End-of-Day report
Timeframe: Dienstag 01-03-2022 18:00 - Mittwoch 02-03-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Phishing attacks target countries aiding Ukrainian refugees
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.
https://www.bleepingcomputer.com/news/security/phishing-attacks-target-countries-aiding-ukrainian-refugees/
Geoblocking when you cant Geoblock, (Tue, Mar 1st)
Given recent events, I've gotten a flood of calls from clients who want to start blocking egress traffic to specific countries, or block ingress traffic from specific countries (or both).
https://isc.sans.edu/diary/rss/28392
TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps
An Android banking trojan designed to steal credentials and SMS messages has been observed once again sneaking past Google Play Store protections to target users of more than 400 banking and financial apps, including those from Russia, China, and the U.S.
https://thehackernews.com/2022/03/teabot-android-banking-malware-spreads.html
"Authority-Scam": Kriminelle imitieren Behörden für Investment-Betrug
Beim -Authority-Scam- geben sich die Kriminellen als Behörde aus und fordern Zahlungen wegen der Investments. Nicht bezahlen!
https://www.watchlist-internet.at/news/authority-scam-kriminelle-imitieren-behoerden-fuer-investment-betrug/
Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization
Scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations found 75% had known security gaps.
https://unit42.paloaltonetworks.com/infusion-pump-vulnerabilities/
Vulnerabilities
Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack
As many as five security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack.
https://thehackernews.com/2022/03/critical-bugs-reported-in-popular-open.html
IBM warnt vor zahlreichen Sicherheitslücken
IBM hat für diverse Produkte Updates veröffentlicht, die teils kritische Sicherheitslücken schließen. Administratoren sollten sie zeitnah installieren.
https://heise.de/-6531076
Sicherheitsupdates von Fortinet: Angreifer könnten Admin-Zugänge erraten
Unter anderen FortiMail und FortiWLC sind verwundbar. Eine Lücke gilt als kritisch.
https://heise.de/-6531249
Security updates for Wednesday
Security updates have been issued by Fedora (mingw-expat and seamonkey), openSUSE (mc, mysql-connector-java, nodejs12, and sphinx), Red Hat (kernel and kpatch-patch), SUSE (cyrus-sasl, kernel, nodejs12, and php74), and Ubuntu (glibc).
https://lwn.net/Articles/886560/
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm
Cisco StarOS Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n
Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp
Security Bulletin: Vulnerabilities in AIX CAA (CVE-2022-22350, CVE-2021-38996)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-aix-caa-cve-2022-22350-cve-2021-38996/
Security Bulletin: SQL injection vulnerability in PostgreSQL affects IBM Connect:Direct Web Services (CVE-2021-23214)
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-in-postgresql-affects-ibm-connectdirect-web-services-cve-2021-23214/
Security Bulletin: Vulnerability in BIND affects AIX (CVE-2021-25219)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affects-aix-cve-2021-25219/
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote attacker due to Apache Log4j (CVE-2021-44832)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-remote-attacker-due-to-apache-log4j-cve-2021-44832/
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-connectdirect-web-services-4/
Security Bulletin: Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL
https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-ibm-infosphere-master-data-management-server-vulnerability-in-openssl-2/
Security Bulletin: Vulnerabilities with Expat, Spring Framework and Apache HTTP Server affect IBM Cloud Object Storage Systems (Feb 2022 V2)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-expat-spring-framework-and-apache-http-server-affect-ibm-cloud-object-storage-systems-feb-2022-v2/
VMSA-2022-0007
https://www.vmware.com/security/advisories/VMSA-2022-0007.html
K34519550: Linux kernel vulnerability CVE-2021-27364
https://support.f5.com/csp/article/K34519550