Tageszusammenfassung - 11.05.2022

End-of-Day report

Timeframe: Dienstag 10-05-2022 18:00 - Mittwoch 11-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer

News

New IceApple exploit toolset deployed on Microsoft Exchange servers

Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography.

https://www.bleepingcomputer.com/news/security/new-iceapple-exploit-toolset-deployed-on-microsoft-exchange-servers/


New stealthy Nerbian RAT malware spotted in ongoing attacks

A new remote access trojan called Nerbian RAT has been discovered that includes a rich set of features, including the ability to evade detection and analysis by researchers.

https://www.bleepingcomputer.com/news/security/new-stealthy-nerbian-rat-malware-spotted-in-ongoing-attacks/


TA578 using thread-hijacked emails to push ISO files for Bumblebee malware, (Wed, May 11th)

Identified by Proofpoint as the threat actor behind the Contact Forms campaign, TA578 also appears to be pushing ISO files for Bumblebee malware through thread-hijacked emails.

https://isc.sans.edu/diary/rss/28636


Vorsicht vor aktuellen BAWAG-Phishing-Mails!

Auch aktuell kursieren unzählige Phishing-Nachrichten und landen in den E-Mail-Postfächern potenzieller Opfer. Bei neuen Betrugs-Mails im Namen der BAWAG P.S.K. haben sich die Kriminellen wieder etwas Neues einfallen lassen.

https://www.watchlist-internet.at/news/vorsicht-vor-aktuellen-bawag-phishing-mails/


From Project File to Code Execution: Exploiting Vulnerabilities in XINJE PLC Program Tool

Team82 has uncovered two vulnerabilities in XINJE-s PLC Program Tool, an engineering workstation.

https://claroty.com/2022/05/11/blog-research-from-project-file-to-code-execution-exploiting-vulnerabilities-in-xinje-plc-program-tool/

Vulnerabilities

Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws

Today is Microsofts May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws.

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2022-patch-tuesday-fixes-3-zero-days-75-flaws/


HP fixes bug letting attackers overwrite firmware in over 200 models

HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which might allow arbitrary code execution.

https://www.bleepingcomputer.com/news/security/hp-fixes-bug-letting-attackers-overwrite-firmware-in-over-200-models/


Patchday Adobe: Schadcode-Lücken bedrohen ColdFusion, InDesign & Co.

Es gibt wichtige Sicherheitsupdates für Anwendungen von Adobe. Den Großteil der Lücken stuft der Software-Hersteller als kritisch ein.

https://heise.de/-7081357


Patchday: SAP behebt acht neu entdeckte Sicherheitsprobleme

Zum Mai-Patchday meldet SAP acht neue Sicherheitslücken und aktualisiert Artikel zu vier Schwachstellen, die das Unternehmen bereits früher abgedichtet hat.

https://heise.de/-7081276


Security updates for Wednesday

Security updates have been issued by Debian (mutt), Fedora (blender, freerdp, kernel, kernel-headers, kernel-tools, mingw-freetype, and vim), Oracle (kernel and kernel-container), Red Hat (aspell, bind, bluez, c-ares, cairo and pixman, cockpit, compat-exiv2-026, container-tools:3.0, container-tools:rhel8, cpio, dovecot, exiv2, fapolicyd, fetchmail, flatpak, gfbgraph, gnome-shell, go-toolset:rhel8, grafana, grub2, httpd:2.4, keepalived, kernel, kernel-rt, libpq, libreoffice, libsndfile, libssh, [...]

https://lwn.net/Articles/894802/


Intel: May 2022 Patchday

https://www.intel.com/content/www/us/en/security-center/default.html


Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to Cross-site Scripting (XSS). (CVE-2021-39059)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-engineering-lifecycle-management-is-vulnerable-to-cross-site-scripting-xss-cve-2021-39059/


Security Bulletin: Vulnerability in remote support authentication affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-remote-support-authentication-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/


Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System (CVE-2021-21994, CVE-2021-21995)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-esxi-affect-ibm-cloud-pak-system-cve-2021-21994-cve-2021-21995-4/


Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-october-2021-2/


Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2022-22345)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-xss-cve-2022-22345/


ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities

https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-address-43-vulnerabilities


PHOENIX CONTACT: Multiple vulnerabilities in RAD-ISM-900-EN-BD devices

https://cert.vde.com/de/advisories/VDE-2022-018/


AMD Prozessoren: Mehrere Schwachstellen

http://www.cert-bund.de/advisoryshort/CB-K22-0567


Google Releases Security Updates for Chrome

https://us-cert.cisa.gov/ncas/current-activity/2022/05/11/google-releases-security-updates-chrome


Intel Boot Guard and Intel TXT Advisory

http://support.lenovo.com/product_security/PS500488-INTEL-BOOT-GUARD-AND-INTEL-TXT-ADVISORY


Intel SSD Firmware Advisory

http://support.lenovo.com/product_security/PS500487-INTEL-SSD-FIRMWARE-ADVISORY


Lenovo Smart Standby Driver Vulnerability

http://support.lenovo.com/product_security/PS500486-LENOVO-SMART-STANDBY-DRIVER-VULNERABILITY