Tageszusammenfassung - 03.05.2022

End-of-Day report

Timeframe: Montag 02-05-2022 18:00 - Dienstag 03-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer

News

Cyberspies use IP cameras to deploy backdoors, steal Exchange emails

A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.

https://www.bleepingcomputer.com/news/security/cyberspies-use-ip-cameras-to-deploy-backdoors-steal-exchange-emails/


AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws.

https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html


Zyxel firmware extraction and password analysis

In this first article of our Zyxel audit series we will cover firmware extraction and password decryption against Zyxel ZyWALL Unified Security Gateway (USG) appliances.

https://security.humanativaspa.it/zyxel-firmware-extraction-and-password-analysis/


Trend Micros Apex One meldet Trojaner im Webbrowser Microsoft Edge

Es mehren sich Beschwerden von Nutzern in den Internetforen, dass der Virenscanner Apex One bei Ihnen einen Trojaner-Befall in Microsofts Edge-Browser meldet.

https://heise.de/-7073156


Vorsicht vor Betrug auf BlaBlaCar

BlaBlaCar, eine Plattform für Mitfahrgelegenheiten, gerät ins Visier von Kriminellen. Kriminelle erstellen bei BlaBlaCar Fake-Profile und bieten Fahrten an. Mitfahrer:innen, die diese Fahrt buchen, werden dann auf WhatsApp kontaktiert und auf eine betrügerische Zahlungsplattform gelockt.

https://www.watchlist-internet.at/news/vorsicht-vor-betrug-auf-blablacar/


Attackers Target Packages in Multiple Programming Languages in Recent Software Supply Chain Attacks

Malicious packages in multiple programming languages that went undetected for years were revealed by the Checkmarx Supply Chain Security team using advanced threat hunting techniques.

https://checkmarx.com/blog/attackers-target-packages-in-multiple-programming-languages-in-recent-software-supply-chain-attacks/

Vulnerabilities

Unpatched DNS bug affects millions of routers and IoT devices

A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk.

https://www.bleepingcomputer.com/news/security/unpatched-dns-bug-affects-millions-of-routers-and-iot-devices/


Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches

Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information.

https://thehackernews.com/2022/05/critical-tlstorm-20-bugs-affect-widely.html


Fortinet Security Advisories (FortiClient, FortiSOAR, FortiIsolator, FortiOS, FortiProxy, PJSIP Library, FortiNAC)

* FortiClient (Windows) - Privilege escalation in FortiClient installer * FortiSOAR - Improper access control on gateway API * FortiIsolator - Unauthorized user able to regenerate CA certificate * FortiOS - Improper Inter-VDOM access control * FortiOS - Lack of certificate verification when establishing secure connections to some external end-points * FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form * Multiple vulnerabilities in PJSIP library * FortiNAC - SQL

https://fortiguard.fortinet.com/psirt?date=05-2022


Patchday: Wichtige Sicherheitsupdates für Android 10, 11 und 12 erschienen

Google hat sein mobiles Betriebssystem gegen mehrere mögliche Attacken abgesichert.

https://heise.de/-7072491


Security updates for Tuesday

Security updates have been issued by Debian (jackson-databind, kernel, openvpn, and twisted), Fedora (xz), Mageia (chromium-browser-stable and curl), Oracle (vim and xmlrpc-c), Red Hat (gzip), Slackware (libxml2), SUSE (git, python39, and subversion), and Ubuntu (libvirt and mysql-5.7, mysql-8.0).

https://lwn.net/Articles/893681/


Tenda HG6 v3.3.0 Remote Command Injection Vulnerability

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5706.php


Security Bulletin: IBM MaaS360 Cloud Extender Configuration Utility and Mobile Enterprise Gateway have vulnerability (CVE-2021-43797)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maas360-cloud-extender-configuration-utility-and-mobile-enterprise-gateway-have-vulnerability-cve-2021-43797/


Security Bulletin: Vulnerability in IBM JAVA JDK affects IBM Spectrum Scale (CVE-2022-21291)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-jdk-affects-ibm-spectrum-scale-cve-2022-21291/


Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to Host Header Injection (CVE-2021-29854)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-and-the-ibm-maximo-manage-application-in-ibm-maximo-application-suite-are-vulnerable-to-host-header-injection-cve-2021-29854/


Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale (CVE-2021-39038)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-scale-cve-2021-39038/


Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a denial of service in Spring Framework (CVE-2022-22950)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-affected-but-not-classified-as-vulnerable-by-a-denial-of-service-in-spring-framework-cve-2022-22950/


Security Bulletin: Vulnerability in Intel Xeon affects IBM Cloud Pak System (CVE-2021-0144)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-intel-xeon-affects-ibm-cloud-pak-system-cve-2021-0144-4/


Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-included-with-ibm-tivoli-monitoring-3/


Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale (CVE-2021-39031)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-scale-cve-2021-39031/


Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow an attacker to decrypt highly sensitive information(CVE-2022-22368)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-that-could-allow-an-attacker-to-decrypt-highly-sensitive-informationcve-2022-22368/


OpenSSL Security Advisory (CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473)

https://openssl.org/news/secadv/20220503.txt


Security Vulnerabilities fixed in Firefox 100

https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/


Yokogawa CENTUM and ProSafe-RS

https://us-cert.cisa.gov/ics/advisories/icsa-22-123-01