End-of-Day report
Timeframe: Dienstag 17-05-2022 18:00 - Mittwoch 18-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Microsoft warns of brute-force attacks targeting MSSQL servers
Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server (MSSQL) database servers using weak passwords.
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-brute-force-attacks-targeting-mssql-servers/
Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang
The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations.
https://thehackernews.com/2022/05/researchers-expose-inner-working-of.html
We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere
A guide to relaying credentials everywhere in 2022.
https://www.secureauth.com/blog/we-love-relaying-credentials-a-technical-guide-to-relaying-credentials-everywhere/
Gefährliche PayPal-Phishing-Nachricht in Umlauf
In einer gefährlichen PayPal-Phishing-Mail wird behauptet -Aktion fur Ihr PayPal-Konto erforderlich-. Die Nachricht ist im PayPal-Design gehalten und spielt vor, dass eine Transaktion für Glücksspiel aufgehalten und Ihr Konto deshalb eingeschränkt wurde. Schenken Sie dem keinen Glauben und geben Sie keine Daten bekannt! Man versucht Ihre PayPal-Login-Daten und Ihre Kreditkartendaten zu stehlen!
https://www.watchlist-internet.at/news/gefaehrliche-paypal-phishing-nachricht-in-umlauf/
EntropyCapture: Simple Extraction of DPAPI Optional Entropy
During a short application assessment, enumeration and decryption of a third-party application-s Windows Data Protection API (DPAPI) blobs using SharpDPAPI produced non-readable data because optional entropy was being used.
https://posts.specterops.io/entropycapture-simple-extraction-of-dpapi-optional-entropy-6885196d54d0
Vulnerabilities
BIND: Destroying a TLS session early causes assertion failure (CVE-2022-1183)
An assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early.
https://kb.isc.org/docs/cve-2022-1183
VMSA-2022-0014
VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.
https://www.vmware.com/security/advisories/VMSA-2022-0014.html
Sicherheitsupdates: Schadcode-Lücken in GPU-Treibern von Nvidia geschlossen
Berechnen Nvidia-Grafikkarten von Angreifern präparierte Shader, kann es zu Sicherheitsproblemen kommen.
https://heise.de/-7097875
Security updates for Wednesday
Security updates have been issued by Debian (elog, needrestart, openssl, and waitress), Fedora (curl, libxml2, slurm, and vim), Scientific Linux (zlib), SUSE (e2fsprogs, nodejs10, php72, and thunderbird), and Ubuntu (apport, clamav, needrestart, and pcre3).
https://lwn.net/Articles/895642/
Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-ibm-mobilefirst-platform-foundation-2/
Security Bulletin: IBM DataPower Gateway vulnerable to HTTP header injection
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-http-header-injection/
Security Bulletin: IBM DataPower Gateway vulnerable to temporary DoS
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-temporary-dos/
Security Bulletin: Heap-Based Buffer Overflow in Mozilla Network Security Services (NSS) may affect IBM Spectrum Protect Plus (CVE-2021-43527)
https://www.ibm.com/blogs/psirt/security-bulletin-heap-based-buffer-overflow-in-mozilla-network-security-services-nss-may-affect-ibm-spectrum-protect-plus-cve-2021-43527/
Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-http-server-affect-ibm-netezza-performance-portal-2/
Security Bulletin: IBM Planning Analytics Workspace is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
Security Bulletin: IBM Sterling Connect:Express for UNIX is vulnerable to denial of service due to OpenSSL (CVE-2022-0778)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectexpress-for-unix-is-vulnerable-to-denial-of-service-due-to-openssl-cve-2022-0778/
Security Bulletin: IBM DataPower Gateway: Update Redis to remediate two CVEs
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-update-redis-to-remediate-two-cves/
Synology-SA-22:07 Synology Calendar
https://www.synology.com/en-global/support/security/Synology_SA_22_07
GIMP: Schwachstelle ermöglicht Denial of Service
https://www.cert-bund.de/advisoryshort/CB-K22-0623
SMA100 post-authentication Remote Command Execution vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010