[CERT-daily] Tageszusammenfassung - 22.11.2022

Daily end-of-shift report team at cert.at
Tue Nov 22 18:06:33 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 21-11-2022 18:00 − Dienstag 22-11-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Google Chrome extension used to steal cryptocurrency, passwords ∗∗∗
---------------------------------------------
An information-stealing Google Chrome browser extension named VenomSoftX is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/google-chrome-extension-used-to-steal-cryptocurrency-passwords/


∗∗∗ Android file manager apps infect thousands with Sharkbot malware ∗∗∗
---------------------------------------------
A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/android-file-manager-apps-infect-thousands-with-sharkbot-malware/


∗∗∗ ICS cyberthreats in 2023 – what to expect ∗∗∗
---------------------------------------------
The coming year looks to be much more complicated. In the post we share some of our thoughts on potential developments of 2023, though we cannot claim to be providing either a complete picture or a high degree of precision.
---------------------------------------------
https://securelist.com/ics-cyberthreats-in-2023/108011/


∗∗∗ Crimeware and financial cyberthreats in 2023 ∗∗∗
---------------------------------------------
This report assesses how accurately we predicted the developments in the financial threats landscape in 2022 and ponder at what to expect in 2023.
---------------------------------------------
https://securelist.com/crimeware-financial-cyberthreats-2023/108005/


∗∗∗ Log4Shell campaigns are using Nashorn to get reverse shell on victims machines, (Mon, Nov 21st) ∗∗∗
---------------------------------------------
Almost one year later, Log4Shell attacks are still alive and making victims.
---------------------------------------------
https://isc.sans.edu/diary/rss/29266


∗∗∗ Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware ∗∗∗
---------------------------------------------
A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of campaigns designed to steal sensitive information from compromised hosts.
---------------------------------------------
https://thehackernews.com/2022/11/researchers-warn-of-cyber-criminals.html


∗∗∗ Werbung für beheizbare Jacken auf TikTok ∗∗∗
---------------------------------------------
Haben Sie beim Durchscrollen von TikTok Werbung für eine beheizbare Jacke gesehen? Dann sind Sie wohl über die Marke „Mont Gerrard“ gestolpert. Die Jacken dürften bei TikTok-Nutzer:innen sehr beliebt sein, denn es gibt bereits Fake-Shops, die die Jacken zu einem günstigeren Preis anbieten und auf TikTok und Instagram bewerben.
---------------------------------------------
https://www.watchlist-internet.at/news/werbung-fuer-beheizbare-jacken-auf-tiktok/


∗∗∗ Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities ∗∗∗
---------------------------------------------
Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter.
---------------------------------------------
https://blog.talosintelligence.com/vulnerability-spotlight-callback-technologies-cbfs-filter-denial-of-service-vulnerabilities/


∗∗∗ What is EPSS? A new rating system for vulnerabilities to replace CVSS. ∗∗∗
---------------------------------------------
LunaSec Security Researchers give a quick look at the EPSS scoring system, a new rating system for vulnerabilities that aims to replace CVSS.
---------------------------------------------
https://www.lunasec.io/docs/blog/what-is-epss



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Attacken auf Backuplösung IBM Spectrum Protect Plus Container Backup möglich ∗∗∗
---------------------------------------------
Sicherheitslücken in der Programmiersprache Golang Go bedrohen IBM-Software. Sicherheitsupdates sind verfügbar.
---------------------------------------------
https://heise.de/-7348556


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ntfs-3g), Fedora (krb5 and samba), Gentoo (firefox-bin, ghostscript-gpl, pillow, sudo, sysstat, thunderbird-bin, and xterm), Red Hat (firefox, hsqldb, and thunderbird), SUSE (cni, cni-plugins, and krb5), and Ubuntu (isc-dhcp and sqlite3).
---------------------------------------------
https://lwn.net/Articles/915708/


∗∗∗ BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks ∗∗∗
---------------------------------------------
Researchers at industrial cybersecurity firm Nozomi Networks have discovered more than a dozen vulnerabilities in baseboard management controller (BMC) firmware.
---------------------------------------------
https://www.securityweek.com/bmc-firmware-vulnerabilities-expose-ot-iot-devices-remote-attacks


∗∗∗ ZDI-22-1615: TP-Link TL-WR940N httpd Incorrect Implementation of Authentication Algorithm Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-1615/


∗∗∗ ZDI-22-1614: TP-Link TL-WR940N httpd Use of Insufficiently Random Values Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-1614/


∗∗∗ Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to use of dom4j (CVE-2018-1000632) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-arbitrary-code-execution-due-to-use-of-dom4j-cve-2018-1000632-2/


∗∗∗ Security Bulletin: Potential Vulnerability in Apache HttpClient used by Logstash shipped with IBM Operations Analytics – Log Analysis (CVE-2020-13956) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-in-apache-httpclient-used-by-logstash-shipped-with-ibm-operations-analytics-log-analysis-cve-2020-13956/


∗∗∗ Security Bulletin: Vulnerability from Apache Kafka affect IBM Operations Analytics – Log Analysis (CVE-2018-17196) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-from-apache-kafka-affect-ibm-operations-analytics-log-analysis-cve-2018-17196/


∗∗∗ Security Bulletin: IBM Operations Analytics – Log Analysis susceptible to vulnerability in Apache Tika (CVE-2022-25169) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-log-analysis-susceptible-to-vulnerability-in-apache-tika-cve-2022-25169/


∗∗∗ Security Bulletin: Vulnerabilities in SnakeYAML used by Logstash affects IBM Operations Analytics – Log Analysis (CVE-2022-25857, CVE-2017-18640) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-snakeyaml-used-by-logstash-affects-ibm-operations-analytics-log-analysis-cve-2022-25857-cve-2017-18640/


∗∗∗ Security Bulletin: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-does-not-invalidate-active-sessions-on-a-password-change-cve-2022-40228/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-in-some-scenarios-due-to-unauthorized-access-caused-by-improper-privilege-management-when-create-or-replace-command-3/


∗∗∗ Security Bulletin: IBM DataPower Gateway potentially vulnerable to HTTP request smuggling ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-potentially-vulnerable-to-http-request-smuggling/


∗∗∗ Security Bulletin: Vulnerability in Bouncy Castle used by Logstash shipped with IBM Operations Analytics – Log Analysis (CVE-2017-13098) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bouncy-castle-used-by-logstash-shipped-with-ibm-operations-analytics-log-analysis-cve-2017-13098/


∗∗∗ Vulnerability Summary for the Week of November 14, 2022 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/bulletins/sb22-325


∗∗∗ Advisory: Impact of Vulnerability in WIBU CodeMeter Runtime to B&R Products ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1667745192537-en-original-1.0.pdf

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list