Tageszusammenfassung - 01.03.2022

End-of-Day report

Timeframe: Montag 28-02-2022 18:00 - Dienstag 01-03-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner

News

Axis Communications shares details on disruptive cyberattack

Axis Communications has published a post mortem about a cyberattack that caused severe disruption in their systems, with some systems still partially offline.

https://www.bleepingcomputer.com/news/security/axis-communications-shares-details-on-disruptive-cyberattack/


Cyber threat activity in Ukraine: analysis and resources

Microsoft has been monitoring escalating cyber activity in Ukraine and has published analysis on observed activity in order to give organizations the latest intelligence to guide investigations into potential attacks and information to implement proactive protections against future attempts. We-ve brought together all our analysis and guidance for customers who may be impacted by events ...

https://msrc-blog.microsoft.com:443/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/


Instagram scammers as busy as ever: passwords and 2FA codes at risk

Instagram scams dont seem to be dying out - were seeing more variety and trickiness than ever...

https://nakedsecurity.sophos.com/2022/02/28/instagram-scammers-as-busy-as-ever-passwords-and-2fa-codes-at-risk/


Triaging A Malicious Docker Container

Malicious Docker containers are a relatively new form of attack, taking advantage of an exposed Docker API or vulnerable host to do their evil plotting.-- In this article, we will walk through the triage of a malicious image containing a previously undetected-in-VirusTotal (at the time of this writing) piece of malware

https://sysdig.com/blog/triaging-malicious-docker-container/


How To Protect Magento Websites

As of recently, Magento1 has become outdated and no longer supported. Adobe-s goal is to move all users away to Magento2 instead, which has 2FA and a non-standard login URL enabled by default, being generally more secure. Migrating is very costly for an average business, however, so this article will hopefully shed some light on how you can still protect your site regardless of which version of Magento is currently being used.

https://blog.sucuri.net/2022/02/how-to-protect-magento-websites.html


Trickbot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail

Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gangs AnchorDNS backdoor, dubbed the new, upgraded variant AnchorMail.

https://thehackernews.com/2022/03/trickbot-malware-gang-upgrades-its.html


Nein, Signal wurde nicht gehackt

Auf Twitter tritt Signal derzeit Gerüchten entgegen, die behaupten, der Messenger sei gehackt oder anderweitig kompromittiert worden. Die Gerüchte "sind falsch. Signal wurde nicht gehackt", betont Signal auf Twitter. "Wir glauben, dass diese Gerüchte Teil einer koordinierten Fehlinformationskampagne sind, die die Menschen dazu bringen soll, weniger sichere Alternativen zu nutzen."

https://www.golem.de/news/messenger-nein-signal-wurde-nicht-gehackt-2203-163519.html


Unusual sign-in activity mail goes phishing for Microsoft account holders

We look at a phishing mail which may cause concern for users of Microsoft services as it claims theres been a suspicious login from Russia.The post Unusual sign-in activity mail goes phishing for Microsoft account holders appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/scams/2022/03/unusual-sign-in-activity-mail-goes-phishing-for-microsoft-account-holders/


DDoS Attacks Abuse Network Middleboxes for Reflection, Amplification

Threat actors specializing in distributed denial-of-service (DDoS) attacks have started abusing network middleboxes for reflection and amplification, Akamai warns.

https://www.securityweek.com/ddos-attacks-abuse-network-middleboxes-reflection-amplification


Betrügerische Investitionsplattformen: Checken Sie unsere Liste

Betrügerische Investitionsplattformen versprechen hohe Gewinne - risikofrei und ohne Finanzwissen. Der Handel erfolgt automatisiert oder mit persönlicher Beratung. Bereits mit kleinen Investitionen können angeblich hohe Gewinne erzielt werden. Klingt sehr verlockend, ist aber Betrug! In diesem Artikel listen wir betrügerische Investitionsplattformen.

https://www.watchlist-internet.at/news/betruegerische-investitionsplattformen-checken-sie-unsere-liste/


Tales from the Field: Coin-Operated Culprit

Due to a lack of proper visibility and segmentation, a breakroom vending machine was provided unfettered access to an operational network worth billions of dollars.

https://claroty.com/2022/02/28/blog-tales-from-the-field-coin-operated-culprit/

Vulnerabilities

Multiple vulnerabilities in VoipMonitor

I discovered and reported a few bugs in VoipMonitor ranging from a simple authentication bypass to a full RCE chain. Here I'll describe "most" of these bugs. The issues have been patched in VoipMonitor GUI version 24.97.

https://kerbit.io/research/read/blog/3


Cloud-Schutzlösung von Okta könnte Schadcode auf Server lassen

Ein wichtiges Sicherheitsupdate schließt ein Schadcode-Schlupfloch in Okta Advanced Server Client.

