End-of-Day report
Timeframe: Montag 16-05-2022 18:00 - Dienstag 17-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
News
Hackers target Tatsu WordPress plugin in millions of attacks
All users of the Tatsu Builder plugin are strongly recommended to upgrade to version 3.3.13 to avoid attack risks.
https://www.bleepingcomputer.com/news/security/hackers-target-tatsu-wordpress-plugin-in-millions-of-attacks/
Over 380 000 open Kubernetes API servers
We have recently started scanning for accessible Kubernetes API instances that respond with a 200 OK HTTP response to our probes. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. We find over 380 000 Kubernetes API daily that allow for some form of access, out of over 450 000 that we are able to identify. Data on these is shared daily in our Accessible Kubernetes API Server Report.
https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/
UpdateAgent Returns with New macOS Malware Dropper Written in Swift
A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities.
https://thehackernews.com/2022/05/updateagent-returns-with-new-macos.html
Weak Security Controls and Practices Routinely Exploited for Initial Access
This joint Cybersecurity Advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues.
https://www.cisa.gov/uscert/ncas/alerts/aa22-137a
Fahrräder im Internet kaufen: Vorsicht vor Fake-Shops
Im Internet gibt es zahlreiche Fake-Shops für Fahrräder und Zubehör. vandeyk-sport.com, motaza.shop oder nemino.net sind nur einige wenige Beispiele. Diese Fake-Shops bieten Fahrräder, die sonst schon überall ausverkauft sind - auch noch zu einem günstigeren Preis als andere Online-Shops! Außerdem können Sie nur vorab bezahlen. Finger weg: Sie erhalten keine Lieferung!
https://www.watchlist-internet.at/news/fahrraeder-im-internet-kaufen-vorsicht-vor-fake-shops/
Vulnerabilities
iOS und iPadOS 15.5 sind da: Bugfixes und kleinere Verbesserungen
Apple hat in der Nacht zum Dienstag iOS 15.5 und iPadOS 15.5 freigegeben. Es handelt sich um kleinere Aktualisierungen, die Fehler beheben und minimale Verbesserungen bringen.
https://heise.de/-7096570
macOS 12.4 und Sicherheitsupdates für Big Sur und Catalina erhältlich
Neben iOS 15.5 liefert Apple auch neue Betriebssysteme für Mac, Apple TV, Apple Watch, HomePod und das Studio Display.
https://heise.de/-7096585
Zugangskontrolle: Aruba schließt Sicherheitslücken in ClearPass Policy Manager
Mit Arubas ClearPass Policy Manager können Administratoren die Zugangskontrolle regeln. Sicherheitslücken darin ermöglichen Angreifern die komplette Übernahme.
https://heise.de/-7097151
Security updates for Tuesday
Security updates have been issued by Debian (cifs-utils, ffmpeg, libxml2, and vim), Fedora (rsyslog), Mageia (chromium-browser-stable), SUSE (chromium, containerd, docker, e2fsprogs, gzip, jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core, kernel, nodejs8, openldap2, pidgin, podofo, slurm, and tiff), and Ubuntu (clamav, containerd, libxml2, and openldap).
https://lwn.net/Articles/895521/
Apache Releases Security Advisory for Tomcat
Original release date: May 16, 2022The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Apache-s security advisory and apply the necessary updates.
https://us-cert.cisa.gov/ncas/current-activity/2022/05/16/apache-releases-security-advisory-tomcat
Nvidia Sicherheitsupdates für Kepler GTX 700/600 GPU WHQL-Treiber (473.47) freigegeben
Hersteller Nvidia hat zum 16. Mai 2022 ein Sicherheitsupdate für den Grafiktreiber der Kepler GeForce GPUs freigegeben.
https://www.borncity.com/blog/2022/05/17/nvidia-sicherheitsupdates-fr-kepler-gtx-700-600-gpu-whql-treiber-473-47-freigegeben/
Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver
Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card.
http://blog.talosintelligence.com/2022/05/vuln-spotlight-nvidia-driver-memory.html
Spring Security 5.7.0, 5.6.4, 5.5.7 Released - Fixes CVE-2022-22975 & CVE-2022-22976
Spring Security 5.7.0 (release notes), 5.6.4 (release notes), 5.5.7 (release notes) have been released which fix CVE-2022-22978, CVE-2022-22976. Please update as soon as possible.
https://spring.io/blog/2022/05/15/spring-security-5-7-0-5-6-4-5-5-7-released-fixes-cve-2022-22975-cve-2022-22976
Security Bulletin: IBM MQ Operator and IBM supplied MQ Advanced container images are vulnerable to multiple issues from Red Hat UBI packages and the IBM WebSphere Application Server Liberty
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-ibm-supplied-mq-advanced-container-images-are-vulnerable-to-multiple-issues-from-red-hat-ubi-packages-and-the-ibm-websphere-application-server-liberty/
Security Bulletin: Potential Denial of Service in IBM DataPower Gateway
https://www.ibm.com/blogs/psirt/security-bulletin-potential-denial-of-service-in-ibm-datapower-gateway/
Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-external-authentication-server-is-vulnerable-to-multiple-vulnerabilities-due-to-ibm-java-runtime/
Security Bulletin: IBM Process Mining is vulnerable to cross-site scripting due to Select2 CVE-2016-10744
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vulnerable-to-cross-site-scripting-due-to-select2-cve-2016-10744/
Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/
Security Bulletin: OpenSSL (Publicly disclosed vulnerability)
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-3/
Security Bulletin: IBM DataPower vulnerable to DoS
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-vulnerable-to-dos/
Security Bulletin: IBM DataPower Gateway API Gateway component potentially vulnerable to a Denial of Service
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-api-gateway-component-potentially-vulnerable-to-a-denial-of-service/
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-golang-go-gcc-openssl-and-libxml/
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to improper validation of certificates
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-external-authentication-server-is-vulnerable-to-improper-validation-of-certificates/
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22475)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-identity-spoofing-cve-2022-22475/
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-secure-proxy-is-vulnerable-to-multiple-vulnerabilities-due-to-ibm-java-runtime/
Security Bulletin: IBM Process Mining is vulnerable to DOS due to Eclipse Jetty CVE-2018-12545
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vulnerable-to-dos-due-to-eclipse-jetty-cve-2018-12545/
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to permission control vulnerability (CVE-2022-22482)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-is-vulnerable-to-permission-control-vulnerability-cve-2022-22482/
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to improper validation of certificates (CVE-2021-29726)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-secure-proxy-is-vulnerable-to-improper-validation-of-certificates-cve-2021-29726/
Security Bulletin: IBM Process Mining is vulnerable to phishing attacks due to URI.js. CVE-2022-0868
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vulnerable-to-phishing-attacks-due-to-uri-js-cve-2022-0868/
QEMU: Schwachstelle ermöglicht Denial of Service und Codeausführung
https://www.cert-bund.de/advisoryshort/CB-K22-0618
Circutor COMPACT DC-S BASIC
https://us-cert.cisa.gov/ics/advisories/icsa-22-137-01