End-of-Day report
Timeframe: Dienstag 08-03-2022 18:00 - Mittwoch 09-03-2022 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
News
Betrug auf Discord: -Sorry, ich habe deinen Steam-Account gemeldet!-
Gamerinnen und Gamer aufgepasst: Auf Discord kommt es momentan zu Kontaktaufnahmen durch Kriminelle, die sich für das Melden des Steam-Accounts entschuldigen.
https://www.watchlist-internet.at/news/betrug-auf-discord-sorry-ich-habe-deinen-steam-account-gemeldet/
Daxin Backdoor: In-Depth Analysis, Part Two
In the second of a two-part series of blogs, we examine the communications and networking features of Daxin.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage-analysis
Vulnerabilities
Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint
Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms.
https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/
New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices
Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices.
https://thehackernews.com/2022/03/new-16-high-severity-uefi-firmware.html
Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses
Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System (CPS) that could be combined to achieve a full pre-authenticated remote code execution of affected systems.
https://thehackernews.com/2022/03/critical-rce-bugs-found-in-pascom-cloud.html
TLStorm: Three critical vulnerabilities discovered in APC Smart-UPS devices
Armis has discovered a set of three critical zero-day vulnerabilities in APC Smart-UPS devices that can allow remote attackers to take over Smart-UPS devices and carry out extreme attacks targeting both physical devices and IT assets.
https://www.armis.com/research/tlstorm/
Patchday: SAP behebt 16 Schwachstellen
Zum März-Patchday bei SAP liefert das Unternehmen Aktualisierungen für zwölf neue Sicherheitslücken aus. Zudem aktualisiert es vier ältere Sicherheitsmeldungen.
https://heise.de/-6543439
Alte Lücke in Pulse Connect Secure-VPN wird angegriffen
Schon Mitte 2020 hat Pulse Secure in seiner VPN-Lösung Aktualisierungen veröffentlicht, die Sicherheitslücken schließen. Die Lücken werden jetzt angegriffen.
https://heise.de/-6544328
Security updates for Wednesday
Security updates have been issued by Debian (kernel, linux-4.19, spip, and thunderbird), Fedora (cyrus-sasl and libxml2), Mageia (firefox and thunderbird), openSUSE (buildah and tcpdump), Red Hat (cyrus-sasl, kernel, kernel-rt, and kpatch-patch), Slackware (kernel), SUSE (buildah, kernel, libcaca, and tcpdump), and Ubuntu (linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oem-5.14, linux-oracle, linux-oracle-5.13, [...]
https://lwn.net/Articles/887309/
Microsoft Releases March 2022 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
https://us-cert.cisa.gov/ncas/current-activity/2022/03/08/microsoft-releases-march-2022-security-updates
SAP Releases March 2022 Security Updates
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
https://us-cert.cisa.gov/ncas/current-activity/2022/03/08/sap-releases-march-2022-security-updates
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
https://us-cert.cisa.gov/ncas/current-activity/2022/03/08/adobe-releases-security-updates-multiple-products
ZDI-22-492: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-492/
ZDI-22-491: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Write Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-491/
ZDI-22-490: (0Day) Ecava IntegraXor Inkscape WMF File Parsing Memory Corruption Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-490/
ZDI-22-489: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-489/
ZDI-22-488: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-488/
ZDI-22-487: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-487/
ZDI-22-486: (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-486/
ZDI-22-485: (0Day) Ecava IntegraXor Inkscape PCX File Parsing Out-Of-Bound Read Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-485/
AMD: LFENCE/JMP Mitigation Update for CVE-2017-5715
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
Intel Processor Advisory: INTEL-SA-00598
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832-5/
Security Bulletin: Vulnerability in ISC BIND affects IBM Integrated Analytics System.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-isc-bind-affects-ibm-integrated-analytics-system/
Security Bulletin: Vulnerability in IBM Java Runtime affects Watson Explorer Content Analytics Studio ( CVE-2021-2341)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-watson-explorer-content-analytics-studio-cve-2021-2341/
Security Bulletin: Vulnerability in Intel Xeon affects IBM Cloud Pak System (CVE-2021-0144)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-intel-xeon-affects-ibm-cloud-pak-system-cve-2021-0144/
XSA-398
https://xenbits.xen.org/xsa/advisory-398.html
F-Secure Produkte: Schwachstelle ermöglicht Codeausführung
http://www.cert-bund.de/advisoryshort/CB-K22-0279
Ruby on Rails: Schwachstelle ermöglicht Codeausführung
http://www.cert-bund.de/advisoryshort/CB-K22-0276
Citrix Hypervisor Security Update
https://support.citrix.com/article/CTX341586
NetApp SnapCenter Information Disclosure Vulnerability
http://support.lenovo.com/product_security/PS500477-NETAPP-SNAPCENTER-INFORMATION-DISCLOSURE-VULNERABILITY
Brocade Fabric OS Vulnerabilities
http://support.lenovo.com/product_security/PS500476-BROCADE-FABRIC-OS-VULNERABILITIES
Lenovo Thin Installer Denial of Service Vulnerability
http://support.lenovo.com/product_security/PS500475-LENOVO-THIN-INSTALLER-DENIAL-OF-SERVICE-VULNERABILITY
Glance by Mirametrix Vulnerability
http://support.lenovo.com/product_security/PS500474-GLANCE-BY-MIRAMETRIX-VULNERABILITY