[CERT-daily] Tageszusammenfassung - 21.03.2022

Mon Mar 21 18:41:15 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 18-03-2022 18:00 − Montag 21-03-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Elden Ring: Hacker zerstören Spielstände ∗∗∗
---------------------------------------------
Invasionen feindlicher Spieler sind noch gefährlicher geworden, denn eine Sicherheitslücke kann Elden Ring zum Absturz zu bringen.
---------------------------------------------
https://www.golem.de/news/elden-ring-hacker-zerstoeren-spielstaende-2203-164001-rss.html


∗∗∗ Sicherheitsanalyse zum Industrieprotokoll OPC UA aktualisiert ∗∗∗
---------------------------------------------
Die Studie des BSI liefert eine Bewertung der spezifizierten und realisierten Sicherheitsfunktionen von OPC UA.
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Studie-OPC-UA_220321.html


∗∗∗ Willhaben-VerkäuferInnen aufgepasst: Kurierdienst von Willhaben ist Betrug ∗∗∗
---------------------------------------------
Auf willhaben.at inseriert? Dann nehmen Sie sich vor betrügerischen KäuferInnen in Acht! Betrügerische KäuferInnen schlagen Ihnen vor, die Zahlung und Übergabe der Ware über den „Kurierdienst PayLivery AG“ vorzunehmen. Der Link zur Webseite, auf der dieser „Kurierdienst“ beschrieben wird, wird gleich mitgesendet. Vorsicht: Diesen Kurierdienst gibt es gar nicht. Die Webseite willhaben-at.shop/help.html ist gefälscht und gehört nicht zu willhaben.at!
---------------------------------------------
https://www.watchlist-internet.at/news/willhaben-verkaeuferinnen-aufgepasst-kurierdienst-von-willhaben-ist-betrug/


∗∗∗ Free decryptor released for TrickBot gangs Diavol ransomware ∗∗∗
---------------------------------------------
Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-trickbot-gangs-diavol-ransomware/


∗∗∗ New Phishing toolkit lets anyone create fake Chrome browser windows ∗∗∗
---------------------------------------------
A phishing kit has been released that allows red teamers and wannabe cybercriminals to create effective single sign-on phishing login forms using fake Chrome browser windows.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-lets-anyone-create-fake-chrome-browser-windows/


∗∗∗ Meet Exotic Lily, access broker for ransomware and other malware peddlers ∗∗∗
---------------------------------------------
Exotic Lily is the name given to a group of cybercriminals that specialized as an initial access broker, serving groups like Conti and Diavol ransomware.
---------------------------------------------
https://blog.malwarebytes.com/threat-spotlight/2022/03/meet-exotic-lily-access-broker-for-ransomware-and-other-malware-peddlers/


∗∗∗ APT35 Automates Initial Access Using ProxyShell ∗∗∗
---------------------------------------------
In December 2021, we observed an adversary exploiting the Microsoft Exchange ProxyShell vulnerabilities to gain initial access and execute code via multiple web shells. The overlap of activities and tasks [...]
---------------------------------------------
https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Kritische Sicherheitslücke in Western Digital EdgeRover geschlossen ∗∗∗
---------------------------------------------
Ein Sicherheitsupdate für Western Digitals Datenverwaltungsanwendung EdgeRover sperrt Angreifer aus.
---------------------------------------------
https://heise.de/-6594172


∗∗∗ A Bug That Doesnt Want To Die (CVE-2021-34484) ∗∗∗
---------------------------------------------
In November we issued a micropatch for a local privilege escalation in User Profile Service. This vulnerability was found and reported to Microsoft by security researcher Abdelhamid Naceri and assigned CVE-2021-34484 when initially fixed. Abdelhamid subsequently noticed that Microsofts patch was incomplete and wrote a POC to bypass it. Based on that information, we were able to create a micropatch for what was then considered a 0day [...]
---------------------------------------------
https://blog.0patch.com/2022/03/a-bug-that-doesnt-want-to-die-cve-2021.html


∗∗∗ Micropatching Unpatched Local Privilege Escalation in Mobile Device Management Service (CVE-2021-24084 / 0day) ∗∗∗
---------------------------------------------
Update 3/21/2022: Microsofts fix for this issue turned out to be flawed. We ported our micropatches to all affected Windows versions and made them all FREE for everyone again.
---------------------------------------------
https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bind9, chromium, libgit2, libpano13, paramiko, usbredir, and wordpress), Fedora (expat, kernel, openexr, thunderbird, and wordpress), openSUSE (chromium, frr, and weechat), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), SUSE (frr), and Ubuntu (imagemagick).
---------------------------------------------
https://lwn.net/Articles/888686/


∗∗∗ OTRS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K22-0332


∗∗∗ MISP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K22-0331


∗∗∗ Security Bulletin: IBM Security Guardium is vulnerable to arbitrary code execution due to Apache log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities fixed in IBM Maximo Application Suite Monitor ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-fixed-in-ibm-maximo-application-suite-monitor/


∗∗∗ Security Bulletin: IBM Answer Retrieval for Watson Discovery is vulnerable to phishing attacks due to Swagger UI (CVE number(s) 221508) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-answer-retrieval-for-watson-discovery-is-vulnerable-to-phishing-attacks-due-to-swagger-ui-cve-numbers-221508/


∗∗∗ Security Bulletin: urllib upgrade CVE-2021-33503, CVE-2021-28363 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-urllib-upgrade-cve-2021-33503-cve-2021-28363/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-11/


∗∗∗ Security Bulletin: IBM Spectrum Protect 8.1.14.000 Server is vulnerable to bypass of security restrictions (CVE-2022-22394) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-8-1-14-000-server-is-vulnerable-to-bypass-of-security-restrictions-cve-2022-22394/


∗∗∗ Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-2369) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2021-2369/


∗∗∗ Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2020-14781) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2020-14781/


∗∗∗ Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-2161) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2021-2161/


∗∗∗ Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35550) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2021-35550/


∗∗∗ Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35578) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2021-35578/


∗∗∗ Security Bulletin: A vulnerability in Java SE related to the Libraries component affects IBM Control Center (CVE-2020-14782) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-related-to-the-libraries-component-affects-ibm-control-center-cve-2020-14782/


∗∗∗ Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2020-2773) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2020-2773/


∗∗∗ Security Bulletin: Vulnerabilities in Java SE and Eclipse OpenJ9 affect IBM Control Center (CVE-2020-14803 & CVE-2020-27221) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-se-and-eclipse-openj9-affect-ibm-control-center-cve-2020-14803-cve-2020-27221/


∗∗∗ Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35603) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2021-35603/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily