End-of-Day report
Timeframe: Freitag 13-05-2022 18:00 - Montag 16-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Microsoft warnt vor Sysrv-Botnet
Eine neue Variante des Sysrv-Botnets hat Microsoft beobachtet, die Windows- und Linux-Systeme befällt, um Kryptowährungen zu schürfen.
https://heise.de/-7095053
HTML attachments in phishing e-mails
In this article we review phishing HTML attachments, explaining common tricks the attackers use, and give statistics on HTML attachments detected by Kaspersky solutions.
https://securelist.com/html-attachments-in-phishing-e-mails/106481/
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys. Because of the number and popularity of these apps - some of them have been installed over a hundred thousand times - we decided to shed some light on what these apps actually do by focusing on some of the more notable examples.
https://www.trendmicro.com/en_us/research/22/e/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html
SIP Digest Leak: Angriff auf SIP-Konten
Im Fachartikel "SIP Digest Leak" beschreibt IT Security Consultant Moritz Abrell einen SIP-spezifischen Angriff auf VoIP-Systeme.
https://www.syss.de/pentest-blog/sip-digest-leak-angriff-auf-sip-konten
Vulnerabilities
Sicherheitslücken in Sonicwall SMA 1000 und SSL-VPN erlauben unbefugten Zugriff
Sonicwall schließt mehrere Sicherheitslücken in Firmwares von SMA-1000-Geräten und in SSL-VPN NetExtender. Angreifer könnten sich etwa Zugriff verschaffen.
https://heise.de/-7092533
Security updates for Monday
Security updates have been issued by CentOS (gzip, java-1.8.0-openjdk, java-11-openjdk, and zlib), Debian (adminer, htmldoc, imagemagick, libgoogle-gson-java, lrzip, openjdk-8, openssl, and ruby-nokogiri), Fedora (ecdsautils, et, libxml2, podman, and supertux), Mageia (cairo, clamav, curl, fish, freetype2, golang-github-prometheus-client, python-django-registration, python-nbxmpp, python-waitress, and xmlrpc-c), Red Hat (pcs), SUSE (curl, kernel, pidgin, and webkit2gtk3), and Ubuntu (tiff).
https://lwn.net/Articles/895392/
Security Bulletin: IBM Maximo Asset Management may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-may-be-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-1-2-cve-2021-4104/
Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center Browser's History (CVE-2022-22484)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-ibm-spectrum-protect-operations-center-browsers-history-cve-2022-22484/
Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22950, XFID:217968)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-multiple-vulnerabilities-cve-2022-22950-xfid217968/
Security Bulletin: AIX is vulnerable to a denial of service due to OpenSSL (CVE-2022-0778)
https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-denial-of-service-due-to-openssl-cve-2022-0778/
Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to sensitive information disclosure (CVE-2020-4957)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-sensitive-information-disclosure-cve-2020-4957/
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a potential issue in jackson-databind - fasterxml-jackson (217968)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-potential-issue-in-jackson-databind-fasterxml-jackson-217968/
Security Bulletin: IBM Case Manager is vulnerable to cross-site scripting - CVE-2020-4768
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-case-manager-is-vulnerable-to-cross-site-scripting-cve-2020-4768/
Security Bulletin: Vulnerabilities with OpenSSL affect IBM Cloud Object Storage Systems (May 2022 V1)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-openssl-affect-ibm-cloud-object-storage-systems-may-2022-v1/
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Cloud Pak System
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-cloud-pak-system-2/
Technical Advisory - BLE Proximity Authentication Vulnerable to Relay Attacks
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/
Pepperl+Fuchs: RSM-EX devices - Multiple Bluetooth vulnerabilities
https://cert.vde.com/de/advisories/VDE-2022-021/
Webmin: Schwachstelle ermöglicht Codeausführung
https://www.cert-bund.de/advisoryshort/CB-K22-0609