Tageszusammenfassung - 10.03.2022

End-of-Day report

Timeframe: Mittwoch 09-03-2022 18:00 - Donnerstag 10-03-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner


Nearly 30% of critical WordPress plugin bugs dont get a patch

Patchstack, a leader in WordPress security and threat intelligence, has released a whitepaper to present the state of WordPress security in 2021, and the report paints a dire picture.


What Security Controls Do I Need for My Kubernetes Cluster?

This Tech Tip offers some security controls to embed in your organizations CI/CD pipeline to protect Kubernetes clusters and corporate networks.


Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads

The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.


Credentials Leaks on VirusTotal, (Thu, Mar 10th)

A few weeks ago, researchers published some information about stolen credentials that were posted on Virustotal[1]. Im keeping an eye on VT for my customers and searching for data related to them. For example, I looking for their domain name(s) inside files posted on VT. I may confirm what researchers said, there are a lot of passwords leaks shared on VTI but yesterday, there was a peak of files uploaded on this platform.


Demystifying E-Commerce Website Security

Here we-ll be discussing the main aspects that are important to an E-Commerce website, the kinds of vulnerabilities that can impact your business, and how to take better preventative measures.


Pre-announcement of 4 BIND security issues scheduled for disclosure 16 March 2022

As part of our policy of pre-notification of upcoming security releases, we are writing to inform you that the March 2022 BIND maintenance releases that will be released on Wednesday, 16 March, will contain a patches for a security vulnerabilities affecting the BIND 9.11.x, 9.16.x and 9.18.x release branches. Further details about those vulnerabilities will be publicly disclosed at the time the releases are published.


Getting Critical: Making Sense of the EU Cybersecurity Framework for Cloud Providers

In this chapter, we review how the EU cybersecurity regulatory framework impacts providers of cloud computing services. We examine the evolving regulatory treatment of cloud services as an enabler of the EUs digital economy and question whether all cloud services should be treated as critical infrastructure. Further, we look at how the safeguarding and incident notification obligations under the General Data Protection Regulation (GDPR) and the Network and Information Systems Directive (NISD)


The Conti Leaks: Insight into a Ransomware Unicorn

In late February 2022, the internal chat logs of the Conti ransomware group were disclosed. This blog dissects the internal chat logs that illuminate how Conti-s organizational infrastructure is run, details key figureheads, tooling as well as bitcoin transactions.


Spectre V2 ist auch bei ARM und Intel zurück: Angriff auf Branch History Buffer

Bisherige Schutzmechanismen von Intel-Prozessoren und ARM-Kernen gegen Seitenkanalangriffe vom Typ Spectre V2 reichen nicht aus.


-Ihr ID-Betriebssystem wird gesperrt- - Apple E-Mail ist Fake!

Im betrügerischen E-Mail, das angeblich von Apple versendet wird, werden Sie aufgefordert Ihre Apple ID zu überprüfen. Doch Vorsicht - es handelt sich um Phishing! Hier sind Kriminelle auf Ihre Daten aus! Am besten ignorieren Sie das E-Mail.


Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools

Opportunistic cybercriminals are attempting to exploit Ukrainian sympathizers by offering malware purporting to be offensive cyber tools to target Russian entities. Once downloaded, these files infect unwitting users rather than delivering the tools originally advertised.



[webapps] Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)

# note : this is blind RCE so don't expect to see results on the site # this exploit is tested against Zabbix 5.0.17 only



CVEs: CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends


Security updates for Thursday

Security updates have been issued by Debian (firefox-esr and kernel), Fedora (cyrus-sasl, mingw-protobuf, and thunderbird), Mageia (kernel-linus), openSUSE (firefox, kernel, and libcaca), Oracle (.NET 6.0, kernel, kernel-container, and ruby:2.5), Slackware (mozilla-thunderbird), and SUSE (firefox, mariadb, and tomcat).


Drupal: Mehrere Schwachstellen

- SVG Formatter - Critical - Cross Site Scripting - SA-CONTRIB-2022-028 - Opigno Learning path - Moderately critical - Access bypass - SA-CONTRIB-2022-029


CVE-2022-0022 PAN-OS: Use of a Weak Cryptographic Algorithm for Stored Password Hashes (Severity: MEDIUM)

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. [..] Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes.


UNIVERGE WA Series vulnerable to OS command injection


[remote] Siemens S7-1200 - Unauthenticated Start/Stop Command


Security Bulletin: IBM Guardium Data Encryption (GDE) has an information exposure vulnerability (CVE-2021-39025)


Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights CVE-2021-23450


Security Bulletin: IBM Guardium Data Encryption is vulnerable to cross-site scripting (CVE-2020-7676)


Security Bulletin: Vulnerability in Intel Xeon affects IBM Cloud Pak System (CVE-2021-0144)


Security Bulletin: Vulnerability in BIND affects AIX (CVE-2021-25219)


Security Bulletin: IBM DataPower Gateway permits reflected JSON injection (CVE-2021-38910)


Security Bulletin: Due to use of Apache Log4j, OmniFind Text Search Server for DB2 for i is vulnerable to arbitrary code execution (CVE-2021-4104)