End-of-Day report
Timeframe: Freitag 20-05-2022 18:00 - Montag 23-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-backdoors-on-windows-linux-and-macs/
How to find NPM dependencies vulnerable to account hijacking
Following the recent disclosure of a technique for hijacking certain NPM packages, security engineer Danish Tariq has proposed a defensive strategy for those looking to assess whether their web apps include dependencies tied to subvertable email domains.
https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/
Conti Ransomware Operation Shut Down After Brand Becomes Toxic
The Conti brand-s downfall appears to have started in late February, after Russia launched an invasion of Ukraine.
https://www.securityweek.com/conti-ransomware-operation-shut-down-after-brand-becomes-toxic
Wenn nach einer Bestellung auf Vinted ein Zalando-Paket ankommt-
Sie haben etwas auf Vinted gekauft aber ein Zalando-Paket erhalten? Dann sollten Sie rasch handeln. Dabei handelt es sich nämlich um eine Betrugsmasche.
https://www.watchlist-internet.at/news/wenn-nach-einer-bestellung-auf-vinted-ein-zalando-paket-ankommt/
Botnet bedroht Linux-Server
Schützen Sie Ihre Linux-Server vor XorDdoS, einem Botnet, das im Internet nach SSH-Servern mit schwachen Passwörtern sucht, warnt Microsoft.
https://www.zdnet.de/88401426/botnet-bedroht-linux-server/
Windows Defender Application Control: Empfohlene Blockierungsregeln (Mai 2022)
In Windows 10 und Windows 11 sind Windows Defender Application Control (WDAC) und AppLocker als Features in den Unternehmensvarianten (Windows 10/11 Enterprise) als Sicherheitsfunktionen verfügbar. Nun hat Microsoft Mitte Mai 2022 eine Liste der empfohlenen Blockierungsregeln veröffentlicht.
https://www.borncity.com/blog/2022/05/22/windows-defender-application-control-empfohlene-blockierungsregeln-mai-2022/
Vulnerabilities
PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware.
https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-doc-to-drop-snake-keylogger-malware/
Jetzt patchen! Angreifer attackieren Cisco 8000 Series Router
Der Netzwerkausrüster Cisco hat Sicherheitsupdates für verschiedene Netzwerk-Komponenten veröffentlicht.
https://heise.de/-7102828
Oracle warnt vor Sicherheitslücke in E-Business Suite
Oracle veröffentlicht Updates eigentlich quartalsweise zum Critical-Patch-Update-Termin. Ein Patch schließt bereits jetzt eine Lücke in der E-Business-Suite.
https://heise.de/-7102875
Security updates for Monday
Security updates have been issued by Debian (admesh, condor, firefox-esr, libpgjava, libxml2, rsyslog, and thunderbird), Fedora (dotnet6.0, libarchive, php-openpsa-universalfeedcreator, thunderbird, and vim), Mageia (ffmpeg, kernel, kernel-linus, microcode, netatalk, nvidia-current, nvidia390, opencontainers-runc, postgresql, and ruby-nokogiri), Slackware (mariadb and mozilla), and SUSE (curl, firefox, libarchive, librecad, libxls, openldap2, php7, and postgresql10).
https://lwn.net/Articles/896032/
Password policy guidance
Why do we need strong passwords? Passwords are stored by using a one-way hashing algorithm to generate a representation of the original password on a securely designed system.
https://www.pentestpartners.com/security-blog/password-policy-guidance/
Denial of Service Vulnerability in some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220601-01-f75b152f-en
Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-vulnerable-to-remote-code-execution-and-denial-of-service-due-to-multiple-expat-cves/
Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerability-cve-2022-0778/
Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-server-side-request-forgery-due-to-python-cve-2021-29921/
Security Bulletin: TXSeries for Multiplatforms is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450)
https://www.ibm.com/blogs/psirt/security-bulletin-txseries-for-multiplatforms-is-vulnerable-to-arbitrary-code-execution-due-to-ibm-websphere-application-server-liberty-cve-2021-23450/
Security Bulletin: Vulnerability in Curl affects IBM Cloud Private and could allow a remote attacker to bypass security restrictions (CVE-2021-22926)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-affects-ibm-cloud-private-and-could-allow-a-remote-attacker-to-bypass-security-restrictions-cve-2021-22926/
Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerability-cve-2021-4160/
K08832573: DHCP vulnerability CVE-2021-25217
https://support.f5.com/csp/article/K08832573