[CERT-daily] Tageszusammenfassung - 27.05.2022
Daily end-of-shift report
team at cert.at
Fri May 27 18:23:10 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 25-05-2022 18:00 − Freitag 27-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ New ChromeLoader malware surge threatens browsers worldwide ∗∗∗
---------------------------------------------
The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable operation volume since the start of the year, which means that the malvertiser is now becoming a widespread threat.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-chromeloader-malware-surge-threatens-browsers-worldwide/
∗∗∗ New ‘Cheers’ Linux ransomware targets VMware ESXi servers ∗∗∗
---------------------------------------------
A new ransomware named Cheers has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/
∗∗∗ New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps ∗∗∗
---------------------------------------------
The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-ermac-20-android-malware-steals-accounts-wallets-from-467-apps/
∗∗∗ Microsoft shares mitigation for Windows KrbRelayUp LPE attacks ∗∗∗
---------------------------------------------
Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigation-for-windows-krbrelayup-lpe-attacks/
∗∗∗ Windows 11 KB5014019 breaks Trend Micro ransomware protection ∗∗∗
---------------------------------------------
This weeks Windows optional cumulative update previews have introduced a compatibility issue with some of Trend Micros security products that breaks some of their capabilities, including the ransomware protection feature.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/
∗∗∗ Warten auf abgesicherte Version: Anonymes Surfen unter Tails gefährdet ∗∗∗
---------------------------------------------
Wer mit dem Tor Browser des Tails-Systems surft, könnte Passwörter an Angreifer preisgeben.
---------------------------------------------
https://heise.de/-7123771
∗∗∗ Sie sollen Zollgebühren mit einer Paysafecard bezahlen? Achtung, Betrug! ∗∗∗
---------------------------------------------
Kriminelle versenden betrügerische E-Mails im Namen des Zolls und behaupten, dass Sie Zollgebühren bezahlen müssen, und zwar in Form einer Paysafecard. Nur so könne Ihr Paket zugestellt werden. Ignorieren Sie solche E-Mails, Kriminelle versuchen nur an Ihr Geld zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/sie-sollen-zollgebuehren-mit-einer-paysafecard-bezahlen-achtung-betrug/
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins 2022-05-26 - 2022-05-27 ∗∗∗
---------------------------------------------
IBM MQ Internet Pass-Thru, IBM MQ Operator, IBM MQ Appliance, IBM MQ trace, IBM Semeru Runtime, IBM Sterling Control Center, IBM App Connect Enterprise, IBM Watson Discovery, IBM Spectrum Control, IBM Netezza Host Management, IBM Tivoli Netcool/OMNIbus Probe Integrations, IBM DataPower.
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Sicherheitsupdates: Angreifer könnten Netzwerk-Hardware von Citrix lahmlegen ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitspatches für Citritx ADC und Citrix Gateway. Angreifer könnten die Netzwerk-Hardware lahmlegen.
---------------------------------------------
https://heise.de/-7123795
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, dpkg, filezilla, irssi, puma, and python-django), Fedora (firefox, ignition, and pcre2), Mageia (cockpit, firefox/thunderbird, openldap, supertux, unrar, and vim), Oracle (firefox and thunderbird), Red Hat (rh-varnish6-varnish), SUSE (cups, fribidi, kernel-firmware, redis, and wpa_supplicant), and Ubuntu (dpkg, logrotate, and subversion).
---------------------------------------------
https://lwn.net/Articles/896346/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (atftp, cups, neutron, and zipios++), Fedora (clash, moodle, python-jwt, and thunderbird), Red Hat (thunderbird), Slackware (cups), SUSE (go1.17, libredwg, opera, seamonkey, and varnish), and Ubuntu (libxv, ncurses, openssl, and subversion).
---------------------------------------------
https://lwn.net/Articles/896465/
∗∗∗ ABB Cyber Security Advisory: e-Design - Multiple vulnerabilities ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2%20CMT%200%200%206%200%208%206&LanguageCode=en&DocumentPartId=&Action=Launch
∗∗∗ K32760744: libxml2 vulnerability CVE-2022-23308 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K32760744
∗∗∗ K54724312: Linux kernel vulnerability CVE-2022-0492 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K54724312
∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0661
∗∗∗ Drupal CORE: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0662
∗∗∗ Keysight N6854A Geolocation server and N6841A RF Sensor software ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-146-01
∗∗∗ Horner Automation Cscape Csfont ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-146-02
∗∗∗ Cross-Site Request Forgery Vulnerability in Proxy Server ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-22-18
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list