End-of-Day report
Timeframe: Freitag 18-03-2022 18:00 - Montag 21-03-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Elden Ring: Hacker zerstören Spielstände
Invasionen feindlicher Spieler sind noch gefährlicher geworden, denn eine Sicherheitslücke kann Elden Ring zum Absturz zu bringen.
https://www.golem.de/news/elden-ring-hacker-zerstoeren-spielstaende-2203-164001-rss.html
Sicherheitsanalyse zum Industrieprotokoll OPC UA aktualisiert
Die Studie des BSI liefert eine Bewertung der spezifizierten und realisierten Sicherheitsfunktionen von OPC UA.
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Studie-OPC-UA_220321.html
Willhaben-VerkäuferInnen aufgepasst: Kurierdienst von Willhaben ist Betrug
Auf willhaben.at inseriert? Dann nehmen Sie sich vor betrügerischen KäuferInnen in Acht! Betrügerische KäuferInnen schlagen Ihnen vor, die Zahlung und Übergabe der Ware über den -Kurierdienst PayLivery AG- vorzunehmen. Der Link zur Webseite, auf der dieser -Kurierdienst- beschrieben wird, wird gleich mitgesendet. Vorsicht: Diesen Kurierdienst gibt es gar nicht. Die Webseite willhaben-at.shop/help.html ist gefälscht und gehört nicht zu willhaben.at!
https://www.watchlist-internet.at/news/willhaben-verkaeuferinnen-aufgepasst-kurierdienst-von-willhaben-ist-betrug/
Free decryptor released for TrickBot gangs Diavol ransomware
Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom.
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-trickbot-gangs-diavol-ransomware/
New Phishing toolkit lets anyone create fake Chrome browser windows
A phishing kit has been released that allows red teamers and wannabe cybercriminals to create effective single sign-on phishing login forms using fake Chrome browser windows.
https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-lets-anyone-create-fake-chrome-browser-windows/
Meet Exotic Lily, access broker for ransomware and other malware peddlers
Exotic Lily is the name given to a group of cybercriminals that specialized as an initial access broker, serving groups like Conti and Diavol ransomware.
https://blog.malwarebytes.com/threat-spotlight/2022/03/meet-exotic-lily-access-broker-for-ransomware-and-other-malware-peddlers/
APT35 Automates Initial Access Using ProxyShell
In December 2021, we observed an adversary exploiting the Microsoft Exchange ProxyShell vulnerabilities to gain initial access and execute code via multiple web shells. The overlap of activities and tasks [...]
https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell/
Vulnerabilities
Kritische Sicherheitslücke in Western Digital EdgeRover geschlossen
Ein Sicherheitsupdate für Western Digitals Datenverwaltungsanwendung EdgeRover sperrt Angreifer aus.
https://heise.de/-6594172
A Bug That Doesnt Want To Die (CVE-2021-34484)
In November we issued a micropatch for a local privilege escalation in User Profile Service. This vulnerability was found and reported to Microsoft by security researcher Abdelhamid Naceri and assigned CVE-2021-34484 when initially fixed. Abdelhamid subsequently noticed that Microsofts patch was incomplete and wrote a POC to bypass it. Based on that information, we were able to create a micropatch for what was then considered a 0day [...]
https://blog.0patch.com/2022/03/a-bug-that-doesnt-want-to-die-cve-2021.html
Micropatching Unpatched Local Privilege Escalation in Mobile Device Management Service (CVE-2021-24084 / 0day)
Update 3/21/2022: Microsofts fix for this issue turned out to be flawed. We ported our micropatches to all affected Windows versions and made them all FREE for everyone again.
https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
Security updates for Monday
Security updates have been issued by Debian (bind9, chromium, libgit2, libpano13, paramiko, usbredir, and wordpress), Fedora (expat, kernel, openexr, thunderbird, and wordpress), openSUSE (chromium, frr, and weechat), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), SUSE (frr), and Ubuntu (imagemagick).
https://lwn.net/Articles/888686/
OTRS: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K22-0332
MISP: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K22-0331
Security Bulletin: IBM Security Guardium is vulnerable to arbitrary code execution due to Apache log4j (CVE-2021-4104)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104-2/
Security Bulletin: Multiple vulnerabilities fixed in IBM Maximo Application Suite Monitor
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-fixed-in-ibm-maximo-application-suite-monitor/
Security Bulletin: IBM Answer Retrieval for Watson Discovery is vulnerable to phishing attacks due to Swagger UI (CVE number(s) 221508)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-answer-retrieval-for-watson-discovery-is-vulnerable-to-phishing-attacks-due-to-swagger-ui-cve-numbers-221508/
Security Bulletin: urllib upgrade CVE-2021-33503, CVE-2021-28363
https://www.ibm.com/blogs/psirt/security-bulletin-urllib-upgrade-cve-2021-33503-cve-2021-28363/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-11/
Security Bulletin: IBM Spectrum Protect 8.1.14.000 Server is vulnerable to bypass of security restrictions (CVE-2022-22394)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-8-1-14-000-server-is-vulnerable-to-bypass-of-security-restrictions-cve-2022-22394/
Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-2369)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2021-2369/
Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2020-14781)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2020-14781/
Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-2161)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2021-2161/
Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35550)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2021-35550/
Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35578)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2021-35578/
Security Bulletin: A vulnerability in Java SE related to the Libraries component affects IBM Control Center (CVE-2020-14782)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-related-to-the-libraries-component-affects-ibm-control-center-cve-2020-14782/
Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2020-2773)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2020-2773/
Security Bulletin: Vulnerabilities in Java SE and Eclipse OpenJ9 affect IBM Control Center (CVE-2020-14803 & CVE-2020-27221)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-se-and-eclipse-openj9-affect-ibm-control-center-cve-2020-14803-cve-2020-27221/
Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35603)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-se-affects-ibm-control-center-cve-2021-35603/