[CERT-daily] Tageszusammenfassung - 23.05.2022
Daily end-of-shift report
team at cert.at
Mon May 23 18:15:50 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 20-05-2022 18:00 − Montag 23-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Malicious PyPI package opens backdoors on Windows, Linux, and Macs ∗∗∗
---------------------------------------------
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-backdoors-on-windows-linux-and-macs/
∗∗∗ How to find NPM dependencies vulnerable to account hijacking ∗∗∗
---------------------------------------------
Following the recent disclosure of a technique for hijacking certain NPM packages, security engineer Danish Tariq has proposed a defensive strategy for those looking to assess whether their web apps include dependencies tied to subvertable email domains.
---------------------------------------------
https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/
∗∗∗ Conti Ransomware Operation Shut Down After Brand Becomes Toxic ∗∗∗
---------------------------------------------
The Conti brand’s downfall appears to have started in late February, after Russia launched an invasion of Ukraine.
---------------------------------------------
https://www.securityweek.com/conti-ransomware-operation-shut-down-after-brand-becomes-toxic
∗∗∗ Wenn nach einer Bestellung auf Vinted ein Zalando-Paket ankommt… ∗∗∗
---------------------------------------------
Sie haben etwas auf Vinted gekauft aber ein Zalando-Paket erhalten? Dann sollten Sie rasch handeln. Dabei handelt es sich nämlich um eine Betrugsmasche.
---------------------------------------------
https://www.watchlist-internet.at/news/wenn-nach-einer-bestellung-auf-vinted-ein-zalando-paket-ankommt/
∗∗∗ Botnet bedroht Linux-Server ∗∗∗
---------------------------------------------
Schützen Sie Ihre Linux-Server vor XorDdoS, einem Botnet, das im Internet nach SSH-Servern mit schwachen Passwörtern sucht, warnt Microsoft.
---------------------------------------------
https://www.zdnet.de/88401426/botnet-bedroht-linux-server/
∗∗∗ Windows Defender Application Control: Empfohlene Blockierungsregeln (Mai 2022) ∗∗∗
---------------------------------------------
In Windows 10 und Windows 11 sind Windows Defender Application Control (WDAC) und AppLocker als Features in den Unternehmensvarianten (Windows 10/11 Enterprise) als Sicherheitsfunktionen verfügbar. Nun hat Microsoft Mitte Mai 2022 eine Liste der empfohlenen Blockierungsregeln veröffentlicht.
---------------------------------------------
https://www.borncity.com/blog/2022/05/22/windows-defender-application-control-empfohlene-blockierungsregeln-mai-2022/
=====================
= Vulnerabilities =
=====================
∗∗∗ PDF smuggles Microsoft Word doc to drop Snake Keylogger malware ∗∗∗
---------------------------------------------
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-doc-to-drop-snake-keylogger-malware/
∗∗∗ Jetzt patchen! Angreifer attackieren Cisco 8000 Series Router ∗∗∗
---------------------------------------------
Der Netzwerkausrüster Cisco hat Sicherheitsupdates für verschiedene Netzwerk-Komponenten veröffentlicht.
---------------------------------------------
https://heise.de/-7102828
∗∗∗ Oracle warnt vor Sicherheitslücke in E-Business Suite ∗∗∗
---------------------------------------------
Oracle veröffentlicht Updates eigentlich quartalsweise zum Critical-Patch-Update-Termin. Ein Patch schließt bereits jetzt eine Lücke in der E-Business-Suite.
---------------------------------------------
https://heise.de/-7102875
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (admesh, condor, firefox-esr, libpgjava, libxml2, rsyslog, and thunderbird), Fedora (dotnet6.0, libarchive, php-openpsa-universalfeedcreator, thunderbird, and vim), Mageia (ffmpeg, kernel, kernel-linus, microcode, netatalk, nvidia-current, nvidia390, opencontainers-runc, postgresql, and ruby-nokogiri), Slackware (mariadb and mozilla), and SUSE (curl, firefox, libarchive, librecad, libxls, openldap2, php7, and postgresql10).
---------------------------------------------
https://lwn.net/Articles/896032/
∗∗∗ Password policy guidance ∗∗∗
---------------------------------------------
Why do we need strong passwords? Passwords are stored by using a one-way hashing algorithm to generate a representation of the original password on a securely designed system.
---------------------------------------------
https://www.pentestpartners.com/security-blog/password-policy-guidance/
∗∗∗ Denial of Service Vulnerability in some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220601-01-f75b152f-en
∗∗∗ Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-vulnerable-to-remote-code-execution-and-denial-of-service-due-to-multiple-expat-cves/
∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerability-cve-2022-0778/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-server-side-request-forgery-due-to-python-cve-2021-29921/
∗∗∗ Security Bulletin: TXSeries for Multiplatforms is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-txseries-for-multiplatforms-is-vulnerable-to-arbitrary-code-execution-due-to-ibm-websphere-application-server-liberty-cve-2021-23450/
∗∗∗ Security Bulletin: Vulnerability in Curl affects IBM Cloud Private and could allow a remote attacker to bypass security restrictions (CVE-2021-22926) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-affects-ibm-cloud-private-and-could-allow-a-remote-attacker-to-bypass-security-restrictions-cve-2021-22926/
∗∗∗ Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerability-cve-2021-4160/
∗∗∗ K08832573: DHCP vulnerability CVE-2021-25217 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K08832573
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list