[CERT-daily] Tageszusammenfassung - 10.05.2022
Daily end-of-shift report
team at cert.at
Tue May 10 18:24:32 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Montag 09-05-2022 18:00 − Dienstag 10-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families ∗∗∗
---------------------------------------------
Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer thats designed to siphon credentials and system information.
---------------------------------------------
https://thehackernews.com/2022/05/experts-detail-saintstealer-and-prynt.html
∗∗∗ SEO Poisoning – A Gootloader Story ∗∗∗
---------------------------------------------
Gootloader was the name assigned to the multi-staged payload distribution by Sophos in March 2021. The threat actors utilize SEO (search engine optimization) poisoning tactics to move compromised websites hosting malware to the top of certain search requests such as “what is the difference between a grand agreement and a contract?” or “freddie mac shared driveway agreement?”
---------------------------------------------
https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
∗∗∗ Hilfe, Kriminelle bestellen Produkte in meinem Namen! ∗∗∗
---------------------------------------------
Erhalten Sie Rechnungen, Mahnungen, ja vielleicht sogar Inkasso-Schreiben für Bestellungen, die Sie nie getätigt haben? Dann kann es sein, dass Verbrecher:innen Ihre Daten für Bestellbetrug missbrauchen.
---------------------------------------------
https://www.watchlist-internet.at/news/hilfe-kriminelle-bestellen-produkte-in-meinem-namen/
=====================
= Vulnerabilities =
=====================
∗∗∗ Hackers Actively Exploit F5 BIG-IP Bug ∗∗∗
---------------------------------------------
The bug has a severe rating of 9.8, public exploits are released.
---------------------------------------------
https://threatpost.com/exploit-f5-big-ip-bug/179563/
∗∗∗ Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) ∗∗∗
---------------------------------------------
Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a whole.
---------------------------------------------
https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kicad and qemu), Fedora (thunderbird), Oracle (expat), Red Hat (samba), Slackware (kernel), and SUSE (firefox, ldb, and rsyslog).
---------------------------------------------
https://lwn.net/Articles/894499/
∗∗∗ GENEREX RCCMD vulnerable to directory traversal ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN60801132/
∗∗∗ SSA-285795 V1.0: Denial of Service in OPC-UA in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-285795.txt
∗∗∗ SSA-321292 V1.0: Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-321292.txt
∗∗∗ SSA-363107 V1.0: An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-363107.txt
∗∗∗ SSA-480937 V1.0: Denial of Service Vulnerability in CP 44x-1 RNA before V1.5.18 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-480937.txt
∗∗∗ SSA-553086 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-553086.txt
∗∗∗ SSA-626968 V1.0: Multiple Webserver Vulnerabilities in Desigo PXC and DXR Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-626968.txt
∗∗∗ SSA-662649 V1.0: Denial of Service Vulnerability in Desigo DXR and PXC Controllers ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-662649.txt
∗∗∗ SSA-732250 V1.0: Libcurl Vulnerabilities in Industrial Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-732250.txt
∗∗∗ SSA-736385 V1.0: Memory Corruption Vulnerability in OpenV2G ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-736385.txt
∗∗∗ SSA-789162 V1.0: Vulnerabilities in Teamcenter ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-789162.txt
∗∗∗ SSA-165073: Multiple Vulnerabilities in the Webinterface of SICAM P850 and SICAM P855 Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-165073.txt
∗∗∗ SSA-162616: File Parsing Vulnerabilities in Simcenter Femap before V2022.2 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-162616.txt
∗∗∗ [CA8268] Local privilege escalation vulnerabilities in installers for ESET products for Windows fixed ∗∗∗
---------------------------------------------
https://support.eset.com/en/ca8268-local-privilege-escalation-vulnerabilities-in-installers-for-eset-products-for-windows-fixed
∗∗∗ Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to string injection vulnerability due to Node.js (CVE-2021-44532, CVE-2021-44532 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-assistant-for-ibm-cloud-pak-for-data-is-vulnerable-to-string-injection-vulnerability-due-to-node-js-cve-2021-44532-cve-2021-44532/
∗∗∗ Security Bulletin: Cúram Social Program Management is vulnerable to arbitrary code execution and SQL injection issues due to Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-is-vulnerable-to-arbitrary-code-execution-and-sql-injection-issues-due-to-apache-log4j-cve-2022-23302-cve-2022-23305-cve-2022-23307/
∗∗∗ Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2022-23806 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-denial-of-service-due-to-go-cve-2022-23806/
∗∗∗ Security Bulletin: IBM InfoSphere Information Server is vulnerable to OS command injection (CVE-2022-22454) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-os-command-injection-cve-2022-22454/
∗∗∗ Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System (CVE-2021-21994, CVE-2021-21995) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-esxi-affect-ibm-cloud-pak-system-cve-2021-21994-cve-2021-21995-3/
∗∗∗ Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-sdk-for-node-js-might-affect-the-configuration-editor-used-by-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-3/
∗∗∗ Security Bulletin: Vulnerability CVE-2021-39024 in IBM Guardium Data Encryption (GDE) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2021-39024-in-ibm-guardium-data-encryption-gde/
∗∗∗ Adminer in Industrial Products ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-01
∗∗∗ Eaton Intelligent Power Protector ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-02
∗∗∗ Eaton Intelligent Power Manager Infrastructure ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-03
∗∗∗ Eaton Intelligent Power Manager ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-04
∗∗∗ AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-05
∗∗∗ Mitsubishi Electric MELSOFT GT OPC UA ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-06
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list