Tageszusammenfassung - 04.03.2022

End-of-Day report

Timeframe: Donnerstag 03-03-2022 18:00 - Freitag 04-03-2022 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer

News

8-Character Passwords Can Be Cracked in Less than 60 Minutes

Researchers say passwords with less than seven characters can be hacked "instantly."

https://www.darkreading.com/attacks-breaches/8-character-passwords-can-be-cracked-in-less-than-60-minutes


5 Risks That Can Cause Your Website to Get Reinfected

Re-infections are one of the most frustrating encounters site owners experience. Like a game of whack-a-mole, when you think you-ve found and removed everything malicious, more malicious content pops up.

https://blog.sucuri.net/2022/03/5-risks-that-can-cause-your-website-to-get-reinfected.html


SharkBot: a -new- generation Android banking Trojan being distributed on Google Play Store

NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay Android banking malware.

https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/


Nvidias geleakte Code-Signing-Zertifikate missbraucht

Die Einbrecher haben bei Nvidia auch Code-Signing-Zertifikate entwendet und veröffentlicht. Mit denen werden nun Angriffs-Tools signiert.

https://heise.de/-6537255


Betrügerische Spendenaufrufe: Kriminelle missbrauchen Krieg in der Ukraine

Um Menschen in der Ukraine finanziell zu unterstützen, gibt es derzeit zahlreiche Möglichkeiten. Doch auch Kriminelle missbrauchen diese Situation und erstellen betrügerische Webseiten mit Spendenaufrufen.

https://www.watchlist-internet.at/news/betruegerische-spendenaufrufe-kriminelle-missbrauchen-krieg-in-der-ukraine/


A Backdoor Lockpick

In early September, 2021, a fairly ordinary and inexpensive residential router came into the Zero Day research team-s possession.

https://medium.com/tenable-techblog/a-backdoor-lockpick-d847a83f4496


Die Renaissance des Cybervigilantismus

Der Krieg zwischen Russland und der Ukraine hat als - bis zu einem gewissen Grad überraschenden - Nebeneffekt die Renaissance von Software, die der durch Anonymous bekannt und populär gemachten, zu DDoS-Zwecken verwendeten "Low Orbit Ion Cannon" ähnelt. Dutzende solcher Programme oder auf dem selben Prinzip basierende Webseiten werden aktuell auf den sozialen Netzwerken verteilt und fast schon begeistert von vielen Menschen genutzt.

https://cert.at/de/blog/2022/3/die-renaissance-des-cybervigilantismus


NSA Releases Network Infrastructure Security Guidance

The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network.

https://us-cert.cisa.gov/ncas/current-activity/2022/03/03/nsa-releases-network-infrastructure-security-guidance

Vulnerabilities

Amazon Alexa can be hijacked via commands from own speaker

Without a critical update, Amazon Alexa devices could wake themselves up and start executing audio commands issued by a remote attacker, according to infosec researchers at Royal Holloway, University of London.

https://www.theregister.com/2022/03/03/amazon_alexa_speaker_vuln/


New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?

CVE-2022-0492 marks a logical bug in control groups (cgroups), a Linux feature that is a fundamental building block of containers.

https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/


Kritische Root-Lücken gefährden Ciscos Fernzugriff-Software Expressway Series

Der Netzwerkhersteller Cisco hat wichtige Sicherheitsupdates für Expressway Series, StarOS & Co. veröffentlicht.

https://heise.de/-6537019


Security updates for Friday

Security updates have been issued by Debian (varnish), Fedora (barrier and polkit), openSUSE (bitcoin, conmon, libcontainers-common, libseccomp, podman, firefox, nodejs-electron, nodejs8, php7, and webkit2gtk3), SUSE (conmon, libcontainers-common, libseccomp, podman, cyrus-sasl, expat, firefox, nodejs8, php7, tomcat, and webkit2gtk3), and Ubuntu (containerd).

https://lwn.net/Articles/886792/


pfSense-pkg-WireGuard vulnerable to directory traversal

https://jvn.jp/en/jp/JVN85572374/


B&R APROL and B&R APROL: A flaw in Chainsaw component of Log4j can lead to code execution

https://www.br-automation.com/downloads_br_productcatalogue/assets/1644947115875-en-original-1.0.pdf


Security Bulletin: IBM Security QRadar SOAR is using a component vulnerable to Cross Site Scripting (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-soar-is-using-a-component-vulnerable-to-cross-site-scripting-cve-2021-41182-cve-2021-41183-cve-2021-41184/


Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where mmfsd daemon can be prevented from servicing requests (CVE-2020-4925)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-mmfsd-daemon-can-be-prevented-from-servicing-requests-cve-2020-4925-2/


Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security QRadar SOAR ( CVE-2021-35560, CVE-2021-35578, CVE-2021-35564, CVE-2021-35565, CVE-2021-35588)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-security-qradar-soar-cve-2021-35560-cve-2021-35578-cve-2021-35564-cve-2021-35565-cve-2021-35588/


Security Bulletin: Multiple Vulnerabilities in Sterling Connect:Direct Browser User Interface

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-sterling-connectdirect-browser-user-interface/


Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to IBM Dojo (CVE-2021-234550), Java SE (CVE-2021-35578), IBM WebSphere Application Server - Liberty (CVE-2021-39031), Apache Log4j (CVE-2021-44832) and Gson

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-control-is-vulnerable-to-multiple-weaknesses-related-to-ibm-dojo-cve-2021-234550-java-se-cve-2021-35578-ibm-websphere-application-server-liberty-cve-2021-39031/


Trailer Power Line Communications (PLC) J2497

https://us-cert.cisa.gov/ics/advisories/icsa-22-063-01