[CERT-daily] Tageszusammenfassung - 17.05.2022

Tue May 17 18:36:17 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 16-05-2022 18:00 − Dienstag 17-05-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Hackers target Tatsu WordPress plugin in millions of attacks ∗∗∗
---------------------------------------------
All users of the Tatsu Builder plugin are strongly recommended to upgrade to version 3.3.13 to avoid attack risks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-target-tatsu-wordpress-plugin-in-millions-of-attacks/


∗∗∗ Over 380 000 open Kubernetes API servers ∗∗∗
---------------------------------------------
We have recently started scanning for accessible Kubernetes API instances that respond with a 200 OK HTTP response to our probes. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. We find over 380 000 Kubernetes API daily that allow for some form of access, out of over 450 000 that we are able to identify. Data on these is shared daily in our Accessible Kubernetes API Server Report.
---------------------------------------------
https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/


∗∗∗ UpdateAgent Returns with New macOS Malware Dropper Written in Swift ∗∗∗
---------------------------------------------
A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities.
---------------------------------------------
https://thehackernews.com/2022/05/updateagent-returns-with-new-macos.html


∗∗∗ Weak Security Controls and Practices Routinely Exploited for Initial Access ∗∗∗
---------------------------------------------
This joint Cybersecurity Advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues.
---------------------------------------------
https://www.cisa.gov/uscert/ncas/alerts/aa22-137a


∗∗∗ Fahrräder im Internet kaufen: Vorsicht vor Fake-Shops ∗∗∗
---------------------------------------------
Im Internet gibt es zahlreiche Fake-Shops für Fahrräder und Zubehör. vandeyk-sport.com, motaza.shop oder nemino.net sind nur einige wenige Beispiele. Diese Fake-Shops bieten Fahrräder, die sonst schon überall ausverkauft sind – auch noch zu einem günstigeren Preis als andere Online-Shops! Außerdem können Sie nur vorab bezahlen. Finger weg: Sie erhalten keine Lieferung!
---------------------------------------------
https://www.watchlist-internet.at/news/fahrraeder-im-internet-kaufen-vorsicht-vor-fake-shops/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ iOS und iPadOS 15.5 sind da: Bugfixes und kleinere Verbesserungen ∗∗∗
---------------------------------------------
Apple hat in der Nacht zum Dienstag iOS 15.5 und iPadOS 15.5 freigegeben. Es handelt sich um kleinere Aktualisierungen, die Fehler beheben und minimale Verbesserungen bringen.
---------------------------------------------
https://heise.de/-7096570


∗∗∗ macOS 12.4 und Sicherheitsupdates für Big Sur und Catalina erhältlich ∗∗∗
---------------------------------------------
Neben iOS 15.5 liefert Apple auch neue Betriebssysteme für Mac, Apple TV, Apple Watch, HomePod und das Studio Display.
---------------------------------------------
https://heise.de/-7096585


∗∗∗ Zugangskontrolle: Aruba schließt Sicherheitslücken in ClearPass Policy Manager ∗∗∗
---------------------------------------------
Mit Arubas ClearPass Policy Manager können Administratoren die Zugangskontrolle regeln. Sicherheitslücken darin ermöglichen Angreifern die komplette Übernahme.
---------------------------------------------
https://heise.de/-7097151


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cifs-utils, ffmpeg, libxml2, and vim), Fedora (rsyslog), Mageia (chromium-browser-stable), SUSE (chromium, containerd, docker, e2fsprogs, gzip, jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core, kernel, nodejs8, openldap2, pidgin, podofo, slurm, and tiff), and Ubuntu (clamav, containerd, libxml2, and openldap).
---------------------------------------------
https://lwn.net/Articles/895521/


∗∗∗ Apache Releases Security Advisory for Tomcat ∗∗∗
---------------------------------------------
Original release date: May 16, 2022The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.  CISA encourages users and administrators to review Apache’s security advisory and apply the necessary updates.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/05/16/apache-releases-security-advisory-tomcat


∗∗∗ Nvidia Sicherheitsupdates für Kepler GTX 700/600 GPU WHQL-Treiber (473.47) freigegeben ∗∗∗
---------------------------------------------
Hersteller Nvidia hat zum 16. Mai 2022 ein Sicherheitsupdate für den Grafiktreiber der Kepler GeForce GPUs freigegeben.
---------------------------------------------
https://www.borncity.com/blog/2022/05/17/nvidia-sicherheitsupdates-fr-kepler-gtx-700-600-gpu-whql-treiber-473-47-freigegeben/


∗∗∗ Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver ∗∗∗
---------------------------------------------
Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card.
---------------------------------------------
http://blog.talosintelligence.com/2022/05/vuln-spotlight-nvidia-driver-memory.html


∗∗∗ Spring Security 5.7.0, 5.6.4, 5.5.7 Released - Fixes CVE-2022-22975 & CVE-2022-22976 ∗∗∗
---------------------------------------------
Spring Security 5.7.0 (release notes), 5.6.4 (release notes), 5.5.7 (release notes) have been released which fix CVE-2022-22978, CVE-2022-22976. Please update as soon as possible.
---------------------------------------------
https://spring.io/blog/2022/05/15/spring-security-5-7-0-5-6-4-5-5-7-released-fixes-cve-2022-22975-cve-2022-22976


∗∗∗ Security Bulletin: IBM MQ Operator and IBM supplied MQ Advanced container images are vulnerable to multiple issues from Red Hat UBI packages and the IBM WebSphere Application Server Liberty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-ibm-supplied-mq-advanced-container-images-are-vulnerable-to-multiple-issues-from-red-hat-ubi-packages-and-the-ibm-websphere-application-server-liberty/


∗∗∗ Security Bulletin: Potential Denial of Service in IBM DataPower Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-denial-of-service-in-ibm-datapower-gateway/


∗∗∗ Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/


∗∗∗ Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-external-authentication-server-is-vulnerable-to-multiple-vulnerabilities-due-to-ibm-java-runtime/


∗∗∗ Security Bulletin: IBM Process Mining is vulnerable to cross-site scripting due to Select2 CVE-2016-10744 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vulnerable-to-cross-site-scripting-due-to-select2-cve-2016-10744/


∗∗∗ Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/


∗∗∗ Security Bulletin: OpenSSL (Publicly disclosed vulnerability) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-3/


∗∗∗ Security Bulletin: IBM DataPower vulnerable to DoS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-vulnerable-to-dos/


∗∗∗ Security Bulletin: IBM DataPower Gateway API Gateway component potentially vulnerable to a Denial of Service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-api-gateway-component-potentially-vulnerable-to-a-denial-of-service/


∗∗∗ Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-golang-go-gcc-openssl-and-libxml/


∗∗∗ Security Bulletin: IBM Sterling External Authentication Server is vulnerable to improper validation of certificates ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-external-authentication-server-is-vulnerable-to-improper-validation-of-certificates/


∗∗∗ Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22475) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-identity-spoofing-cve-2022-22475/


∗∗∗ Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-secure-proxy-is-vulnerable-to-multiple-vulnerabilities-due-to-ibm-java-runtime/


∗∗∗ Security Bulletin: IBM Process Mining is vulnerable to DOS due to Eclipse Jetty CVE-2018-12545 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vulnerable-to-dos-due-to-eclipse-jetty-cve-2018-12545/


∗∗∗ Security Bulletin: IBM Sterling B2B Integrator is vulnerable to permission control vulnerability (CVE-2022-22482) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-is-vulnerable-to-permission-control-vulnerability-cve-2022-22482/


∗∗∗ Security Bulletin: IBM Sterling Secure Proxy is vulnerable to improper validation of certificates (CVE-2021-29726) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-secure-proxy-is-vulnerable-to-improper-validation-of-certificates-cve-2021-29726/


∗∗∗ Security Bulletin: IBM Process Mining is vulnerable to phishing attacks due to URI.js. CVE-2022-0868 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vulnerable-to-phishing-attacks-due-to-uri-js-cve-2022-0868/


∗∗∗ QEMU: Schwachstelle ermöglicht Denial of Service und Codeausführung ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K22-0618


∗∗∗ Circutor COMPACT DC-S BASIC ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-137-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily