End-of-Day report
Timeframe: Dienstag 30-08-2022 18:00 - Mittwoch 31-08-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Hackers hide malware in James Webb telescope images
Threat analysts have spotted a new malware campaign dubbed GO#WEBBFUSCATOR that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware.
https://www.bleepingcomputer.com/news/security/hackers-hide-malware-in-james-webb-telescope-images/
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Infoblox Threat Intelligence: IOCs related to the Russia-Ukraine conflict
This folder contains IOCs related to the Russian invasion of Ukraine. The majority of the content is based on Infoblox internal analytics and validation analysis, though some OSINT is also included.
https://github.com/infobloxopen/threat-intelligence/tree/main/ukraine
Webinar: Betrugsfallen im Internet erkennen
Am Dienstag, den 06.09.2022 von 18:30 - 20:00 Uhr findet das kostenlose Webinar zum Thema -Betrugsfallen im Internet erkennen" statt. Melden Sie sich jetzt an!
https://www.watchlist-internet.at/news/webinar-betrugsfallen-im-internet-erkennen/
Vulnerabilities
IBM Security Bulletins 2022-08-30
IBM TRIRIGA Application Platform, IBM b-type SAN directors and switches, IBM Integration Bus, IBM App Connect Enterprise, IBM Watson Assistant for IBM Cloud Pak for Data, IBM Engineering Lifecycle Engineering, IBM Cloud Transformation Advisor, IBM Cloud Object Storage Systems.
https://www.ibm.com/blogs/psirt/
Sicherheitsupdate: Angreifer könnten WordPress-Websites attackieren
Die WordPress-Entwickler haben drei Lücken im Content-Management-System geschlossen.
https://heise.de/-7249431
Security updates for Wednesday
Security updates have been issued by Debian (dpdk, net-snmp, php-horde-mime-viewer, php-horde-turba, and webkit2gtk), Fedora (rsync), Oracle (openssl and systemd), Red Hat (booth, kernel, kernel-rt, and openssl), Slackware (vim), SUSE (bluez, java-1_8_0-ibm, postgresql10, and zlib), and Ubuntu (kernel, linux, linux-raspi, linux-aws, and linux-oem-5.14).
https://lwn.net/Articles/906579/
Security Advisory - Traffic Hijacking Vulnerability in Huawei Routers
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220831-01-5370a6df-en
Grafana: Schwachstelle ermöglicht Offenlegung von Informationen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1221
GitLab: Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1239
ArubaOS: Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1238
GNU libc: Schwachstelle ermöglicht Offenlegung von Informationen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1234
tribe29 checkmk: Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1230
Xerox FreeFlow Print Server: Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1228
Chrome 105.0.5195.5x fixt 24 Schwachstellen
https://www.borncity.com/blog/2022/08/31/chrome-105-0-5195-5x-fixt-24-schwachstellen/