End-of-Day report
Timeframe: Montag 29-08-2022 18:00 - Dienstag 30-08-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Windows malware delays coinminer install by a month to evade detection
A new malware campaign disguised as Google Translate or MP3 downloader programs was found distributing cryptocurrency mining malware across 11 countries.
https://www.bleepingcomputer.com/news/security/windows-malware-delays-coinminer-install-by-a-month-to-evade-detection/
Two things that will never die: bash scripts and IRC!, (Tue, Aug 30th)
Last week, Brock Perry, one of our SANS.edu undergraduate students, came across a neat bash script uploaded to the honeypot as part of an attack. I am sure this isn't new, but I never quite saw something like this before myself.
https://isc.sans.edu/diary/rss/28998
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious extensions and discovered 5 extensions with a total install base of over 1,400,000.
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/
Keine -Testzahlungen- auf Kleinanzeigen-Plattformen durchführen!
Auf Kleinanzeigen-Plattformen wie Willhaben, Vinted, eBay Kleinanzeigen und Co finden Sie tolle Schnäppchen oder können Gebrauchtes zu Geld machen. Doch Vorsicht: Auch Kriminelle, die Ihnen das Geld aus der Tasche ziehen wollen, tummeln sich dort zuhauf. Bei einer aktuellen Masche fälschen diese die Zahlungsseiten der Plattformen und fordern zu Testzahlungen auf. Brechen Sie sofort den Kontakt ab. Man will Sie betrügen!
https://www.watchlist-internet.at/news/keine-testzahlungen-auf-kleinanzeigen-plattformen-durchfuehren/
ModernLoader delivers multiple stealers, cryptominers and RATs
Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims.
http://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html
Vulnerabilities
Sicherheitslücken in Foxit PDF Editor und Reader ermöglichen Codeschmuggel
Angreifer könnten etwa mit manipulierten Dokumenten in Foxit PDF Editor und Reader Schadcode einschleusen. Aktualisierte Software schließt die Sicherheitslücke.
https://heise.de/-7247760
Sicherheitslücke: Zwischenablage in Chromium-basierten Browsern frei zugreifbar
Webseiten können derzeit in aktuellen Chromium-basierten Webbrowsern beliebig auf die Zwischenablage zugreifen. Das ermöglicht etwa Angriffe auf Nutzer.
https://heise.de/-7248070
Security updates for Tuesday
Security updates have been issued by Debian (thunderbird), Fedora (ctk, dcmtk, OpenImageIO, and varnish-modules), Red Hat (systemd), SUSE (libslirp, open-vm-tools, and opera), and Ubuntu (jupyter-notebook, libsdl1.2, and systemd).
https://lwn.net/Articles/906461/
[20220801] - Core - Multiple Full Path Disclosures because of missing _JEXEC or die check
https://developer.joomla.org:443/security-centre/884-20220801-core-multiple-full-path-disclosures-because-of-missing-jexec-or-die-check.html
Security Bulletin: Tririga is vulnerable to remote hacker due to dom4j open source
https://www.ibm.com/blogs/psirt/security-bulletin-tririga-is-vulnerable-to-remote-hacker-due-to-dom4j-open-source/
Security Bulletin: A security vulnerability has been fixed in IBM Security Identity Manager (CVE-2021-29864)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-fixed-in-ibm-security-identity-manager-cve-2021-29864/
Security Bulletin: glibc vulnerability affects IBM Elastic Storage System (CVE-2021-3999)
https://www.ibm.com/blogs/psirt/security-bulletin-glibc-vulnerability-affects-ibm-elastic-storage-system-cve-2021-3999/
Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-4203)
https://www.ibm.com/blogs/psirt/security-bulletin-linux-kernel-vulnerability-may-affect-ibm-elastic-storage-system-cve-2021-4203/
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-8/
Security Bulletin: Due to use of OpenSSL, IBM Virtualization Engine TS7700 is vulnerable to denial of service (CVE-2022-0778) and privilege escalation (CVE-2022-1292)
https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-openssl-ibm-virtualization-engine-ts7700-is-vulnerable-to-denial-of-service-cve-2022-0778-and-privilege-escalation-cve-2022-1292/
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2021-45346)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2021-45346/
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-7/
K00994461: GSON vulnerability CVE-2022-25647
https://support.f5.com/csp/article/K00994461
poppler: Schwachstelle ermöglicht Codeausführung
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1214
Moodle: Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1212
Hitachi Energy FACTS Control Platform (FCP) Product
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-01
Hitachi Energy Gateway Station (GWS) Product
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-02
Hitachi Energy MSM Product
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-03
Hitachi Energy RTU500 series
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-04
Fuji Electric D300win
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-05
Honeywell ControlEdge
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-06
Honeywell Experion LX
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-07
Honeywell Trend Controls Inter-Controller Protocol
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-08
Omron CX-Programmer
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-09
PTC Kepware KEPServerEX
https://us-cert.cisa.gov/ics/advisories/icsa-22-242-10