End-of-Day report
Timeframe: Donnerstag 31-03-2022 18:00 - Freitag 01-04-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
New BlackGuard password-stealing malware sold on hacker forums
A new information-stealing malware named BlackGuard is winning the attention of the cybercrime community, now sold on numerous darknet markets and forums for a lifetime price of $700 or a subscription of $200 per month.
https://www.bleepingcomputer.com/news/security/new-blackguard-password-stealing-malware-sold-on-hacker-forums/
Viasat confirms satellite modems were wiped with AcidRain malware
A newly discovered data wiper malware that wipes routers and modems has been deployed in the cyberattack that targeted the KA-SAT satellite broadband service to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe.
https://www.bleepingcomputer.com/news/security/viasat-confirms-satellite-modems-were-wiped-with-acidrain-malware/
Phishing uses Azure Static Web Pages to impersonate Microsoft
Phishing attacks are abusing Microsoft Azures Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials.
https://www.bleepingcomputer.com/news/microsoft/phishing-uses-azure-static-web-pages-to-impersonate-microsoft/
FORCEDENTRY: Sandbox Escape
In this post we'll take a look at that sandbox escape. It's notable for using only logic bugs. In fact it's unclear where the features that it uses end and the vulnerabilities which it abuses begin.
https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html
iOS-Updates: Automatik braucht mehrere Wochen
Wer will, dass sein iPhone auf aktuellem Stand ist, sollte händisch aktualisieren. Die automatische Verteilung braucht lange, bestätigt Apples Softwarechef.
https://heise.de/-6657879
CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell)
CVE-2022-22965, aka SpringShell, is a remote code execution vulnerability in the Spring Framework. We provide a root cause analysis and mitigations.
https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/
The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities
The flaws can be exploited to execute code on vulnerable controllers and workstations.
https://www.zdnet.com/article/cisa-issues-alert-on-critical-ics-vulnerabilities-in-rockwell-systems/
Spring Framework RCE, Mitigation Alternative
Yesterday we announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcat-s side. While the vulnerability is not in Tomcat itself, in real world situations, it is important to be able to choose among multiple upgrade paths that in turn provides flexibility and layered protection.
https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative
Vulnerabilities
IBM Security Bulletins 2022-03-31
IBM App Connect Enterprise Certified Container, IBM Sterling Partner Engagement Manager, IBM QRadar Network Security, IBM Security Access Manager for Enterprise, IBM Urbancode Deploy, IBM Tivoli Application Dependency Discovery Manager, IBM Tivoli Netcool Impact, Watson Knowledge Catalog InstaScan
https://www.ibm.com/blogs/psirt/
Kritische Sicherheitslücke: Gitlab-Update außer der Reihe
Die Gitlab-Entwickler haben ein Update veröffentlicht, um Sicherheitslücken zu schließen. Eine kritische Lücke könnte Angreifern die Kontoübernahme ermöglichen.
https://heise.de/-6660080
Security updates for Friday
Security updates have been issued by Debian (wireshark), Fedora (389-ds-base), Mageia (golang, wavpack, and zlib), openSUSE (yaml-cpp), SUSE (expat and yaml-cpp), and Ubuntu (linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-5.4, linux-azure, linux-gcp, linux-gcp-5.13, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-aws-hwe, linux-gcp-4.15, linux-oracle, linux-intel-5.13, and tomcat9).
https://lwn.net/Articles/889983/
Sicherheitsupdates: iOS 15.4.1 und macOS Monterey 12.3.1
Apple hat zum 31. März 2022 zwei Sicherheitsupdates für macOS 12.3.1 (Monterey) und iOS/iPad OS 15.4.1 freigegeben. Diese schließen die Schwachstellen CVE-2022-22675 (in AppleAVD für iOS und macOS) und CVE-2022-22674 im macOS Intel Grafiktreiber.
https://www.borncity.com/blog/2022/04/01/sicherheitsupdates-ios-15-4-1-und-macos-monterey-12-3-1/
K56241216: OpenLDAP vulnerabilities CVE-2020-25709 and CVE-2020-25710
https://support.f5.com/csp/article/K56241216
K44994972: Linux kernel vulnerability CVE-2020-25704
https://support.f5.com/csp/article/K44994972
Schneider Electric SCADAPack Workbench
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-01
Hitachi Energy e-mesh EMS
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-02
Fuji Electric Alpha5
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03
Mitsubishi Electric FA Products
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04
General Electric Renewable Energy MDS Radios
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-06
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
https://us-cert.cisa.gov/ncas/current-activity/2022/03/31/cisa-adds-seven-known-exploited-vulnerabilities-catalog
Mehrere Schwachstellen in ZA|ARC (SYSS-2021-063/-064/-065/-066/-067)
https://www.syss.de/pentest-blog/mehrere-schwachstellen-in-zaarc-syss-2021-063/-064/-065/-066/-067
SA45100 - CVE-2022-0778-OpenSSL-Vulnerability may lead to DoS attack
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/CVE-2022-0778-OpenSSL-Vulnerability-may-lead-to-DoS-attack