End-of-Day report
Timeframe: Montag 28-02-2022 18:00 - Dienstag 01-03-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Axis Communications shares details on disruptive cyberattack
Axis Communications has published a post mortem about a cyberattack that caused severe disruption in their systems, with some systems still partially offline.
https://www.bleepingcomputer.com/news/security/axis-communications-shares-details-on-disruptive-cyberattack/
Cyber threat activity in Ukraine: analysis and resources
Microsoft has been monitoring escalating cyber activity in Ukraine and has published analysis on observed activity in order to give organizations the latest intelligence to guide investigations into potential attacks and information to implement proactive protections against future attempts. We-ve brought together all our analysis and guidance for customers who may be impacted by events ...
https://msrc-blog.microsoft.com:443/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/
Instagram scammers as busy as ever: passwords and 2FA codes at risk
Instagram scams dont seem to be dying out - were seeing more variety and trickiness than ever...
https://nakedsecurity.sophos.com/2022/02/28/instagram-scammers-as-busy-as-ever-passwords-and-2fa-codes-at-risk/
Triaging A Malicious Docker Container
Malicious Docker containers are a relatively new form of attack, taking advantage of an exposed Docker API or vulnerable host to do their evil plotting.-- In this article, we will walk through the triage of a malicious image containing a previously undetected-in-VirusTotal (at the time of this writing) piece of malware
https://sysdig.com/blog/triaging-malicious-docker-container/
How To Protect Magento Websites
As of recently, Magento1 has become outdated and no longer supported. Adobe-s goal is to move all users away to Magento2 instead, which has 2FA and a non-standard login URL enabled by default, being generally more secure.
Migrating is very costly for an average business, however, so this article will hopefully shed some light on how you can still protect your site regardless of which version of Magento is currently being used.
https://blog.sucuri.net/2022/02/how-to-protect-magento-websites.html
Trickbot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail
Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gangs AnchorDNS backdoor, dubbed the new, upgraded variant AnchorMail.
https://thehackernews.com/2022/03/trickbot-malware-gang-upgrades-its.html
Nein, Signal wurde nicht gehackt
Auf Twitter tritt Signal derzeit Gerüchten entgegen, die behaupten, der Messenger sei gehackt oder anderweitig kompromittiert worden. Die Gerüchte "sind falsch. Signal wurde nicht gehackt", betont Signal auf Twitter. "Wir glauben, dass diese Gerüchte Teil einer koordinierten Fehlinformationskampagne sind, die die Menschen dazu bringen soll, weniger sichere Alternativen zu nutzen."
https://www.golem.de/news/messenger-nein-signal-wurde-nicht-gehackt-2203-163519.html
Unusual sign-in activity mail goes phishing for Microsoft account holders
We look at a phishing mail which may cause concern for users of Microsoft services as it claims theres been a suspicious login from Russia.The post Unusual sign-in activity mail goes phishing for Microsoft account holders appeared first on Malwarebytes Labs.
https://blog.malwarebytes.com/scams/2022/03/unusual-sign-in-activity-mail-goes-phishing-for-microsoft-account-holders/
DDoS Attacks Abuse Network Middleboxes for Reflection, Amplification
Threat actors specializing in distributed denial-of-service (DDoS) attacks have started abusing network middleboxes for reflection and amplification, Akamai warns.
https://www.securityweek.com/ddos-attacks-abuse-network-middleboxes-reflection-amplification
Betrügerische Investitionsplattformen: Checken Sie unsere Liste
Betrügerische Investitionsplattformen versprechen hohe Gewinne - risikofrei und ohne Finanzwissen. Der Handel erfolgt automatisiert oder mit persönlicher Beratung. Bereits mit kleinen Investitionen können angeblich hohe Gewinne erzielt werden. Klingt sehr verlockend, ist aber Betrug! In diesem Artikel listen wir betrügerische Investitionsplattformen.
https://www.watchlist-internet.at/news/betruegerische-investitionsplattformen-checken-sie-unsere-liste/
Tales from the Field: Coin-Operated Culprit
Due to a lack of proper visibility and segmentation, a breakroom vending machine was provided unfettered access to an operational network worth billions of dollars.
https://claroty.com/2022/02/28/blog-tales-from-the-field-coin-operated-culprit/
Vulnerabilities
Multiple vulnerabilities in VoipMonitor
I discovered and reported a few bugs in VoipMonitor ranging from a simple authentication bypass to a full RCE chain. Here I'll describe "most" of these bugs. The issues have been patched in VoipMonitor GUI version 24.97.
https://kerbit.io/research/read/blog/3
Cloud-Schutzlösung von Okta könnte Schadcode auf Server lassen
Ein wichtiges Sicherheitsupdate schließt ein Schadcode-Schlupfloch in Okta Advanced Server Client.
https://heise.de/-6529223
Security updates for Tuesday
Security updates have been issued by Debian (thunderbird), Oracle (kernel, kernel-container, and ruby:2.5), Red Hat (rh-ruby26-ruby), Slackware (libxml2 and libxslt), SUSE (htmldoc and SUSE Manager Server 4.2), and Ubuntu (mariadb-10.3, mariadb-10.5, policykit-1, qemu, virglrenderer, and webkit2gtk).
https://lwn.net/Articles/886472/
Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections
Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted device. [..] Users are encouraged to update these affected products as soon as possible: Lansweeper version 9.1.20.2. Talos tested and confirmed this version is affected by these vulnerabilities. Lansweeper 9.2.0 incorporates fixes for these issues.
http://blog.talosintelligence.com/2022/03/vuln-spotlight-.html
ZDI-22-424: (0Day) Delta Industrial Automation DIAEnergie AM_Handler SQL Injection Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-424/
ZDI-22-423: (0Day) Delta Industrial Automation DIAEnergie HandlerPage_KID Arbitrary File Upload Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-423/
ZDI-22-422: (0Day) Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-422/
ZDI-22-421: (0Day) Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-421/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2332)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-2332/
Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to buffer overflow and denial of service (CVE-2021-44790, CVE-2021-34798, CVE-2021-39275)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-http-server-as-used-by-ibm-qradar-siem-is-vulnerable-to-buffer-overflow-and-denial-of-service-cve-2021-44790-cve-2021-34798-cve-2021-39275/
Security Bulletin: Ansible vulnerability affects IBM Elastic Storage System (CVE-2021-3583)
https://www.ibm.com/blogs/psirt/security-bulletin-ansible-vulnerability-affects-ibm-elastic-storage-system-cve-2021-3583/
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where mmfsd daemon can be prevented from servicing requests (CVE-2020-4925)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-mmfsd-daemon-can-be-prevented-from-servicing-requests-cve-2020-4925/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-35558)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-35558/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-35557)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-35557/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-35557)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-35557/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management(CVE-2021-35557)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-contract-managementcve-2021-35557/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-35557)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-35557/
Security Bulletin: IBM MQ Appliance is affected by an incorrect session invalidation vulnerability (CVE-2021-38986)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-incorrect-session-invalidation-vulnerability-cve-2021-38986/
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to a denial of service vulnerability due to IBM X-Force vulnerability 220063
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-dashboards-may-be-vulnerable-to-a-denial-of-service-vulnerability-due-to-ibm-x-force-vulnerability-220063/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Management (CVE-2021-2332)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-management-cve-2021-2332/
Security Bulletin: Vulnerability in AIX audit commands (CVE-2021-38955)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-aix-audit-commands-cve-2021-38955/
Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in OpenSSL
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-vulnerabilities-in-openssl/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-2332)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-2332/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-35558)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-contract-management-cve-2021-35558/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2332)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-contract-management-cve-2021-2332/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-35558)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-35558/
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-semeru-runtime-2/
Security Bulletin: IBM MQ Appliance is affected by a Java vulnerability (CVE-2021-35578)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-java-vulnerability-cve-2021-35578/
Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Libxml2
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-firmware-products-are-affected-by-vulnerabilities-in-libxml2/
Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-http-server-powered-by-apache-for-i-is-vulnerable-to-cve-2021-44224/
Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Libxml2
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-vulnerabilities-in-libxml2-2/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-35558)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-35558/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Management (CVE-2021-35557)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-management-cve-2021-35557/
Security Bulletin: IBM MQ Appliance could allow unauthorized viewing of logs and files (CVE-2022-22326)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-unauthorized-viewing-of-logs-and-files-cve-2022-22326/
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-certified-container-is-affected-by-multiple-vulnerabilities-in-red-hat-universal-base-image-version-8-4-206-1626828523-and-binutils-version-2-30/
Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2021
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-virtualization-engine-ts7700-october-2021/
Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in OpenSSL
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-firmware-products-are-affected-by-vulnerabilities-in-openssl/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-2332)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-2332/
Security Bulletin: glibc vulnerability affects IBM Elastic Storage System (CVE-2021-27645)
https://www.ibm.com/blogs/psirt/security-bulletin-glibc-vulnerability-affects-ibm-elastic-storage-system-cve-2021-27645/
Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Management (CVE-2021-35558)
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-management-cve-2021-35558/
Security Bulletin: IBM MQ Appliance affected by a password hash that provides insufficient protection (CVE-2022-22321)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-a-password-hash-that-provides-insufficient-protection-cve-2022-22321/
Security Bulletin: Due to use of Apache Log4j, IBM Datacap is vulnerable to arbitrary code execution (CVE-2021-4104)
https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-apache-log4j-ibm-datacap-is-vulnerable-to-arbitrary-code-execution-cve-2021-4104/
BECKHOFF: Null Pointer Dereference vulnerability in products with OPC UA technology
https://cert.vde.com/de/advisories/VDE-2022-003/