[CERT-daily] Tageszusammenfassung - 04.03.2022
Daily end-of-shift report
team at cert.at
Fri Mar 4 18:09:37 CET 2022
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 03-03-2022 18:00 − Freitag 04-03-2022 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ 8-Character Passwords Can Be Cracked in Less than 60 Minutes ∗∗∗
---------------------------------------------
Researchers say passwords with less than seven characters can be hacked "instantly."
---------------------------------------------
https://www.darkreading.com/attacks-breaches/8-character-passwords-can-be-cracked-in-less-than-60-minutes
∗∗∗ 5 Risks That Can Cause Your Website to Get Reinfected ∗∗∗
---------------------------------------------
Re-infections are one of the most frustrating encounters site owners experience. Like a game of whack-a-mole, when you think you’ve found and removed everything malicious, more malicious content pops up.
---------------------------------------------
https://blog.sucuri.net/2022/03/5-risks-that-can-cause-your-website-to-get-reinfected.html
∗∗∗ SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store ∗∗∗
---------------------------------------------
NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay Android banking malware.
---------------------------------------------
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
∗∗∗ Nvidias geleakte Code-Signing-Zertifikate missbraucht ∗∗∗
---------------------------------------------
Die Einbrecher haben bei Nvidia auch Code-Signing-Zertifikate entwendet und veröffentlicht. Mit denen werden nun Angriffs-Tools signiert.
---------------------------------------------
https://heise.de/-6537255
∗∗∗ Betrügerische Spendenaufrufe: Kriminelle missbrauchen Krieg in der Ukraine ∗∗∗
---------------------------------------------
Um Menschen in der Ukraine finanziell zu unterstützen, gibt es derzeit zahlreiche Möglichkeiten. Doch auch Kriminelle missbrauchen diese Situation und erstellen betrügerische Webseiten mit Spendenaufrufen.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-spendenaufrufe-kriminelle-missbrauchen-krieg-in-der-ukraine/
∗∗∗ A Backdoor Lockpick ∗∗∗
---------------------------------------------
In early September, 2021, a fairly ordinary and inexpensive residential router came into the Zero Day research team’s possession.
---------------------------------------------
https://medium.com/tenable-techblog/a-backdoor-lockpick-d847a83f4496
∗∗∗ Die Renaissance des Cybervigilantismus ∗∗∗
---------------------------------------------
Der Krieg zwischen Russland und der Ukraine hat als - bis zu einem gewissen Grad überraschenden - Nebeneffekt die Renaissance von Software, die der durch Anonymous bekannt und populär gemachten, zu DDoS-Zwecken verwendeten "Low Orbit Ion Cannon" ähnelt. Dutzende solcher Programme oder auf dem selben Prinzip basierende Webseiten werden aktuell auf den sozialen Netzwerken verteilt und fast schon begeistert von vielen Menschen genutzt.
---------------------------------------------
https://cert.at/de/blog/2022/3/die-renaissance-des-cybervigilantismus
∗∗∗ NSA Releases Network Infrastructure Security Guidance ∗∗∗
---------------------------------------------
The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/03/03/nsa-releases-network-infrastructure-security-guidance
=====================
= Vulnerabilities =
=====================
∗∗∗ Amazon Alexa can be hijacked via commands from own speaker ∗∗∗
---------------------------------------------
Without a critical update, Amazon Alexa devices could wake themselves up and start executing audio commands issued by a remote attacker, according to infosec researchers at Royal Holloway, University of London.
---------------------------------------------
https://www.theregister.com/2022/03/03/amazon_alexa_speaker_vuln/
∗∗∗ New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape? ∗∗∗
---------------------------------------------
CVE-2022-0492 marks a logical bug in control groups (cgroups), a Linux feature that is a fundamental building block of containers.
---------------------------------------------
https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/
∗∗∗ Kritische Root-Lücken gefährden Ciscos Fernzugriff-Software Expressway Series ∗∗∗
---------------------------------------------
Der Netzwerkhersteller Cisco hat wichtige Sicherheitsupdates für Expressway Series, StarOS & Co. veröffentlicht.
---------------------------------------------
https://heise.de/-6537019
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (varnish), Fedora (barrier and polkit), openSUSE (bitcoin, conmon, libcontainers-common, libseccomp, podman, firefox, nodejs-electron, nodejs8, php7, and webkit2gtk3), SUSE (conmon, libcontainers-common, libseccomp, podman, cyrus-sasl, expat, firefox, nodejs8, php7, tomcat, and webkit2gtk3), and Ubuntu (containerd).
---------------------------------------------
https://lwn.net/Articles/886792/
∗∗∗ pfSense-pkg-WireGuard vulnerable to directory traversal ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN85572374/
∗∗∗ B&R APROL and B&R APROL: A flaw in Chainsaw component of Log4j can lead to code execution ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1644947115875-en-original-1.0.pdf
∗∗∗ Security Bulletin: IBM Security QRadar SOAR is using a component vulnerable to Cross Site Scripting (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-soar-is-using-a-component-vulnerable-to-cross-site-scripting-cve-2021-41182-cve-2021-41183-cve-2021-41184/
∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where mmfsd daemon can be prevented from servicing requests (CVE-2020-4925) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-mmfsd-daemon-can-be-prevented-from-servicing-requests-cve-2020-4925-2/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security QRadar SOAR ( CVE-2021-35560, CVE-2021-35578, CVE-2021-35564, CVE-2021-35565, CVE-2021-35588) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-security-qradar-soar-cve-2021-35560-cve-2021-35578-cve-2021-35564-cve-2021-35565-cve-2021-35588/
∗∗∗ Security Bulletin: Multiple Vulnerabilities in Sterling Connect:Direct Browser User Interface ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-sterling-connectdirect-browser-user-interface/
∗∗∗ Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to IBM Dojo (CVE-2021-234550), Java SE (CVE-2021-35578), IBM WebSphere Application Server – Liberty (CVE-2021-39031), Apache Log4j (CVE-2021-44832) and Gson ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-control-is-vulnerable-to-multiple-weaknesses-related-to-ibm-dojo-cve-2021-234550-java-se-cve-2021-35578-ibm-websphere-application-server-liberty-cve-2021-39031/
∗∗∗ Trailer Power Line Communications (PLC) J2497 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-063-01
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list