Tageszusammenfassung - 01.04.2022

End-of-Day report

Timeframe: Donnerstag 31-03-2022 18:00 - Freitag 01-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a


New BlackGuard password-stealing malware sold on hacker forums

A new information-stealing malware named BlackGuard is winning the attention of the cybercrime community, now sold on numerous darknet markets and forums for a lifetime price of $700 or a subscription of $200 per month.


Viasat confirms satellite modems were wiped with AcidRain malware

A newly discovered data wiper malware that wipes routers and modems has been deployed in the cyberattack that targeted the KA-SAT satellite broadband service to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe.


Phishing uses Azure Static Web Pages to impersonate Microsoft

Phishing attacks are abusing Microsoft Azures Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials.


FORCEDENTRY: Sandbox Escape

In this post we'll take a look at that sandbox escape. It's notable for using only logic bugs. In fact it's unclear where the features that it uses end and the vulnerabilities which it abuses begin.


iOS-Updates: Automatik braucht mehrere Wochen

Wer will, dass sein iPhone auf aktuellem Stand ist, sollte händisch aktualisieren. Die automatische Verteilung braucht lange, bestätigt Apples Softwarechef.


CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell)

CVE-2022-22965, aka SpringShell, is a remote code execution vulnerability in the Spring Framework. We provide a root cause analysis and mitigations.


The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities

The flaws can be exploited to execute code on vulnerable controllers and workstations.


Spring Framework RCE, Mitigation Alternative

Yesterday we announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcat-s side. While the vulnerability is not in Tomcat itself, in real world situations, it is important to be able to choose among multiple upgrade paths that in turn provides flexibility and layered protection.



IBM Security Bulletins 2022-03-31

IBM App Connect Enterprise Certified Container, IBM Sterling Partner Engagement Manager, IBM QRadar Network Security, IBM Security Access Manager for Enterprise, IBM Urbancode Deploy, IBM Tivoli Application Dependency Discovery Manager, IBM Tivoli Netcool Impact, Watson Knowledge Catalog InstaScan


Kritische Sicherheitslücke: Gitlab-Update außer der Reihe

Die Gitlab-Entwickler haben ein Update veröffentlicht, um Sicherheitslücken zu schließen. Eine kritische Lücke könnte Angreifern die Kontoübernahme ermöglichen.


Security updates for Friday

Security updates have been issued by Debian (wireshark), Fedora (389-ds-base), Mageia (golang, wavpack, and zlib), openSUSE (yaml-cpp), SUSE (expat and yaml-cpp), and Ubuntu (linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-5.4, linux-azure, linux-gcp, linux-gcp-5.13, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-aws-hwe, linux-gcp-4.15, linux-oracle, linux-intel-5.13, and tomcat9).


Sicherheitsupdates: iOS 15.4.1 und macOS Monterey 12.3.1

Apple hat zum 31. März 2022 zwei Sicherheitsupdates für macOS 12.3.1 (Monterey) und iOS/iPad OS 15.4.1 freigegeben. Diese schließen die Schwachstellen CVE-2022-22675 (in AppleAVD für iOS und macOS) und CVE-2022-22674 im macOS Intel Grafiktreiber.


K56241216: OpenLDAP vulnerabilities CVE-2020-25709 and CVE-2020-25710


K44994972: Linux kernel vulnerability CVE-2020-25704


Schneider Electric SCADAPack Workbench


Hitachi Energy e-mesh EMS


Fuji Electric Alpha5


Mitsubishi Electric FA Products


General Electric Renewable Energy MDS Radios


CISA Adds Seven Known Exploited Vulnerabilities to Catalog


Mehrere Schwachstellen in ZA|ARC (SYSS-2021-063/-064/-065/-066/-067)


SA45100 - CVE-2022-0778-OpenSSL-Vulnerability may lead to DoS attack