Tageszusammenfassung - 07.04.2022

End-of-Day report

Timeframe: Mittwoch 06-04-2022 18:00 - Donnerstag 07-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

New FFDroider malware steals Facebook, Instagram, Twitter accounts

A new information stealer named FFDroider has emerged, stealing credentials and cookies stored in browsers to hijack victims social media accounts.

https://www.bleepingcomputer.com/news/security/new-ffdroider-malware-steals-facebook-instagram-twitter-accounts/

A Bad Luck BlackCat

A new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, but the group is also known as BlackCat.

https://securelist.com/a-bad-luck-blackcat/106254/

What is BIMI and how is it supposed to help with Phishing., (Thu, Apr 7th)

Phishing works because it is hard to figure out if an email or a website is authentic. Over the years, many technical solutions have been implemented to make it easier to recognize valid senders or a valid website.

https://isc.sans.edu/diary/rss/28528

SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps

As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot.

https://thehackernews.com/2022/04/sharkbot-banking-trojan-resurfaces-on.html

Whatsapp-Kettenbrief: "Milka" erneut Köder für gefälschte Gewinnspiele

Kriminelle werden nicht müde, die Schokoladenmarke für ihre Zwecke zu nutzen. Erst recht kurz vor Ostern.

https://heise.de/-6665629

DSGVO-Verstoß auf Ihrer Webseite? Lassen Sie sich nicht verunsichern!

Uns wurden zahlreiche E-Mails gemeldet, die auf einen DSGVO-Verstoß auf der Website von Unternehmen hinweisen. Das E-Mail bezieht sich auf die Verwendung von Google Analytics. Es besteht kein Grund zur Sorge, doch langfristig sollten Sie nach Alternativen zu dem Google-Dienst suchen.

https://www.watchlist-internet.at/news/dsgvo-verstoss-auf-ihrer-webseite-lassen-sie-sich-nicht-verunsichern/

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

https://us-cert.cisa.gov/ncas/current-activity/2022/04/06/cisa-adds-three-known-exploited-vulnerabilities-catalog

CVE-2022-26381: Gone by others! Triggering a UAF in Firefox

Memory corruption vulnerabilities have been well known for a long time and programmers have developed various methods to prevent them. One type of memory corruption that is very hard to prevent is the use-after-free and the reason is that it has too many faces!

https://www.thezdi.com/blog/2022/4/7/cve-2022-26381-gone-by-others-triggering-a-uaf-in-firefox

Vulnerabilities

Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug

American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago.

https://www.bleepingcomputer.com/news/security/palo-alto-networks-firewalls-vpns-vulnerable-to-openssl-bug/

Jetzt aktualisieren: VMware patcht teils kritische Sicherheitslücken

Mehrere VMware-Produkte sind von teils kritischen Lücken betroffen, durch die Angreifer Schadcode einschleusen könnten. Es gibt Updates und Gegenmaßnahmen.

https://heise.de/-6665440

Security updates for Thursday

Security updates have been issued by Arch Linux (bind), Debian (firefox-esr), Fedora (fribidi, gdal, and mingw-gdal), openSUSE (pdns-recursor and SDL2), Oracle (kernel), Slackware (mozilla), SUSE (glibc and openvpn-openssl1), and Ubuntu (fribidi and linux-azure-5.13, linux-oracle-5.13).

https://lwn.net/Articles/890620/

Multiple Cisco Security Products Simple Network Management Protocol Service Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ESA-SNMP-JLAJksWK

Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-stored-xss-XPsJghMY

Cisco Webex Meetings Java Deserialization Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-java-MVX6crH9

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx

Cisco Web Security Appliance Filter Bypass Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-filter-bypass-XXXTU3X

Cisco Secure Network Analytics Network Diagrams Application Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-mCA9tQnJ

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-info-exp-YXAWYP3s

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/

Security Bulletin: Apache Log4j vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability/

April 6, 2022 TNS-2022-08 [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.20.1: Patch 202204.1

http://www.tenable.com/security/tns-2022-08

VMSA-2022-0012

https://www.vmware.com/security/advisories/VMSA-2022-0012.html

K51048910: Eclipse Jetty vulnerability CVE-2021-28169

https://support.f5.com/csp/article/K51048910

Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin

https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/