Tageszusammenfassung - 31.08.2022

End-of-Day report

Timeframe: Dienstag 30-08-2022 18:00 - Mittwoch 31-08-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

Hackers hide malware in James Webb telescope images

Threat analysts have spotted a new malware campaign dubbed GO#WEBBFUSCATOR that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware.

https://www.bleepingcomputer.com/news/security/hackers-hide-malware-in-james-webb-telescope-images/


Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/


Infoblox Threat Intelligence: IOCs related to the Russia-Ukraine conflict

This folder contains IOCs related to the Russian invasion of Ukraine. The majority of the content is based on Infoblox internal analytics and validation analysis, though some OSINT is also included.

https://github.com/infobloxopen/threat-intelligence/tree/main/ukraine


Webinar: Betrugsfallen im Internet erkennen

Am Dienstag, den 06.09.2022 von 18:30 - 20:00 Uhr findet das kostenlose Webinar zum Thema -Betrugsfallen im Internet erkennen" statt. Melden Sie sich jetzt an!

https://www.watchlist-internet.at/news/webinar-betrugsfallen-im-internet-erkennen/

Vulnerabilities

IBM Security Bulletins 2022-08-30

IBM TRIRIGA Application Platform, IBM b-type SAN directors and switches, IBM Integration Bus, IBM App Connect Enterprise, IBM Watson Assistant for IBM Cloud Pak for Data, IBM Engineering Lifecycle Engineering, IBM Cloud Transformation Advisor, IBM Cloud Object Storage Systems.

https://www.ibm.com/blogs/psirt/


Sicherheitsupdate: Angreifer könnten WordPress-Websites attackieren

Die WordPress-Entwickler haben drei Lücken im Content-Management-System geschlossen.

https://heise.de/-7249431


Security updates for Wednesday

Security updates have been issued by Debian (dpdk, net-snmp, php-horde-mime-viewer, php-horde-turba, and webkit2gtk), Fedora (rsync), Oracle (openssl and systemd), Red Hat (booth, kernel, kernel-rt, and openssl), Slackware (vim), SUSE (bluez, java-1_8_0-ibm, postgresql10, and zlib), and Ubuntu (kernel, linux, linux-raspi, linux-aws, and linux-oem-5.14).

https://lwn.net/Articles/906579/


Security Advisory - Traffic Hijacking Vulnerability in Huawei Routers

http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220831-01-5370a6df-en


Grafana: Schwachstelle ermöglicht Offenlegung von Informationen

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1221


GitLab: Mehrere Schwachstellen

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1239


ArubaOS: Mehrere Schwachstellen

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1238


GNU libc: Schwachstelle ermöglicht Offenlegung von Informationen

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1234


tribe29 checkmk: Mehrere Schwachstellen

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1230


Xerox FreeFlow Print Server: Mehrere Schwachstellen

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1228


Chrome 105.0.5195.5x fixt 24 Schwachstellen

https://www.borncity.com/blog/2022/08/31/chrome-105-0-5195-5x-fixt-24-schwachstellen/