[CERT-daily] Tageszusammenfassung - 24.11.2022
Daily end-of-shift report
team at cert.at
Thu Nov 24 18:10:18 CET 2022
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 23-11-2022 18:00 − Donnerstag 24-11-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Investigating a backdoored PyPi package targeting FastAPI applications ∗∗∗
---------------------------------------------
On November 23rd, 2022, the Datadog Security Labs team identified a utility Python package on PyPI related to FastAPI, fastapi-toolkit, that has likely been compromised by a malicious actor.
---------------------------------------------
https://securitylabs.datadoghq.com/articles/malicious-pypi-package-fastapi-toolkit/
∗∗∗ THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies ∗∗∗
---------------------------------------------
In this threat alert, the Cybereason team describes one attack scenario that started from a QBot infection, resulting in multiple key machines loading Cobalt Strike, which finally led to the global deployment of Black Basta ransomware.
---------------------------------------------
https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and-the-black-basta-ransomware-group-targeting-u.s.-companies
∗∗∗ MSI Afterburner: Vorsicht vor Fake-Software mit Trojaner im Gepäck ∗∗∗
---------------------------------------------
Immer wieder versuchen Kriminelle Opfern Schadcode unter dem Deckmantel von legitimen Tools, wie aktuell dem GPU-Tool MSI Afterburner, unterzuschieben.
---------------------------------------------
https://heise.de/-7351380
∗∗∗ In eine Phishing-Falle getappt? Das können Sie tun: ∗∗∗
---------------------------------------------
Wurden Sie über ein betrügerisches E-Mail oder SMS auf eine gefälschte Login-Seiten gelockt? Haben Sie dort Ihre Daten eingetippt? Dann haben Kriminelle Zugriff auf Ihr Konto. Wir zeigen Ihnen, was Sie tun können, wenn Sie Ihre Benutzerdaten preisgegeben haben.
---------------------------------------------
https://www.watchlist-internet.at/news/in-eine-phishing-falle-getappt-das-koennen-sie-tun/
∗∗∗ Neue Betrugsmasche: Kriminelle stehlen Kreditkartendaten und hinterlegen sie für Apple Pay ∗∗∗
---------------------------------------------
Kriminelle erschleichen sich mit Phishing-Nachrichten per SMS oder E-Mail Kreditkartendaten und hinterlegen diese für Apple Pay. Betroffene werden dann unter falschen Vorwänden verleitet, den Aktivierungscode für Apple Pay an die Kriminellen weiterzugeben.
---------------------------------------------
https://www.watchlist-internet.at/news/neue-betrugsmasche-kriminelle-stehlen-kreditkartendaten-und-hinterlegen-sie-fuer-apple-pay/
∗∗∗ Bahamut cybermercenary group targets Android users with fake VPN apps ∗∗∗
---------------------------------------------
Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram.
---------------------------------------------
https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/
∗∗∗ IBM: RansomExx becomes latest ransomware group to create Rust variant ∗∗∗
---------------------------------------------
The RansomExx ransomware group has become the latest gang to create a variant in the Rust programming language, according to IBM Security X-Force Threat researchers.
---------------------------------------------
https://therecord.media/ibm-ransomexx-becomes-latest-ransomware-group-to-create-rust-variant/
=====================
= Vulnerabilities =
=====================
∗∗∗ TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input ∗∗∗
---------------------------------------------
tdpServer of TP-Link RE300 V1 improperly processes its input, possibly resulting to crash.
---------------------------------------------
https://jvn.jp/en/jp/JVN29657972/
∗∗∗ Security update available in Foxit PDF Editor for Mac 11.1.4 ∗∗∗
---------------------------------------------
Foxit has released Foxit PDF Editor for Mac 11.1.4, which addresses potential security and stability issues.
---------------------------------------------
https://www.foxit.com/support/security-bulletins.html
∗∗∗ SolarWinds Security Advisories 2022-11-22 ∗∗∗
---------------------------------------------
SolarWinds published 7 Security Advisories (3 High, 1 Medium, 3 Low Severity).
---------------------------------------------
https://www.solarwinds.com/trust-center/security-advisories
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (vim), Fedora (drupal7-context, drupal7-link, firefox, xen, xorg-x11-server, and xorg-x11-server-Xwayland), Oracle (container-tools:ol8, device-mapper-multipath, dotnet7.0, firefox, hsqldb, keylime, podman, python3.9, python39:3.9, thunderbird, and xorg-x11-server), SUSE (exiv2-0_26, keylime, libarchive, net-snmp, nginx, opensc, pixman, python-joblib, strongswan, and webkit2gtk3), and Ubuntu (expat, imagemagick, mariadb-10.3, mariadb-10.6, [...]
---------------------------------------------
https://lwn.net/Articles/915929/
∗∗∗ Security Bulletin: IBM Sterling Control Center vulnerable to multiple issues to due IBM Cognos Analystics (CVE-2022-4160, CVE-2021-3733) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-vulnerable-to-multiple-issues-to-due-ibm-cognos-analystics-cve-2022-4160-cve-2021-3733/
∗∗∗ Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service due to Websphere Liberty (CVE-2022-24839) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-is-vulnerable-to-denial-of-service-due-to-websphere-liberty-cve-2022-24839/
∗∗∗ Security Bulletin: IBM Sterling Control Center is vulnerable to HTTP header injection due to Websphere Liberty (CVE-2022-34165) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-is-vulnerable-to-http-header-injection-due-to-websphere-liberty-cve-2022-34165/
∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affects Cloud Pak System [CVE-2021-28167] ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affects-cloud-pak-system-cve-2021-28167/
∗∗∗ Security Bulletin: IBM Sterling Control Center is vulnerable to unauthenticated data manipulation due to Java SE (CVE-2021-2163) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-is-vulnerable-to-unauthenticated-data-manipulation-due-to-java-se-cve-2021-2163/
∗∗∗ Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-for-ibm-cloudpak-for-watson-aiops-3-5-1/
∗∗∗ Security Bulletin: Vulnerabilities with MariaDB affect IBM Cloud Object Storage Systems (Nov 2022v1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-mariadb-affect-ibm-cloud-object-storage-systems-nov-2022v1/
∗∗∗ Pilz: PAS 4000 prone to ZipSlip ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-045/
∗∗∗ Pilz: Multiple products affected by ZipSlip ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-044/
∗∗∗ Pilz: PASvisu and PMI affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-033/
∗∗∗ 2022-18Multiple vulnerabilities in BAT-C2 ∗∗∗
---------------------------------------------
https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/15087-source/
∗∗∗ 2022-21Authenticated Command Injection in Hirschmann BAT-C2 ∗∗∗
---------------------------------------------
https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/15088-source/
∗∗∗ 2022-20TinyXML vulnerability in Hirschmann HiLCOS products ∗∗∗
---------------------------------------------
https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/15089-source/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list