End-of-Day report
Timeframe: Montag 09-05-2022 18:00 - Dienstag 10-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families
Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer thats designed to siphon credentials and system information.
https://thehackernews.com/2022/05/experts-detail-saintstealer-and-prynt.html
SEO Poisoning - A Gootloader Story
Gootloader was the name assigned to the multi-staged payload distribution by Sophos in March 2021. The threat actors utilize SEO (search engine optimization) poisoning tactics to move compromised websites hosting malware to the top of certain search requests such as -what is the difference between a grand agreement and a contract?- or -freddie mac shared driveway agreement?-
https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
Hilfe, Kriminelle bestellen Produkte in meinem Namen!
Erhalten Sie Rechnungen, Mahnungen, ja vielleicht sogar Inkasso-Schreiben für Bestellungen, die Sie nie getätigt haben? Dann kann es sein, dass Verbrecher:innen Ihre Daten für Bestellbetrug missbrauchen.
https://www.watchlist-internet.at/news/hilfe-kriminelle-bestellen-produkte-in-meinem-namen/
Vulnerabilities
Hackers Actively Exploit F5 BIG-IP Bug
The bug has a severe rating of 9.8, public exploits are released.
https://threatpost.com/exploit-f5-big-ip-bug/179563/
Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)
Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a whole.
https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/
Security updates for Tuesday
Security updates have been issued by Debian (kicad and qemu), Fedora (thunderbird), Oracle (expat), Red Hat (samba), Slackware (kernel), and SUSE (firefox, ldb, and rsyslog).
https://lwn.net/Articles/894499/
GENEREX RCCMD vulnerable to directory traversal
https://jvn.jp/en/jp/JVN60801132/
SSA-285795 V1.0: Denial of Service in OPC-UA in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-285795.txt
SSA-321292 V1.0: Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-321292.txt
SSA-363107 V1.0: An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode
https://cert-portal.siemens.com/productcert/txt/ssa-363107.txt
SSA-480937 V1.0: Denial of Service Vulnerability in CP 44x-1 RNA before V1.5.18
https://cert-portal.siemens.com/productcert/txt/ssa-480937.txt
SSA-553086 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization
https://cert-portal.siemens.com/productcert/txt/ssa-553086.txt
SSA-626968 V1.0: Multiple Webserver Vulnerabilities in Desigo PXC and DXR Devices
https://cert-portal.siemens.com/productcert/txt/ssa-626968.txt
SSA-662649 V1.0: Denial of Service Vulnerability in Desigo DXR and PXC Controllers
https://cert-portal.siemens.com/productcert/txt/ssa-662649.txt
SSA-732250 V1.0: Libcurl Vulnerabilities in Industrial Devices
https://cert-portal.siemens.com/productcert/txt/ssa-732250.txt
SSA-736385 V1.0: Memory Corruption Vulnerability in OpenV2G
https://cert-portal.siemens.com/productcert/txt/ssa-736385.txt
SSA-789162 V1.0: Vulnerabilities in Teamcenter
https://cert-portal.siemens.com/productcert/txt/ssa-789162.txt
SSA-165073: Multiple Vulnerabilities in the Webinterface of SICAM P850 and SICAM P855 Devices
https://cert-portal.siemens.com/productcert/txt/ssa-165073.txt
SSA-162616: File Parsing Vulnerabilities in Simcenter Femap before V2022.2
https://cert-portal.siemens.com/productcert/txt/ssa-162616.txt
[CA8268] Local privilege escalation vulnerabilities in installers for ESET products for Windows fixed
https://support.eset.com/en/ca8268-local-privilege-escalation-vulnerabilities-in-installers-for-eset-products-for-windows-fixed
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to string injection vulnerability due to Node.js (CVE-2021-44532, CVE-2021-44532 )
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-assistant-for-ibm-cloud-pak-for-data-is-vulnerable-to-string-injection-vulnerability-due-to-node-js-cve-2021-44532-cve-2021-44532/
Security Bulletin: Cúram Social Program Management is vulnerable to arbitrary code execution and SQL injection issues due to Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)
https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-is-vulnerable-to-arbitrary-code-execution-and-sql-injection-issues-due-to-apache-log4j-cve-2022-23302-cve-2022-23305-cve-2022-23307/
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to Go CVE-2022-23806
https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-denial-of-service-due-to-go-cve-2022-23806/
Security Bulletin: IBM InfoSphere Information Server is vulnerable to OS command injection (CVE-2022-22454)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-os-command-injection-cve-2022-22454/
Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System (CVE-2021-21994, CVE-2021-21995)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-esxi-affect-ibm-cloud-pak-system-cve-2021-21994-cve-2021-21995-3/
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-sdk-for-node-js-might-affect-the-configuration-editor-used-by-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-3/
Security Bulletin: Vulnerability CVE-2021-39024 in IBM Guardium Data Encryption (GDE)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2021-39024-in-ibm-guardium-data-encryption-gde/
Adminer in Industrial Products
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-01
Eaton Intelligent Power Protector
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-02
Eaton Intelligent Power Manager Infrastructure
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-03
Eaton Intelligent Power Manager
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-04
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-05
Mitsubishi Electric MELSOFT GT OPC UA
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-06