Timeframe: Mittwoch 23-02-2022 18:00 - Donnerstag 24-02-2022 18:00
Handler: Thomas Pribitzer
Malware infiltrates Microsoft Store via clones of popular games
A malware named Electron Bot has found its way into Microsofts Official Store through clones of popular games such as Subway Surfer and Temple Run, leading to the infection of 5,000 computers in Sweden, Israel, Spain, and Bermuda.
Malware: Mit Wipern und DDoS gegen ukrainische IT-Systeme
Etliche Webseiten in der Ukraine sind nicht erreichbar. Zudem sind Hunderte Rechner von einer vernichtenden Schadsoftware befallen.
Ukraine & Russia Situation From a Domain Names Perspective , (Thu, Feb 24th)
Every time, something happens in the world like an earthquake, big floods, or even major sports events, it is followed by a peak of new domains registrations.
Shadowserver Special Reports - Cyclops Blink
In May 2018, the US DoJ, FBI and industry partners sinkholed the modular network device infecting malware known as VPNFilter, which Shadowserver has been reporting out for remediation to nCSIRTs and network owners each day since. In February 2022 the UK NCSC, US FBI, CISA and NSA jointly announced the discovery of new network device malware, which they have called Cyclops Blink, and see as a more advanced replacement for VPNFilter.
HermeticWiper: New Destructive Malware Used In Cyber Attacks on Ukraine
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations.
SockDetour - a Silent, Fileless, Socketless Backdoor - Targets U.S. Defense Contractors
SockDetour is a custom backdoor being used to maintain persistence, designed to serve as a backup backdoor in case the primary one is removed.
Clang Checkers and CodeQL Queries for Detecting Untrusted Pointer Derefs and Tainted Loop Conditions
In this final blog of the series, we experiment with CodeQL-s IR and Clang checkers for detecting such bug classes.
Vulnerability Spotlight: Buffer overflow vulnerabilities in Accusoft ImageGear could lead to code execution
Cisco Talos recently discovered multiple vulnerabilities in Accusoft ImageGear.
Cisco schließt Root-Lücke in Netzwerk-OS, gibt wichtige Hinweise für Firewalls
Wer eine Firewall von Cisco nutzt, sollte diese aus Sicherheitsgründen bis Anfang März aktualisieren. Außerdem gibt es Patches für NX-OS.
Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin
On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in -Photoswipe Masonry Gallery-, a WordPress plugin that is installed on over 10,000 sites.
Security updates for Wednesday
Security updates have been issued by Debian (expat), Fedora (php and vim), Mageia (cpanminus, expat, htmldoc, nodejs, polkit, util-linux, and varnish), Red Hat (389-ds-base, curl, kernel, kernel-rt, openldap, python-pillow, rpm, sysstat, and unbound), Scientific Linux (389-ds-base, kernel, openldap, and python-pillow), and Ubuntu (cyrus-sasl2, linux-oem-5.14, and php7.0).
Security updates for Thursday
Security updates have been issued by Debian (thunderbird), Fedora (php), openSUSE (jasper and thunderbird), Oracle (389-ds-base, kernel, openldap, and python-pillow), Red Hat (cyrus-sasl and samba), and SUSE (cyrus-sasl, firefox, jasper, kernel-rt, nodejs10, nodejs14, nodejs8, and thunderbird).
Security Bulletin: Datastax Enterprise with IBM is vulnerable to exploiting Apache Cassandra User-Defined Functions for Remote Code Execution
Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms
Security Bulletin: Multiple vulnerabilities were detected in IBM Sterling External Authentication Server (CVE-2022-22333, CVE-2022-22349)
Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics
Security Bulletin: Log4j vulnerability affects IBM Netezza Analytics for NPS
Security Bulletin: IBM Operational Decision Manager is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) .
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038)
Security Bulletin: Vulnerabilities in the AIX kernel (CVE-2021-38994, CVE-2021-38995)
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Logback
Security Bulletin: Multiple Vulnerabilities were detected in IBM Sterling Secure Proxy (CVE-2022-22336, CVE-2022-22333)
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java
Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics for NPS
Drupal: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
XSS Vulnerabilities in Proxy Server