End-of-Day report
Timeframe: Donnerstag 21-04-2022 18:00 - Freitag 22-04-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Sicherheitslücke: Apple-Codec sorgt für Lücke in Android-Smartphones
Mit päparierten Audiodateien haben sich etliche Android-Smartphones mit Qualcomm- oder Mediatek-Chip hacken lassen.
https://www.golem.de/news/sicherheitsluecke-apple-codec-sorgt-fuer-luecke-in-android-smartphones-2204-164792-rss.html
LemonDuck zielt auf Docker
LemonDuck, ein Kryptomining-Botnet, hat es auf Docker abgesehen, um Kryptowährung auf Linux-Systemen zu schürfen. Diese Kampagne ist derzeit aktiv.
https://www.zdnet.de/88400783/lemonduck-zielt-auf-docker/
Kritische Lücken in XML Parser Expat gefährden IBM Db2
Updates sichern die Datenbank-Software Db2 von IBM ab. Angreifer könnten Systeme mit Schadcode attackieren.
https://heise.de/-7062152
Vorsicht Fake-SMS: -Sie haben eine neue Sprachnachricht erhalten-
Leser:innen der Watchlist Internet melden derzeit wieder vermehrt betrügerische SMS. Kriminelle behaupten dabei, dass Sie eine neue Sprachnachricht hätten. Um mehr zu erfahren, sollen Sie auf einen Link klicken. Wer diesem Link folgt, landet auf einer betrügerischen Webseite, auf der eine App heruntergeladen werden soll. Installieren Sie die App auf keinen Fall! Es handelt sich um gefährliche Schadsoftware.
https://www.watchlist-internet.at/news/vorsicht-fake-sms-sie-haben-eine-neue-sprachnachricht-erhalten/
QNAP warns of new bugs in its Network Attached Storage devices
Heres what you need to know - plus some sensible advice for all the devices on your home or small biz network!
https://nakedsecurity.sophos.com/2022/04/22/qnap-warns-of-new-bugs-in-its-network-attached-storage-devices/
Threat Assessment: BlackByte Ransomware
BlackByte is ransomware as a service that emerged in July 2021. Read our overview and recommended courses of action for mitigation.
https://unit42.paloaltonetworks.com/blackbyte-ransomware/
Atlassian fixes critical Jira authentication bypass vulnerability
Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the companys web application security framework.
https://www.bleepingcomputer.com/news/security/atlassian-fixes-critical-jira-authentication-bypass-vulnerability/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Fedora (composer, golang-x-crypto, rubygem-nokogiri, wavpack, xen, and xz) and SUSE (dnsmasq, openjpeg, swtpm, tomcat, and xen).
https://lwn.net/Articles/892372/
Multiple vulnerabilities found in Mitsubishi controllers
Mitsubishi recommends using encryption and firewalls. This will help minimize the risk of the detected vulnerabilities being exploited.
https://www.ptsecurity.com/ww-en/about/news/multiple-vulnerabilities-found-in-mitsubishi-controllers
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - nginx (CVE-2018-16844, CVE-2018-16845, CVE-2018-16843, CVE-2019-7401)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-nginx-cve-2018-16844-cve-2018-16845-cve-2018-16843-cve-2019-7401/
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (Multiple CVEs)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-process-mining-multiple-cves/
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise (CVE-2022-21824)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-cve-2022-21824/
Security Bulletin: Vulnerability in Node.js affects IBM Process Mining (CVE-2019-5484)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-affects-ibm-process-mining-cve-2019-5484/
Security Bulletin: Vulnerability in Lodash affects IBM Process Mining (Multiple CVEs)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-lodash-affects-ibm-process-mining-multiple-cves/
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise (CVE-2021-44532)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-cve-2021-44532/
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27223,CVE-2021-28169)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-process-mining-cve-2020-27223cve-2021-28169/
Security Bulletin: Vulnerability in Apache Log4j affects IBM Integrated Analytics System.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-ibm-integrated-analytics-system/
Security Bulletin: Vulnerability in Node.js Color-String affects IBM Process Mining (CVE-2021-29060)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-color-string-affects-ibm-process-mining-cve-2021-29060/
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2020-8231)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-curl-cve-2020-8231/
Security Bulletin: Vulnerability in Node.js lodash affects IBM Process Mining (CVE-2021-23337,CVE-2020-28500)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-lodash-affects-ibm-process-mining-cve-2021-23337cve-2020-28500/
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27216)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-process-mining-cve-2020-27216/
Security Bulletin: Vulnerability in jQuery affects IBM Process Mining (Multiple CVEs)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jquery-affects-ibm-process-mining-multiple-cves/
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise (CVE-2021-44533)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-cve-2021-44533/
Security Bulletin: Vulnerability in http2-common affects IBM Process Mining (Multiple CVEs)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-http2-common-affects-ibm-process-mining-multiple-cves/
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2021-28165)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-process-mining-cve-2021-28165/
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - NGINX (CVE-2019-20372)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-nginx-cve-2019-20372/
Security Bulletin: Vulnerability in Node.js normalize-url affects IBM Process Mining (CVE-2021-33502)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-normalize-url-affects-ibm-process-mining-cve-2021-33502/
Security Bulletin: Vulnerability in Node.js IS-SVG affects IBM Process Mining (CVE-2021-29059, CVE-2021-28092)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-is-svg-affects-ibm-process-mining-cve-2021-29059-cve-2021-28092/
Security Bulletin: The Apache Log4j (CVE-2021-4104) vulnerability affects TPF Operations Server
https://www.ibm.com/blogs/psirt/security-bulletin-the-apache-log4j-cve-2021-4104-vulnerability-affects-tpf-operations-server/
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-6/
Security Bulletin: Due to WebSphere Liberty is vulnerable, PowerVM Novalink could allow a remote attacker to hijack the clicking action of the victim.
https://www.ibm.com/blogs/psirt/security-bulletin-due-to-websphere-liberty-is-vulnerable-powervm-novalink-could-allow-a-remote-attacker-to-hijack-the-clicking-action-of-the-victim/
Security Bulletin: Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights CVE-2021-39031
https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-vulnerabilities-in-ibm-websphere-application-server-liberty-affects-ibm-cloud-application-business-insights-cve-2021-39031/
Security Bulletin: IBM Robotic Process Automation is vulnerable to a denial of service through node.js lodash
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-a-denial-of-service-through-node-js-lodash/
Security Bulletin: Vulnerability in Apache Commons IO affects IBM Process Mining (CVE-2021-29425)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-io-affects-ibm-process-mining-cve-2021-29425/
Security Bulletin: Vulnerability in nth-check affects IBM Process Mining (CVE-2021-3803)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nth-check-affects-ibm-process-mining-cve-2021-3803/