Tageszusammenfassung - 30.03.2022

End-of-Day report

Timeframe: Dienstag 29-03-2022 18:00 - Mittwoch 30-03-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner

News

Mars Stealer malware pushed via OpenOffice ads on Google

A newly launched information-stealing malware variant called Mars Stealer is rising in popularity, and threat analysts are now spotting the first notable large-scale campaigns employing it.

https://www.bleepingcomputer.com/news/security/mars-stealer-malware-pushed-via-openoffice-ads-on-google/

Viasat shares details on KA-SAT satellite service cyberattack

US satellite communications provider Viasat has shared an incident report regarding the cyberattack that affected its KA-SAT consumer-oriented satellite broadband service on February 24, the day Russia invaded Ukraine.

https://www.bleepingcomputer.com/news/security/viasat-shares-details-on-ka-sat-satellite-service-cyberattack/

Angriff auf Schnellllader: Forscher können Ladevorgänge per Funk unterbrechen

CCS hat sich als Standard beim Schnellladen von Elektroautos etabliert. Doch der Ladevorgang lässt sich durch Funksignale zum Absturz bringen.

https://www.golem.de/news/schnelllladen-forscher-bringen-ccs-ladevorgaenge-per-funk-zum-absturz-2203-164273-rss.html

Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks

Team Nautilus has uncovered a Python-based ransomware attack that, for the first time, was targeting Jupyter Notebook, a popular tool used by data practitioners. The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack.

https://blog.aquasec.com/python-ransomware-jupyter-notebook

Kostenlose Webinar-Reihe: So schützen Sie sich im Internet

Mit Unterstützung der Arbeiterkammer Burgenland veranstalten unsere KollegInnen von saferinternet.at ab 5. April eine Webinar-Reihe. Die kostenlosen Webinare sind für alle interessierten Erwachsenen offen und beschäftigen sich mit dem sicheren und verantwortungsvollen Umgang mit digitalen Medien. Mit dabei sind auch ExpertInnen der Watchlist Internet.

https://www.watchlist-internet.at/news/kostenlose-webinar-reihe-so-schuetzen-sie-sich-im-internet/

Investigating an engineering workstation - Part 2

In this second post we will focus on specific evidence written by the TIA Portal. As you might remember, in the first part we covered standard Windows-based artefacts regarding execution of the TIA Portal and usage of projects.

https://blog.nviso.eu/2022/03/30/investigating-an-engineering-workstation-part-2/

Advanced warning: probable remote code execution (RCE) in Spring, an extremely popular Java framework

This notice is intended to alert you that there may be a significant issue with Spring which, if confirmed, would require immediate attention.In the morning (New York time) on Wednesday, March 29th, 2022, a member of the security research team KnownSec posted a now-removed screenshot to Twitter purporting to show a trivially-exploited remote code execution vulnerability against Spring core, the most popular Java framework in use on the Internet. The researcher did not provide a proof-of-concept or public details.

https://bugalert.org/content/notices/2022-03-29-spring.html

Vulnerabilities

Jetzt aktualisieren! Angriffe auf Sicherheitslücke in Trend Micro Apex Central

Trend Micro warnt vor Angriffen auf eine Sicherheitslücke in zentralen Verwaltungssoftware Apex Central. Zum Abdichten des Lecks stehen Updates bereit.

https://heise.de/-6656849

VMSA-2022-0009

CVSSv3 Range: 5.5 CVE(s): CVE-2022-22948 Synopsis: VMware vCenter Server updates address an information disclosure vulnerability

https://www.vmware.com/security/advisories/VMSA-2022-0009.html

Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk

On February 15, 2022, the Wordfence Threat Intelligence team finished research on two separate vulnerabilities in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin with over 100,000 installations. [...] A patched version, 5.174.1, was made available on March 25, 2022.

https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk/

Security updates for Wednesday

Security updates have been issued by CentOS (expat, firefox, httpd, openssl, and thunderbird), Debian (cacti), Fedora (kernel, rsh, unrealircd, and xen), Mageia (kernel and kernel-linus), openSUSE (apache2, java-1_8_0-ibm, kernel, openvpn, and protobuf), Oracle (openssl), Red Hat (httpd:2.4, kernel, kpatch-patch, and openssl), SUSE (apache2, java-1_7_1-ibm, java-1_8_0-ibm, kernel, openvpn, protobuf, and zlib), and Ubuntu (chromium-browser and paramiko).

https://lwn.net/Articles/889682/

SaltStack Salt: Mehrere Schwachstellen

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SaltStack Salt ausnutzen, um Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen, Privilegien zu erweitern oder beliebigen Programmcode auszuführen.

http://www.cert-bund.de/advisoryshort/CB-K22-0371

Trend Micro AntiVirus für Mac: Schwachstelle ermöglicht Privilegieneskalation

Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro AntiVirus für Mac ausnutzen, um seine Privilegien zu erhöhen.

http://www.cert-bund.de/advisoryshort/CB-K22-0370

Google Releases Security Updates for Chrome

Google has released Chrome version 100.0.4896.60 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

https://us-cert.cisa.gov/ncas/current-activity/2022/03/30/google-releases-security-updates-chrome

Password-Hash-Preisgabe im CMS Statamic (SYSS-2022-022)

Im CMS Statamic können in der REST-API Passwort-Hash-Werte aller Benutzer:innen ausgelesen werden. Dies kann zur Übernahme der Website führen.

https://www.syss.de/pentest-blog/password-hash-preisgabe-in-statamic-cms-syss-2022-022

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021and Jan 2022

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2021and-jan-2022/

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

https://www.ibm.com/blogs/psirt/security-bulletin-an-eclipse-jetty-vulnerability-affects-ibm-rational-functional-tester-2/