[CERT-daily] Tageszusammenfassung - 26.05.2023

Fri May 26 18:41:40 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 25-05-2023 18:00 − Freitag 26-05-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Microsoft 365 phishing attacks use encrypted RPMSG messages ∗∗∗
---------------------------------------------
Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-365-phishing-attacks-use-encrypted-rpmsg-messages/


∗∗∗ Dark Frost Botnet targets the gaming sector with powerful DDoS ∗∗∗
---------------------------------------------
Researchers from Akamai discovered a new botnet called Dark Frost that was employed in distributed denial-of-service (DDoS) attacks. The botnet borrows code from several popular bot families, including Mirai, Gafgyt, and Qbot.
---------------------------------------------
https://securityaffairs.com/146683/malware/dark-frost-botnet.html


∗∗∗ New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids ∗∗∗
---------------------------------------------
A new strain of malicious software thats engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, [...]
---------------------------------------------
https://thehackernews.com/2023/05/new-cosmicenergy-malware-exploits-ics.html


∗∗∗ Sicherheitslücken in Gesundheits-App: Datendiebstahl wäre möglich gewesen ∗∗∗
---------------------------------------------
Lücken in Gesundheits-Apps haben den schlechten Zustand der Digitalisierung im Gesundheitswesen offengelegt. Es fehle eine "sichere Basisinfrastruktur".
---------------------------------------------
https://heise.de/-9064935


∗∗∗ Cold as Ice: Unit 42 Wireshark Quiz for IcedID ∗∗∗
---------------------------------------------
IcedID is a known vector for ransomware. Analyze infection traffic from this banking trojan in our latest Wireshark tutorial.
---------------------------------------------
https://unit42.paloaltonetworks.com/wireshark-quiz-icedid/


∗∗∗ Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight ∗∗∗
---------------------------------------------
During Pwn2Own Toronto 2022, three different teams successfully exploited the Sonos One Speaker. In total, $105,000 was awarded to the three teams, with the team of Toan Pham and Tri Dang from Qrious Secure winning $60,000 since their entry was first on the schedule.
---------------------------------------------
https://www.thezdi.com/blog/2023/5/24/exploiting-the-sonos-one-speaker-three-different-ways-a-pwn2own-toronto-highlight


∗∗∗ What is a web shell? ∗∗∗
---------------------------------------------
What are web shells? And why are attackers increasingly using them in their campaigns? We break it down in this blog.
---------------------------------------------
https://blog.talosintelligence.com/what-is-a-web-shell/


∗∗∗ New Info Stealer Bandit Stealer Targets Browsers, Wallets ∗∗∗
---------------------------------------------
This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/e/new-info-stealer-bandit-stealer-targets-browsers-wallets.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ LibreOffice-Lücken: Risiko von Codeschmuggel mit präparierten Dokumenten ∗∗∗
---------------------------------------------
Neue LibreOffice-Versionen stopfen teils hochriskante Sicherheitslücken. Mit manipulierten Spreadsheets könnten Angreifer Schadcode einschleusen.
---------------------------------------------
https://heise.de/-9066277


∗∗∗ Kritische Lücken in Netzwerkverwaltungssoftware D-Link D-View 8 geschlossen ∗∗∗
---------------------------------------------
D-Link hat offensichtlich knapp fünf Monate gebraucht, um einen Sicherheitspatch für D-View 8 zu entwickeln, der sich aber immer noch im Beta-Stadium befindet.
---------------------------------------------
https://heise.de/-9066361


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (sniproxy), Fedora (c-ares), Oracle (apr-util, curl, emacs, git, go-toolset and golang, go-toolset:ol8, gssntlmssp, libreswan, mysql:8.0, thunderbird, and webkit2gtk3), Red Hat (go-toolset-1.19 and go-toolset-1.19-golang and go-toolset:rhel8), Slackware (ntfs), SUSE (rmt-server), and Ubuntu (linux-raspi, linux-raspi-5.4 and python-django).
---------------------------------------------
https://lwn.net/Articles/933071/


∗∗∗ K000134793 : OpenJDK vulnerability CVE-2018-2952 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000134793


∗∗∗ IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Perl (CVE-2020-10543) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998419


∗∗∗ IBM MQ is affected by a vulnerability in the IBM Runtime Environment, Java Technology Edition (CVE-2023-30441) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998353


∗∗∗ : IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998677


∗∗∗ IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998685


∗∗∗ IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998673


∗∗∗ IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998679


∗∗∗ IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998675


∗∗∗ IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998681


∗∗∗ Vulnerability in IBM Java (CVE-2022-21426) affects Power HMC ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998705


∗∗∗ Vulnerability in OpenSSL (CVE-2022-4304, CVE-2022-4450, CVE-2023-0215 and CVE-2023-0286 ) affects Power HMC ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998707


∗∗∗ Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998727


∗∗∗ IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998753


∗∗∗ AIX is vulnerable to security restrictions bypass due to curl (CVE-2022-32221) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6998763

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily