Tageszusammenfassung - 27.04.2022

End-of-Day report

Timeframe: Dienstag 26-04-2022 18:00 - Mittwoch 27-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

Emotet malware now installs via PowerShell in Windows shortcut files

The Emotet botnet is now using Windows shortcut files (.LNK) containing PowerShell commands to infect victims computers, moving away from Microsoft Office macros that are now disabled by default.

https://www.bleepingcomputer.com/news/security/emotet-malware-now-installs-via-powershell-in-windows-shortcut-files/

RIG Exploit Kit drops RedLine malware via Internet Explorer bug

Threat analysts have uncovered yet another large-scale campaign delivering the RedLine stealer malware onto worldwide targets.

https://www.bleepingcomputer.com/news/security/rig-exploit-kit-drops-redline-malware-via-internet-explorer-bug/

MITRE ATT&CK v11 - a small update that can help (not just) with detection engineering, (Wed, Apr 27th)

On Monday, a new version of the framework was released, which (among other changes) extends its content a little in order to make its use more straightforward when it comes to mapping of existing detections and for implementation of new ones.

https://isc.sans.edu/diary/rss/28590

Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054)

We discovered a pre-authentication vulnerability that allowed us to make arbitrary HTTP requests, including requests with any HTTP method and request body.

https://blog.assetnote.io/2022/04/27/vmware-workspace-one-uem-ssrf/

Npm-Schwachstelle "Package Planting": Vertrauen ist gut, Kontrolle ist besser

Eine als Package Planting bezeichnete Sicherheitslücke im Paketmanager npm erlaubte laut Aquasec, die Vertrauenswürdigkeit bekannter Maintainer zu missbrauchen.

https://heise.de/-7066873

Knapp die Hälfte der Ransomware-Opfer zahlt Lösegeld

Die Zahl der von Erpressungstrojanern angegriffenen Mittelständler weltweit steigt. Und viele von ihnen zahlen Lösegeld - oft in siebenstelliger Höhe.

https://heise.de/-7067219

Webinar: Sicher bezahlen im Internet

Am Dienstag, den 3. Mai 2022 von 18:30 - 20:00 Uhr findet das kostenlose Webinar zum Thema -Sicher bezahlen im Internet" statt.

https://www.watchlist-internet.at/news/webinar-sicher-bezahlen-im-internet/

Betrügerische Anrufe zu Investitionsmöglichkeiten und Bitcoin

Vermehrt werden der Watchlist Internet aktuell betrügerische Anrufe gemeldet. Kriminelle versuchen durch diese Anrufe Opfer für Investment-Betrugsmaschen zu gewinnen.

https://www.watchlist-internet.at/news/betruegerische-anrufe-zu-investitionsmoeglichkeiten-und-bitcoin/

AA22-117A: 2021 Top Routinely Exploited Vulnerabilities

This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

https://us-cert.cisa.gov/ncas/alerts/aa22-117a

Vulnerabilities

New Nimbuspwn Linux vulnerability gives hackers root privileges

A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware.

https://www.bleepingcomputer.com/news/security/new-nimbuspwn-linux-vulnerability-gives-hackers-root-privileges/

CVE-2022-26148 Grafana Vulnerability in NetApp Products

Multiple NetApp products incorporate Grafana. Grafana versions through 7.3.4 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

https://security.netapp.com/advisory/ntap-20220425-0005/

Schadcode könnte Nvidias Embedded-System Jetson gefährlich werden

Sicherheitsupdates schließen Lücken in verschiedenen Jetson-Systemen von Nvidia.

https://heise.de/-7067304

Security updates for Wednesday

Security updates have been issued by Mageia (virtualbox), Red Hat (container-tools:2.0, container-tools:3.0, gzip, kernel, kernel-rt, kpatch-patch, mariadb:10.3, mariadb:10.5, maven-shared-utils, polkit, vim, xmlrpc-c, and zlib), Scientific Linux (maven-shared-utils), SUSE (ant, go1.17, go1.18, kernel, and xen), and Ubuntu (fribidi, git, libcroco, libsepol, linux, linux-gcp, linux-ibm, linux-lowlatency, openjdk-17, and openjdk-lts).

https://lwn.net/Articles/892802/

Chrome 101.0.4951.41 fixt 30 Schwachstellen

Google hat zum 26. April 2022 Updates des Google Chrome 101.0.4951.41 für Windows und Mac auf dem Desktop im Stable Channel freigegeben. Das ist der neue 101-Entwicklungszweig, wobei das Update 30, zum Teil als Hoch eingestufte Schwachstellen schließt.

https://www.borncity.com/blog/2022/04/27/chrome-101-0-4951-41-fixt-30-schwachstellen/

Security Advisory - Buffer Overflow Vulnerabilities In Huawei Product

http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220427-01-e9a493e2-en

Security Bulletin: UrbanCode Deploy users with create-resource permission for the standard resource type may create child resources inheriting custom types (CVE-2022-22315).

https://www.ibm.com/blogs/psirt/security-bulletin-urbancode-deploy-users-with-create-resource-permission-for-the-standard-resource-type-may-create-child-resources-inheriting-custom-types-cve-2022-22315/

Security Bulletin: Dojo vulnerability in WebSphere Liberty affects SPSS Collaboration and Deployment Services (CVE-2021-23450)

https://www.ibm.com/blogs/psirt/security-bulletin-dojo-vulnerability-in-websphere-liberty-affects-spss-collaboration-and-deployment-services-cve-2021-23450/

SonicOS Content Filtering Service and SNMP feature affected by multiple vulnerabilities

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004