Tageszusammenfassung - 17.05.2022

End-of-Day report

Timeframe: Montag 16-05-2022 18:00 - Dienstag 17-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner

News

Hackers target Tatsu WordPress plugin in millions of attacks

All users of the Tatsu Builder plugin are strongly recommended to upgrade to version 3.3.13 to avoid attack risks.

https://www.bleepingcomputer.com/news/security/hackers-target-tatsu-wordpress-plugin-in-millions-of-attacks/

---

Over 380 000 open Kubernetes API servers

We have recently started scanning for accessible Kubernetes API instances that respond with a 200 OK HTTP response to our probes. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. We find over 380 000 Kubernetes API daily that allow for some form of access, out of over 450 000 that we are able to identify. Data on these is shared daily in our Accessible Kubernetes API Server Report.

https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/

---

UpdateAgent Returns with New macOS Malware Dropper Written in Swift

A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities.

https://thehackernews.com/2022/05/updateagent-returns-with-new-macos.html

---

Weak Security Controls and Practices Routinely Exploited for Initial Access

This joint Cybersecurity Advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues.

https://www.cisa.gov/uscert/ncas/alerts/aa22-137a

---

Fahrräder im Internet kaufen: Vorsicht vor Fake-Shops

Im Internet gibt es zahlreiche Fake-Shops für Fahrräder und Zubehör. vandeyk-sport.com, motaza.shop oder nemino.net sind nur einige wenige Beispiele. Diese Fake-Shops bieten Fahrräder, die sonst schon überall ausverkauft sind - auch noch zu einem günstigeren Preis als andere Online-Shops! Außerdem können Sie nur vorab bezahlen. Finger weg: Sie erhalten keine Lieferung!

https://www.watchlist-internet.at/news/fahrraeder-im-internet-kaufen-vorsicht-vor-fake-shops/

Vulnerabilities

iOS und iPadOS 15.5 sind da: Bugfixes und kleinere Verbesserungen

Apple hat in der Nacht zum Dienstag iOS 15.5 und iPadOS 15.5 freigegeben. Es handelt sich um kleinere Aktualisierungen, die Fehler beheben und minimale Verbesserungen bringen.

https://heise.de/-7096570

---

macOS 12.4 und Sicherheitsupdates für Big Sur und Catalina erhältlich

Neben iOS 15.5 liefert Apple auch neue Betriebssysteme für Mac, Apple TV, Apple Watch, HomePod und das Studio Display.

https://heise.de/-7096585

---

Zugangskontrolle: Aruba schließt Sicherheitslücken in ClearPass Policy Manager

Mit Arubas ClearPass Policy Manager können Administratoren die Zugangskontrolle regeln. Sicherheitslücken darin ermöglichen Angreifern die komplette Übernahme.

https://heise.de/-7097151

---

Security updates for Tuesday

Security updates have been issued by Debian (cifs-utils, ffmpeg, libxml2, and vim), Fedora (rsyslog), Mageia (chromium-browser-stable), SUSE (chromium, containerd, docker, e2fsprogs, gzip, jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core, kernel, nodejs8, openldap2, pidgin, podofo, slurm, and tiff), and Ubuntu (clamav, containerd, libxml2, and openldap).

https://lwn.net/Articles/895521/

---

Apache Releases Security Advisory for Tomcat

Original release date: May 16, 2022The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Apache-s security advisory and apply the necessary updates.

https://us-cert.cisa.gov/ncas/current-activity/2022/05/16/apache-releases-security-advisory-tomcat

---

Nvidia Sicherheitsupdates für Kepler GTX 700/600 GPU WHQL-Treiber (473.47) freigegeben

Hersteller Nvidia hat zum 16. Mai 2022 ein Sicherheitsupdate für den Grafiktreiber der Kepler GeForce GPUs freigegeben.

https://www.borncity.com/blog/2022/05/17/nvidia-sicherheitsupdates-fr-kepler-gtx-700-600-gpu-whql-treiber-473-47-freigegeben/

---

Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver

Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card.

http://blog.talosintelligence.com/2022/05/vuln-spotlight-nvidia-driver-memory.html

---

Spring Security 5.7.0, 5.6.4, 5.5.7 Released - Fixes CVE-2022-22975 & CVE-2022-22976

Spring Security 5.7.0 (release notes), 5.6.4 (release notes), 5.5.7 (release notes) have been released which fix CVE-2022-22978, CVE-2022-22976. Please update as soon as possible.

https://spring.io/blog/2022/05/15/spring-security-5-7-0-5-6-4-5-5-7-released-fixes-cve-2022-22975-cve-2022-22976

---

Security Bulletin: IBM MQ Operator and IBM supplied MQ Advanced container images are vulnerable to multiple issues from Red Hat UBI packages and the IBM WebSphere Application Server Liberty

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-ibm-supplied-mq-advanced-container-images-are-vulnerable-to-multiple-issues-from-red-hat-ubi-packages-and-the-ibm-websphere-application-server-liberty/

---

Security Bulletin: Potential Denial of Service in IBM DataPower Gateway

https://www.ibm.com/blogs/psirt/security-bulletin-potential-denial-of-service-in-ibm-datapower-gateway/

---

Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/

---

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-external-authentication-server-is-vulnerable-to-multiple-vulnerabilities-due-to-ibm-java-runtime/

---

Security Bulletin: IBM Process Mining is vulnerable to cross-site scripting due to Select2 CVE-2016-10744

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vulnerable-to-cross-site-scripting-due-to-select2-cve-2016-10744/

---

Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/

---

Security Bulletin: OpenSSL (Publicly disclosed vulnerability)

https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-3/

---

Security Bulletin: IBM DataPower vulnerable to DoS

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-vulnerable-to-dos/

---

Security Bulletin: IBM DataPower Gateway API Gateway component potentially vulnerable to a Denial of Service

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-api-gateway-component-potentially-vulnerable-to-a-denial-of-service/

---

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-golang-go-gcc-openssl-and-libxml/

---

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to improper validation of certificates

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-external-authentication-server-is-vulnerable-to-improper-validation-of-certificates/

---

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22475)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-identity-spoofing-cve-2022-22475/

---

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-secure-proxy-is-vulnerable-to-multiple-vulnerabilities-due-to-ibm-java-runtime/

---

Security Bulletin: IBM Process Mining is vulnerable to DOS due to Eclipse Jetty CVE-2018-12545

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vulnerable-to-dos-due-to-eclipse-jetty-cve-2018-12545/

---

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to permission control vulnerability (CVE-2022-22482)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-is-vulnerable-to-permission-control-vulnerability-cve-2022-22482/

---

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to improper validation of certificates (CVE-2021-29726)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-secure-proxy-is-vulnerable-to-improper-validation-of-certificates-cve-2021-29726/

---

Security Bulletin: IBM Process Mining is vulnerable to phishing attacks due to URI.js. CVE-2022-0868

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vulnerable-to-phishing-attacks-due-to-uri-js-cve-2022-0868/

---

QEMU: Schwachstelle ermöglicht Denial of Service und Codeausführung

https://www.cert-bund.de/advisoryshort/CB-K22-0618

---

Circutor COMPACT DC-S BASIC

https://us-cert.cisa.gov/ics/advisories/icsa-22-137-01