[CERT-daily] Tageszusammenfassung - 02.05.2022

Daily end-of-shift report team at cert.at
Mon May 2 18:11:11 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 29-04-2022 18:00 − Montag 02-05-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Fake Windows 10 updates infect you with Magniber ransomware ∗∗∗
---------------------------------------------
Fake Windows 10 updates on crack sites are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/


∗∗∗ REvil ransomware returns: New malware sample confirms gang is back ∗∗∗
---------------------------------------------
The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/


∗∗∗ Fake-YouTube-Videos mit Elon Musk führen zu Betrug mit Kryptowährung ∗∗∗
---------------------------------------------
Kriminelle fälschen Videos mit Elon Musk. In diesen Videos erhalten Zuseher:innen angeblich ein Geschenk von Musk. Er bietet die Möglichkeit, Bitcoins oder Ethereum zu verdoppeln. Und das ganz einfach: Sie überweisen Kryptowährung an ein bestimmtes Wallet und erhalten das Doppelte zurück. Achtung: Sie überweisen an Kriminelle und verlieren Geld!
---------------------------------------------
https://www.watchlist-internet.at/news/fake-youtube-videos-mit-elon-musk-fuehren-zu-betrug-mit-kryptowaehrung/


∗∗∗ Analysis on recent wiper attacks: examples and how wiper malware works ∗∗∗
---------------------------------------------
This blog post looks to explain how wipers work, what makes them so effective and provides a short overview of the most recent samples that appeared in the eastern Europe geopolitical conflict.
---------------------------------------------
https://cybersecurity.att.com/blogs/labs-research/analysis-on-recent-wiper-attacks-examples-and-how-they-wiper-malware-works



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ffmpeg, ghostscript, libarchive, and tinyxml), Fedora (CuraEngine, epiphany, gzip, usd, vim, xen, and xz), Oracle (maven-shared-utils and qemu), Red Hat (gzip, python27-python and python27-python-pip, rh-maven36-maven-shared-utils, rh-python38-python, rh-python38-python-lxml, and rh-python38-python-pip, and zlib), Slackware (pidgin), SUSE (jasper, java-11-openjdk, libcaca, libslirp, mariadb, mutt, nodejs12, opera, and python-Twisted), [...]
---------------------------------------------
https://lwn.net/Articles/893440/


∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to stack-based buffer overflow in GNU C Library (CVE-2022-23219) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-stack-based-buffer-overflow-in-gnu-c-library-cve-2022-23219/


∗∗∗ Security Bulletin: IBM Integration Designer is vulnerable to arbitrary code execution because of Apache Log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-designer-is-vulnerable-to-arbitrary-code-execution-because-of-apache-log4j-cve-2021-4104-2/


∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a stack-based buffer overflow in GNU C Library (CVE-2022-23218) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-stack-based-buffer-overflow-in-gnu-c-library-cve-2022-23218/


∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow and underflow in GNU C Library (CVE-2021-3999) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-buffer-overflow-and-underflow-in-gnu-c-library-cve-2021-3999/


∗∗∗ Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2022 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-cloud-pak-for-business-automation-ifixes-for-april-2022/


∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 91.8.0ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 – 2022.4.0 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-91-8-0esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if16-2022-4-0/


∗∗∗ K24207649: GNU C Library (glibc) vulnerability CVE-2021-3999 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K24207649


∗∗∗ K52308021: GNU C Library (glibc) vulnerabilities CVE-2022-23218 and CVE-2022-23219 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K52308021


∗∗∗ K19473898: Multiple Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, and CVE-2022-23515 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K19473898


∗∗∗ K91589041: Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K91589041


∗∗∗ K23421535: Expat vulnerabilities CVE-2022-22822, CVE-2022-22823, and CVE-2022-22824 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23421535


∗∗∗ K23231802: Expat vulnerability CVE-2021-46143 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23231802


∗∗∗ TRUMPF: TruTops Fab, TruTops Boost prone to vulnerability ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-016/


∗∗∗ Vulnerabilities in the communication protocol of the PLC runtime ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-577411.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list