20 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-07-2022 18:00 − Freitag 15-07-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Callback-Phishing: Dringender Rückruf erbeten ∗∗∗
---------------------------------------------
Angreifer geben sich in E-Mails als Sicherheitsunternehmen aus und bitten um einen Rückruf. Doch statt einer Überprüfung wird der Rechner gehackt.
---------------------------------------------
https://www.golem.de/news/callback-phishing-dringender-rueckruf-erbeten-2207-166913.html


∗∗∗ Android-Malware mit 3 Millionen Installationen aus Google Play entfernt ∗∗∗
---------------------------------------------
Die Android-Malware Autolycos hat es auf insgesamt drei Millionen Installationen gebracht. Nach der Entdeckung hat Google die betroffenen Apps entfernt.
---------------------------------------------
https://heise.de/-7180469


∗∗∗ Windows Autopatch ab sofort allgemein verfügbar ∗∗∗
---------------------------------------------
Automatisch abgesicherte Updates für Windows verspricht Microsoft mit Autopatch – Administratoren steht so deutlich weniger händische Arbeit ins Haus.
---------------------------------------------
https://heise.de/-7180876


∗∗∗ Was kann ich bei Problemen mit Klarna tun? ∗∗∗
---------------------------------------------
„Das Produkt ist noch gar nicht gekommen, trotzdem will Klarna, das ich bezahle.“ „Klarna schickt trotz Rücksendung Mahnungen.“ „Ich habe Ramsch bekommen, Klarna fordert aber eine Zahlung.“ Immer wieder berichten uns Konsument:innen von Problemen mit Klarna und sind ratlos. Wir zeigen Ihnen, was Sie bei ungerechtfertigten Zahlungsaufforderungen und Mahnungen von Klarna tun können.
---------------------------------------------
https://www.watchlist-internet.at/news/was-kann-ich-bei-problemen-mit-klarna-tun/


∗∗∗ YouTuber-Cash: Vorsicht vor Abzocke ∗∗∗
---------------------------------------------
YouTube-Videos schauen und damit Geld verdienen? Angebote wie das von youtuber.ltd klingen verlockend, doch statt der Auszahlung warten Abzocke-Maschen auf Sie. Vertrauen Sie keinen Versprechen online, schnell viel Geld zu verdienen! Die Kriminellen, die hinter diesen Angeboten stecken sind lediglich auf Ihre Daten oder Ihr Geld aus.
---------------------------------------------
https://www.watchlist-internet.at/news/youtuber-cash-vorsicht-vor-abzocke/


∗∗∗ WordPress: Schwachstelle in Kaswara Modern WPBakery Page Builder wird angegriffen ∗∗∗
---------------------------------------------
WordPress-Nutzer, die das Kaswara Modern WPBakery Page Builder im Einsatz haben, sollten zügig handeln. In älteren Fassungen ist die Schwachstelle CVE-2021-24284 enthalten, die eine Übernahme der WordPress-Installation ermöglicht.
---------------------------------------------
https://www.borncity.com/blog/2022/07/15/wordpress-schwachstelle-in-kaswara-modern-wpbakery-page-builder-wird-angegriffen/


∗∗∗ New Phishing Kit Hijacks WordPress Sites for PayPal Scam ∗∗∗
---------------------------------------------
Attackers use scam security checks to steal victims government documents, photos, banking information, and email passwords, researchers warn.
---------------------------------------------
https://www.darkreading.com/attacks-breaches/new-phishing-kit-hijacks-wordpress-sites-for-paypal-scam


∗∗∗ The real reason why malware detection is hard—and underestimated ∗∗∗
---------------------------------------------
Researchers develop an AI with a 98% malware detection rate and 5% false positive rate. If you think this is a splendid technology for antivirus software, this article might change your mind.
---------------------------------------------
https://www.gdatasoftware.com/blog/2022/06/37445-malware-detection-is-hard


∗∗∗ Month of PowerShell: Working with Log Files ∗∗∗
---------------------------------------------
In this article we look at how we can leverage PowerShells object-passing pipeline to parse and retrieve data from an IIS web server log file.
---------------------------------------------
https://www.sans.org/blog/powershell-working-with-log-files


∗∗∗ Software Vendors Start Patching Retbleed CPU Vulnerabilities ∗∗∗
---------------------------------------------
Vendors have started rolling out software updates to address the recently disclosed Retbleed speculative execution attack targeting Intel and AMD processors.
---------------------------------------------
https://www.securityweek.com/software-vendors-start-patching-retbleed-cpu-vulnerabilities


∗∗∗ Powerful Mantis DDoS Botnet Hits 1,000 Organizations in One Month ∗∗∗
---------------------------------------------
Web protection firm Cloudflare warns that a small but powerful botnet has launched distributed denial-of-service (DDoS) attacks on roughly 1,000 organizations over the past month alone.
---------------------------------------------
https://www.securityweek.com/powerful-mantis-ddos-botnet-hits-1000-organizations-one-month


∗∗∗ Digium Phones Under Attack: Insight Into the Web Shell Implant ∗∗∗
---------------------------------------------
We witnessed more than 500,000 unique samples of malicious traffic targeting Digium Asterisk software for VoIP phone devices.
---------------------------------------------
https://unit42.paloaltonetworks.com/digium-phones-web-shell/


∗∗∗ CVE-2022-30136: Microsoft Windows Network File System v4 Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Quintin Crist of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Windows operating system, originally discovered and reported by Yuki Chen. The bug is found in the implementation of Network File System (NFS)and is due to improper handling of NFSv4 requests. An unauthenticated attacker could exploit this bug to execute arbitrary code in the context of SYSTEM.
---------------------------------------------
https://www.thezdi.com/blog/2022/7/13/cve-2022-30136-microsoft-windows-network-file-system-v4-remote-code-execution-vulnerability


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Update Available for Adobe InDesign APSB22-30 ∗∗∗
---------------------------------------------
Adobe has released a security update for Adobe InDesign. This update addresses multiple critical and an important vulnerability. Successful exploitation could lead to arbitrary code execution and memory leak.
---------------------------------------------
https://helpx.adobe.com/security/products/indesign/apsb22-30.html


∗∗∗ Security Update Available for Adobe InCopy APSB22-29 ∗∗∗
---------------------------------------------
Adobe has released a security update for Adobe InCopy. This update addresses multiple  critical and an important vulnerability. Successful exploitation could lead to arbitrary code execution and memory leak.
---------------------------------------------
https://helpx.adobe.com/security/products/incopy/apsb22-29.html


∗∗∗ ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access ∗∗∗
---------------------------------------------
ABB is aware of private reports of a vulnerability in the flow computer and remote controller product versions listed above. A flash update is available that resolves the vulnerability in the product versions listed above. Mitigation can be accomplished by proper network segmentation [...]
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0927&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (webkit2gtk and wpewebkit), Fedora (curl, kernel, openssl1.1, php, subversion, xorg-x11-server, and xorg-x11-server-Xwayland), Oracle (grub2), SUSE (gnutls, kernel, logrotate, oracleasm, p11-kit, and python-PyJWT), and Ubuntu (libhttp-daemon-perl and python2.7, python3.10, python3.4, python3.5, python3.6, python3.8, python3.9).
---------------------------------------------
https://lwn.net/Articles/901412/


∗∗∗ Grafana: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Grafana ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen und Sicherheitsmaßnahmen zu umgehen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0696


∗∗∗ SonicWall Hosted Email Security Capture ATP Bypass ∗∗∗
---------------------------------------------
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance.
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0014


∗∗∗ OpenSSL c_rehash script allows command injection CVE-2022-1292 ∗∗∗
---------------------------------------------
A critical vulnerability (CVE-2022-1292) was found in OpenSSL c_rehash script. This is due to shell metacharacters not being properly sanitized, resulting in command injection. An attacker could execute arbitrary commands with the privileges of the script. After review, it has been determined that vulnerability tracked as CVE-2022-1292 is not applicable to the SonicWall product suite. However, SonicWall has decided to update the impacted OpenSSL package to the fixed version (OpenSSL 1.1.1o) [...]
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011


∗∗∗ SolarWinds Dameware: Schwachstelle ermöglicht Nutzerzugriff ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0697


∗∗∗ Mattermost: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0695


∗∗∗ Autodesk AutoCAD: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0694


∗∗∗ Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-35618 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-35618/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-36518) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-fasterxml-jackson-databind-vulnerabilities-cve-2020-36518/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-commons-compress-affect-websphere-application-server-3/


∗∗∗ Security Bulletin: Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2022-0391) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-python-publicly-disclosed-vulnerability-in-ibm-tivoli-application-dependency-discovery-manager-cve-2022-0391-2/


∗∗∗ Security Bulletin: Vulnerability in Json-schema library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-3918) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-json-schema-library-affect-tivoli-netcool-omnibus-webgui-cve-2021-3918/


∗∗∗ Security Bulletin: Vulnerability in Axios affects IBM Process Mining . CVE-2022-1214 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-axios-affects-ibm-process-mining-cve-2022-1214/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by follow-redirects vulnerabilities (CVE-2022-0155 and CVE-2022-0536) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-follow-redirects-vulnerabilities-cve-2022-0155-and-cve-2022-0536/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily