[CERT-daily] Tageszusammenfassung - 18.05.2022
Daily end-of-shift report
team at cert.at
Wed May 18 18:24:32 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 17-05-2022 18:00 − Mittwoch 18-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Microsoft warns of brute-force attacks targeting MSSQL servers ∗∗∗
---------------------------------------------
Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server (MSSQL) database servers using weak passwords.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-brute-force-attacks-targeting-mssql-servers/
∗∗∗ Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang ∗∗∗
---------------------------------------------
The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations.
---------------------------------------------
https://thehackernews.com/2022/05/researchers-expose-inner-working-of.html
∗∗∗ We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere ∗∗∗
---------------------------------------------
A guide to relaying credentials everywhere in 2022.
---------------------------------------------
https://www.secureauth.com/blog/we-love-relaying-credentials-a-technical-guide-to-relaying-credentials-everywhere/
∗∗∗ Gefährliche PayPal-Phishing-Nachricht in Umlauf ∗∗∗
---------------------------------------------
In einer gefährlichen PayPal-Phishing-Mail wird behauptet „Aktion fur Ihr PayPal-Konto erforderlich“. Die Nachricht ist im PayPal-Design gehalten und spielt vor, dass eine Transaktion für Glücksspiel aufgehalten und Ihr Konto deshalb eingeschränkt wurde. Schenken Sie dem keinen Glauben und geben Sie keine Daten bekannt! Man versucht Ihre PayPal-Login-Daten und Ihre Kreditkartendaten zu stehlen!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaehrliche-paypal-phishing-nachricht-in-umlauf/
∗∗∗ EntropyCapture: Simple Extraction of DPAPI Optional Entropy ∗∗∗
---------------------------------------------
During a short application assessment, enumeration and decryption of a third-party application’s Windows Data Protection API (DPAPI) blobs using SharpDPAPI produced non-readable data because optional entropy was being used.
---------------------------------------------
https://posts.specterops.io/entropycapture-simple-extraction-of-dpapi-optional-entropy-6885196d54d0
=====================
= Vulnerabilities =
=====================
∗∗∗ BIND: Destroying a TLS session early causes assertion failure (CVE-2022-1183) ∗∗∗
---------------------------------------------
An assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early.
---------------------------------------------
https://kb.isc.org/docs/cve-2022-1183
∗∗∗ VMSA-2022-0014 ∗∗∗
---------------------------------------------
VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0014.html
∗∗∗ Sicherheitsupdates: Schadcode-Lücken in GPU-Treibern von Nvidia geschlossen ∗∗∗
---------------------------------------------
Berechnen Nvidia-Grafikkarten von Angreifern präparierte Shader, kann es zu Sicherheitsproblemen kommen.
---------------------------------------------
https://heise.de/-7097875
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (elog, needrestart, openssl, and waitress), Fedora (curl, libxml2, slurm, and vim), Scientific Linux (zlib), SUSE (e2fsprogs, nodejs10, php72, and thunderbird), and Ubuntu (apport, clamav, needrestart, and pcre3).
---------------------------------------------
https://lwn.net/Articles/895642/
∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-ibm-mobilefirst-platform-foundation-2/
∗∗∗ Security Bulletin: IBM DataPower Gateway vulnerable to HTTP header injection ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-http-header-injection/
∗∗∗ Security Bulletin: IBM DataPower Gateway vulnerable to temporary DoS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-temporary-dos/
∗∗∗ Security Bulletin: Heap-Based Buffer Overflow in Mozilla Network Security Services (NSS) may affect IBM Spectrum Protect Plus (CVE-2021-43527) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-heap-based-buffer-overflow-in-mozilla-network-security-services-nss-may-affect-ibm-spectrum-protect-plus-cve-2021-43527/
∗∗∗ Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-http-server-affect-ibm-netezza-performance-portal-2/
∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
∗∗∗ Security Bulletin: IBM Sterling Connect:Express for UNIX is vulnerable to denial of service due to OpenSSL (CVE-2022-0778) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectexpress-for-unix-is-vulnerable-to-denial-of-service-due-to-openssl-cve-2022-0778/
∗∗∗ Security Bulletin: IBM DataPower Gateway: Update Redis to remediate two CVEs ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-update-redis-to-remediate-two-cves/
∗∗∗ Synology-SA-22:07 Synology Calendar ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_22_07
∗∗∗ GIMP: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K22-0623
∗∗∗ SMA100 post-authentication Remote Command Execution vulnerability ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list