https://heise.de/-6529223


Security updates for Tuesday

Security updates have been issued by Debian (thunderbird), Oracle (kernel, kernel-container, and ruby:2.5), Red Hat (rh-ruby26-ruby), Slackware (libxml2 and libxslt), SUSE (htmldoc and SUSE Manager Server 4.2), and Ubuntu (mariadb-10.3, mariadb-10.5, policykit-1, qemu, virglrenderer, and webkit2gtk).

https://lwn.net/Articles/886472/


Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections

Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted device. [..] Users are encouraged to update these affected products as soon as possible: Lansweeper version 9.1.20.2. Talos tested and confirmed this version is affected by these vulnerabilities. Lansweeper 9.2.0 incorporates fixes for these issues.

http://blog.talosintelligence.com/2022/03/vuln-spotlight-.html


ZDI-22-424: (0Day) Delta Industrial Automation DIAEnergie AM_Handler SQL Injection Information Disclosure Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-22-424/


ZDI-22-423: (0Day) Delta Industrial Automation DIAEnergie HandlerPage_KID Arbitrary File Upload Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-22-423/


ZDI-22-422: (0Day) Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-22-422/


ZDI-22-421: (0Day) Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-22-421/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2332)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-2332/


Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to buffer overflow and denial of service (CVE-2021-44790, CVE-2021-34798, CVE-2021-39275)

https://www.ibm.com/blogs/psirt/security-bulletin-apache-http-server-as-used-by-ibm-qradar-siem-is-vulnerable-to-buffer-overflow-and-denial-of-service-cve-2021-44790-cve-2021-34798-cve-2021-39275/


Security Bulletin: Ansible vulnerability affects IBM Elastic Storage System (CVE-2021-3583)

https://www.ibm.com/blogs/psirt/security-bulletin-ansible-vulnerability-affects-ibm-elastic-storage-system-cve-2021-3583/


Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where mmfsd daemon can be prevented from servicing requests (CVE-2020-4925)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-mmfsd-daemon-can-be-prevented-from-servicing-requests-cve-2020-4925/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-35558)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-35558/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-35557)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-35557/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-35557)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-35557/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management(CVE-2021-35557)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-contract-managementcve-2021-35557/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-35557)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-35557/


Security Bulletin: IBM MQ Appliance is affected by an incorrect session invalidation vulnerability (CVE-2021-38986)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-incorrect-session-invalidation-vulnerability-cve-2021-38986/


Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to a denial of service vulnerability due to IBM X-Force vulnerability 220063

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-dashboards-may-be-vulnerable-to-a-denial-of-service-vulnerability-due-to-ibm-x-force-vulnerability-220063/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Management (CVE-2021-2332)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-management-cve-2021-2332/


Security Bulletin: Vulnerability in AIX audit commands (CVE-2021-38955)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-aix-audit-commands-cve-2021-38955/


Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in OpenSSL

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-vulnerabilities-in-openssl/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-2332)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-2332/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-35558)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-contract-management-cve-2021-35558/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2332)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-contract-management-cve-2021-2332/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-35558)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-35558/


Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-semeru-runtime-2/


Security Bulletin: IBM MQ Appliance is affected by a Java vulnerability (CVE-2021-35578)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-java-vulnerability-cve-2021-35578/


Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Libxml2

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-firmware-products-are-affected-by-vulnerabilities-in-libxml2/


Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-http-server-powered-by-apache-for-i-is-vulnerable-to-cve-2021-44224/


Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Libxml2

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-vulnerabilities-in-libxml2-2/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-35558)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-35558/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Management (CVE-2021-35557)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-management-cve-2021-35557/


Security Bulletin: IBM MQ Appliance could allow unauthorized viewing of logs and files (CVE-2022-22326)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-could-allow-unauthorized-viewing-of-logs-and-files-cve-2022-22326/


Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-certified-container-is-affected-by-multiple-vulnerabilities-in-red-hat-universal-base-image-version-8-4-206-1626828523-and-binutils-version-2-30/


Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2021

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-virtualization-engine-ts7700-october-2021/


Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in OpenSSL

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-firmware-products-are-affected-by-vulnerabilities-in-openssl/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-2332)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-2332/


Security Bulletin: glibc vulnerability affects IBM Elastic Storage System (CVE-2021-27645)

https://www.ibm.com/blogs/psirt/security-bulletin-glibc-vulnerability-affects-ibm-elastic-storage-system-cve-2021-27645/


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Management (CVE-2021-35558)

https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-management-cve-2021-35558/


Security Bulletin: IBM MQ Appliance affected by a password hash that provides insufficient protection (CVE-2022-22321)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-a-password-hash-that-provides-insufficient-protection-cve-2022-22321/


Security Bulletin: Due to use of Apache Log4j, IBM Datacap is vulnerable to arbitrary code execution (CVE-2021-4104)

https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-apache-log4j-ibm-datacap-is-vulnerable-to-arbitrary-code-execution-cve-2021-4104/


BECKHOFF: Null Pointer Dereference vulnerability in products with OPC UA technology

https://cert.vde.com/de/advisories/VDE-2022-003/