Tageszusammenfassung - 06.07.2022

End-of-Day report

Timeframe: Dienstag 05-07-2022 18:00 - Mittwoch 06-07-2022 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer

News

Microsoft quietly fixes ShadowCoerce Windows NTLM Relay bug

Microsoft has confirmed it fixed a previously disclosed ShadowCoerce vulnerability as part of the June 2022 updates that enabled attackers to target Windows servers in NTLM relay attacks.

https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-fixes-shadowcoerce-windows-ntlm-relay-bug/

NPM supply-chain attack impacts hundreds of websites and apps

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites.

https://www.bleepingcomputer.com/news/security/npm-supply-chain-attack-impacts-hundreds-of-websites-and-apps/

Kryptographie: NIST gibt Post-Quanten-Algorithmen bekannt

Nach einem Wettbewerb kürt die US-Behörde Verschlüsselungs- und Signaturalgorithmen, die vor Quantencomputern sicher sein sollen.

https://www.golem.de/news/kryptographie-nist-gibt-post-quanten-algorithmen-bekannt-2207-166648-rss.html

Top 5 Most Common WordPress Malware Infections: An Anatomy Lesson

WordPress security is serious business - and an essential consideration for anyone using the world-s most popular CMS (Content Management System). While the WordPress team quickly addresses known security issues in WordPress- core to protect the millions of website owners who rely and depend on the software, the reality is that the same cannot be said for all plugin and theme developers.

https://blog.sucuri.net/2022/07/top-5-most-common-wordpress-malware-infections-an-anatomy-lesson.html

Fake-Shop-Alarm: Vorsicht beim Online-Kauf von Brennholz!

Die aktuelle Energiekrise lässt die Preise für Brennholz steigen. Der befürchtete Gasmangel führt dazu, dass Holz gehamstert und dementsprechend knapper wird. Eine perfekte Ausgangslage für Kriminelle: Sie nutzen die Situation aus und erstellen Fake-Shops, auf denen sie günstiges Brennholz anbieten.

https://www.watchlist-internet.at/news/fake-shop-alarm-vorsicht-beim-online-kauf-von-brennholz/

Electric Vehicle Charging: a Survey on the Security Issues and Challenges of the Open Charge Point Protocol (OCPP)

The increased use of smart Electric Vehicles (EVs) and Plug-in ElectricVehicles (PEV) opened a new area of research and development. The number of EVcharging sites has considerably increased in residential as well as in publicareas. Within these EV charging sites, various entities need to communicate in a secure and efficient way.

http://arxiv.org/abs/2207.01950

OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow

Linux is a popular operating system for servers and cloud infrastructures, and as such it-s not a surprise that it attracts threat actors- interest and we see a continued growth and innovation of malware that targets Linux, such as the recent Symbiote malware that was discovered by our research team.

https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/

Vulnerabilities

Security updates for Wednesday

Security updates have been issued by Debian (ldap-account-manager), Fedora (openssl1.1, thunderbird, and yubihsm-connector), Mageia (curl, cyrus-imapd, firefox, ruby-git, ruby-rack, squid, and thunderbird), Oracle (firefox, kernel, and thunderbird), Slackware (openssl), SUSE (dpdk, haproxy, and php7), and Ubuntu (gnupg2 and openssl).

https://lwn.net/Articles/900172/

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting (CVE-2022-22436)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-and-the-ibm-maximo-manage-application-in-ibm-maximo-application-suite-are-vulnerable-to-cross-site-scripting-cve-2022-22436-2/

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting (CVE-2022-22435)

Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-42340)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-build-forge-is-affected-by-apache-tomcat-version-used-in-it-cve-2021-42340/

Security Bulletin: IBM Tivoli Netcool Impact is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution due to the Fabric8 Kubernetes client (CVE-2021-4178)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-vulnerable-to-arbitrary-code-execution-due-to-the-fabric8-kubernetes-client-cve-2021-4178/

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-32210

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-designerauthoring-operands-may-be-vulnerable-to-loss-of-confidentiality-due-to-cve-2022-32210/

Security Bulletin: IBM QRadar Network Packet Capture includes multiple vulnerable components.

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-packet-capture-includes-multiple-vulnerable-components/

K58003591: Apache HTTP server vulnerability CVE-2022-28614

https://support.f5.com/csp/article/K58003591

vim: Schwachstelle ermöglicht Manipulation von Speicher

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0583

tribe29 checkmk: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0581