End-of-Day report
Timeframe: Donnerstag 07-04-2022 18:00 - Freitag 08-04-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Malicious web redirect service infects 16,500 sites to push malware
A new TDS (Traffic Direction System) operation called Parrot has emerged in the wild, having already infected servers hosting 16,500 websites of universities, local governments, adult content platforms, and personal blogs.
https://www.bleepingcomputer.com/news/security/malicious-web-redirect-service-infects-16-500-sites-to-push-malware/
Mirai malware now delivered using Spring4Shell exploits
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks.
https://www.bleepingcomputer.com/news/security/mirai-malware-now-delivered-using-spring4shell-exploits/
CVE-2021-30737, @xerubs 2021 iOS ASN.1 Vulnerability
Originally this post was just a series of notes I took last year as I was trying to understand this bug. But the bug itself and the narrative around it are so fascinating that I thought it would be worth writing up these notes into a more coherent form to share with the community.
https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-ios-asn1.html
Public Report - Google Enterprise API Security Assessment
During the autumn of 2021, Google engaged NCC Group to perform a review of the Android 12 Enterprise API to evaluate its compliance with the Security Technical Implementation Guides (STIG) matrix provided by Google.
https://research.nccgroup.com/2022/04/07/public-report-google-enterprise-api-security-assessment/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Arch Linux (libtiff), Debian (chromium), Fedora (buildah and chromium), openSUSE (firefox), SUSE (firefox, libsolv, libzypp, and openjpeg2), and Ubuntu (firefox and python-oslo.utils).
https://lwn.net/Articles/890718/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-host-on-demand-3/
Security Bulletin: IBM SPSS Analytic Server is vulnerable to LDAP Injection (CVE-2021-39031)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spss-analytic-server-is-vulnerable-to-ldap-injection-cve-2021-39031/
Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2021-22931)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-verify-governance-in-response-to-a-security-vulnerability-cve-2021-22931/
Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2022-21824)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-verify-governance-in-response-to-a-security-vulnerability-cve-2022-21824/
Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-host-on-demand-3/
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site request forgery (CVE-2020-4668)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-is-vulnerable-to-cross-site-request-forgery-cve-2020-4668/
Security Bulletin: Vulnerability in json4j - CVE-2021-3918 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-json4j-cve-2021-3918-publicly-disclosed-vulnerability-impacts-ibm-watson-machine-learning-accelerator/
Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-and-the-ibm-maximo-manage-application-in-ibm-maximo-application-suite-may-be-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-1-2-cve-2021-410/
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-16/
Security Bulletin: Apache Log4j vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-2/
Security Bulletin: LDAP vulnerability in WebSphere Liberty Profile can affect IBM InfoSphere Global Name Management ENS (CVE-2021-39031)
https://www.ibm.com/blogs/psirt/security-bulletin-ldap-vulnerability-in-websphere-liberty-profile-can-affect-ibm-infosphere-global-name-management-ens-cve-2021-39031/
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004
https://webkitgtk.org/security/WSA-2022-0004.html
D-LINK Router: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten
http://www.cert-bund.de/advisoryshort/CB-K22-0405
D-LINK Router: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten
http://www.cert-bund.de/advisoryshort/CB-K22-0406
Microsoft Edge 100.0.1185.36 fixt Schwachstelle
https://www.borncity.com/blog/2022/04/08/microsoft-edge-100-0-1185-36-fixt-schwachstelle/