End-of-Day report
Timeframe: Montag 21-11-2022 18:00 - Dienstag 22-11-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Google Chrome extension used to steal cryptocurrency, passwords
An information-stealing Google Chrome browser extension named VenomSoftX is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web.
https://www.bleepingcomputer.com/news/security/google-chrome-extension-used-to-steal-cryptocurrency-passwords/
Android file manager apps infect thousands with Sharkbot malware
A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan.
https://www.bleepingcomputer.com/news/security/android-file-manager-apps-infect-thousands-with-sharkbot-malware/
ICS cyberthreats in 2023 - what to expect
The coming year looks to be much more complicated. In the post we share some of our thoughts on potential developments of 2023, though we cannot claim to be providing either a complete picture or a high degree of precision.
https://securelist.com/ics-cyberthreats-in-2023/108011/
Crimeware and financial cyberthreats in 2023
This report assesses how accurately we predicted the developments in the financial threats landscape in 2022 and ponder at what to expect in 2023.
https://securelist.com/crimeware-financial-cyberthreats-2023/108005/
Log4Shell campaigns are using Nashorn to get reverse shell on victims machines, (Mon, Nov 21st)
Almost one year later, Log4Shell attacks are still alive and making victims.
https://isc.sans.edu/diary/rss/29266
Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware
A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of campaigns designed to steal sensitive information from compromised hosts.
https://thehackernews.com/2022/11/researchers-warn-of-cyber-criminals.html
Werbung für beheizbare Jacken auf TikTok
Haben Sie beim Durchscrollen von TikTok Werbung für eine beheizbare Jacke gesehen? Dann sind Sie wohl über die Marke -Mont Gerrard- gestolpert. Die Jacken dürften bei TikTok-Nutzer:innen sehr beliebt sein, denn es gibt bereits Fake-Shops, die die Jacken zu einem günstigeren Preis anbieten und auf TikTok und Instagram bewerben.
https://www.watchlist-internet.at/news/werbung-fuer-beheizbare-jacken-auf-tiktok/
Vulnerability Spotlight: Callback Technologies CBFS Filter denial-of-service vulnerabilities
Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter.
https://blog.talosintelligence.com/vulnerability-spotlight-callback-technologies-cbfs-filter-denial-of-service-vulnerabilities/
What is EPSS? A new rating system for vulnerabilities to replace CVSS.
LunaSec Security Researchers give a quick look at the EPSS scoring system, a new rating system for vulnerabilities that aims to replace CVSS.
https://www.lunasec.io/docs/blog/what-is-epss
Vulnerabilities
Attacken auf Backuplösung IBM Spectrum Protect Plus Container Backup möglich
Sicherheitslücken in der Programmiersprache Golang Go bedrohen IBM-Software. Sicherheitsupdates sind verfügbar.
https://heise.de/-7348556
Security updates for Tuesday
Security updates have been issued by Debian (ntfs-3g), Fedora (krb5 and samba), Gentoo (firefox-bin, ghostscript-gpl, pillow, sudo, sysstat, thunderbird-bin, and xterm), Red Hat (firefox, hsqldb, and thunderbird), SUSE (cni, cni-plugins, and krb5), and Ubuntu (isc-dhcp and sqlite3).
https://lwn.net/Articles/915708/
BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks
Researchers at industrial cybersecurity firm Nozomi Networks have discovered more than a dozen vulnerabilities in baseboard management controller (BMC) firmware.
https://www.securityweek.com/bmc-firmware-vulnerabilities-expose-ot-iot-devices-remote-attacks
ZDI-22-1615: TP-Link TL-WR940N httpd Incorrect Implementation of Authentication Algorithm Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-1615/
ZDI-22-1614: TP-Link TL-WR940N httpd Use of Insufficiently Random Values Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-1614/
Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to use of dom4j (CVE-2018-1000632)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-arbitrary-code-execution-due-to-use-of-dom4j-cve-2018-1000632-2/
Security Bulletin: Potential Vulnerability in Apache HttpClient used by Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2020-13956)
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-in-apache-httpclient-used-by-logstash-shipped-with-ibm-operations-analytics-log-analysis-cve-2020-13956/
Security Bulletin: Vulnerability from Apache Kafka affect IBM Operations Analytics - Log Analysis (CVE-2018-17196)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-from-apache-kafka-affect-ibm-operations-analytics-log-analysis-cve-2018-17196/
Security Bulletin: IBM Operations Analytics - Log Analysis susceptible to vulnerability in Apache Tika (CVE-2022-25169)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-log-analysis-susceptible-to-vulnerability-in-apache-tika-cve-2022-25169/
Security Bulletin: Vulnerabilities in SnakeYAML used by Logstash affects IBM Operations Analytics - Log Analysis (CVE-2022-25857, CVE-2017-18640)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-snakeyaml-used-by-logstash-affects-ibm-operations-analytics-log-analysis-cve-2022-25857-cve-2017-18640/
Security Bulletin: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-does-not-invalidate-active-sessions-on-a-password-change-cve-2022-40228/
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-in-some-scenarios-due-to-unauthorized-access-caused-by-improper-privilege-management-when-create-or-replace-command-3/
Security Bulletin: IBM DataPower Gateway potentially vulnerable to HTTP request smuggling
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-potentially-vulnerable-to-http-request-smuggling/
Security Bulletin: Vulnerability in Bouncy Castle used by Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2017-13098)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bouncy-castle-used-by-logstash-shipped-with-ibm-operations-analytics-log-analysis-cve-2017-13098/
Vulnerability Summary for the Week of November 14, 2022
https://us-cert.cisa.gov/ncas/bulletins/sb22-325
Advisory: Impact of Vulnerability in WIBU CodeMeter Runtime to B&R Products
https://www.br-automation.com/downloads_br_productcatalogue/assets/1667745192537-en-original-1.0.pdf