End-of-Day report
Timeframe: Dienstag 10-05-2022 18:00 - Mittwoch 11-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
New IceApple exploit toolset deployed on Microsoft Exchange servers
Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography.
https://www.bleepingcomputer.com/news/security/new-iceapple-exploit-toolset-deployed-on-microsoft-exchange-servers/
New stealthy Nerbian RAT malware spotted in ongoing attacks
A new remote access trojan called Nerbian RAT has been discovered that includes a rich set of features, including the ability to evade detection and analysis by researchers.
https://www.bleepingcomputer.com/news/security/new-stealthy-nerbian-rat-malware-spotted-in-ongoing-attacks/
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware, (Wed, May 11th)
Identified by Proofpoint as the threat actor behind the Contact Forms campaign, TA578 also appears to be pushing ISO files for Bumblebee malware through thread-hijacked emails.
https://isc.sans.edu/diary/rss/28636
Vorsicht vor aktuellen BAWAG-Phishing-Mails!
Auch aktuell kursieren unzählige Phishing-Nachrichten und landen in den E-Mail-Postfächern potenzieller Opfer. Bei neuen Betrugs-Mails im Namen der BAWAG P.S.K. haben sich die Kriminellen wieder etwas Neues einfallen lassen.
https://www.watchlist-internet.at/news/vorsicht-vor-aktuellen-bawag-phishing-mails/
From Project File to Code Execution: Exploiting Vulnerabilities in XINJE PLC Program Tool
Team82 has uncovered two vulnerabilities in XINJE-s PLC Program Tool, an engineering workstation.
https://claroty.com/2022/05/11/blog-research-from-project-file-to-code-execution-exploiting-vulnerabilities-in-xinje-plc-program-tool/
Vulnerabilities
Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws
Today is Microsofts May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws.
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2022-patch-tuesday-fixes-3-zero-days-75-flaws/
HP fixes bug letting attackers overwrite firmware in over 200 models
HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which might allow arbitrary code execution.
https://www.bleepingcomputer.com/news/security/hp-fixes-bug-letting-attackers-overwrite-firmware-in-over-200-models/
Patchday Adobe: Schadcode-Lücken bedrohen ColdFusion, InDesign & Co.
Es gibt wichtige Sicherheitsupdates für Anwendungen von Adobe. Den Großteil der Lücken stuft der Software-Hersteller als kritisch ein.
https://heise.de/-7081357
Patchday: SAP behebt acht neu entdeckte Sicherheitsprobleme
Zum Mai-Patchday meldet SAP acht neue Sicherheitslücken und aktualisiert Artikel zu vier Schwachstellen, die das Unternehmen bereits früher abgedichtet hat.
https://heise.de/-7081276
Security updates for Wednesday
Security updates have been issued by Debian (mutt), Fedora (blender, freerdp, kernel, kernel-headers, kernel-tools, mingw-freetype, and vim), Oracle (kernel and kernel-container), Red Hat (aspell, bind, bluez, c-ares, cairo and pixman, cockpit, compat-exiv2-026, container-tools:3.0, container-tools:rhel8, cpio, dovecot, exiv2, fapolicyd, fetchmail, flatpak, gfbgraph, gnome-shell, go-toolset:rhel8, grafana, grub2, httpd:2.4, keepalived, kernel, kernel-rt, libpq, libreoffice, libsndfile, libssh, [...]
https://lwn.net/Articles/894802/
Intel: May 2022 Patchday
https://www.intel.com/content/www/us/en/security-center/default.html
Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to Cross-site Scripting (XSS). (CVE-2021-39059)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-engineering-lifecycle-management-is-vulnerable-to-cross-site-scripting-xss-cve-2021-39059/
Security Bulletin: Vulnerability in remote support authentication affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-remote-support-authentication-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/
Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System (CVE-2021-21994, CVE-2021-21995)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-esxi-affect-ibm-cloud-pak-system-cve-2021-21994-cve-2021-21995-4/
Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-october-2021-2/
Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2022-22345)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-xss-cve-2022-22345/
ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities
https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-address-43-vulnerabilities
PHOENIX CONTACT: Multiple vulnerabilities in RAD-ISM-900-EN-BD devices
https://cert.vde.com/de/advisories/VDE-2022-018/
AMD Prozessoren: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K22-0567
Google Releases Security Updates for Chrome
https://us-cert.cisa.gov/ncas/current-activity/2022/05/11/google-releases-security-updates-chrome
Intel Boot Guard and Intel TXT Advisory
http://support.lenovo.com/product_security/PS500488-INTEL-BOOT-GUARD-AND-INTEL-TXT-ADVISORY
Intel SSD Firmware Advisory
http://support.lenovo.com/product_security/PS500487-INTEL-SSD-FIRMWARE-ADVISORY
Lenovo Smart Standby Driver Vulnerability
http://support.lenovo.com/product_security/PS500486-LENOVO-SMART-STANDBY-DRIVER-VULNERABILITY