End-of-Day report
Timeframe: Donnerstag 08-09-2022 18:00 - Freitag 09-09-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Bumblebee malware adds post-exploitation tool for stealthy infections
A new version of the Bumblebee malware loader has been spotted in the wild, featuring a new infection chain that uses the PowerSploit framework for stealthy reflective injection of a DLL payload into memory.
https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/
GIFShell attack creates reverse shell using Microsoft Teams GIFs
A new attack technique called GIFShell allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using ... GIFs.
https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/
What Is Clickjacking and How Do I Prevent It?
There are a plethora of techniques that attackers use to redirect site visitors and harvest sensitive information on compromised websites. But when most webmasters think about securing their website, they often don-t think about how attackers can inject clicks on it from another site.
https://blog.sucuri.net/2022/09/what-is-clickjacking-and-how-do-i-prevent-it.html
Credential Gathering From Third-Party Software
Users often store passwords in third-party software for convenience - but credential gathering techniques can target this behavior.
https://unit42.paloaltonetworks.com/credential-gathering-third-party-software/
Vulnerabilities
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts
A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said.
https://thehackernews.com/2022/09/hackers-exploit-zero-day-in-wordpress.html
Sicherheitslücke in vorinstalliertem Tool HP Support Assistant geschlossen
HP Support Assistant ist standardmäßig auf HP-Computern installiert. Eine Schwachstelle gefährdet nun Systeme.
https://heise.de/-7258790
Security updates for Friday
Security updates have been issued by Fedora (mediawiki), SUSE (libEMF, libnl-1_1, libnl3, mariadb, nodejs16, php8-pear, postgresql12, and rubygem-rake), and Ubuntu (linux-raspi, linux-raspi-5.4, and tiff).
https://lwn.net/Articles/907573/
CISA Adds Twelve Known Exploited Vulnerabilities to Catalog
CISA has added twelve new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
https://us-cert.cisa.gov/ncas/current-activity/2022/09/08/cisa-adds-twelve-known-exploited-vulnerabilities-catalog
Security Bulletin: Multiple vulnerabilities have been identified in Oracle April 2022 CPU for Java 8 shipped with IBM® Intelligent Operations Center(CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-oracle-april-2022-cpu-for-java-8-shipped-with-ibm-intelligent-operations-centercve-2022-21496-cve-2022-21434-cve-2022-2144/
Security Bulletin: A vulnerability foud in IBM Installation Manager which is shipped with IBM® Intelligent Operations Center(CVE-2021-36374)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-foud-in-ibm-installation-manager-which-is-shipped-with-ibm-intelligent-operations-centercve-2021-36374/
Security Bulletin: A vulnerability have been identified in Java 8 shipped with IBM® Intelligent Operations Center (CVE-2021-35561)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-java-8-shipped-with-ibm-intelligent-operations-center-cve-2021-35561/
Security Bulletin: A vulneraqbility in Zlib affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-25032)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-zlib-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2018-25032/
Security Bulletin: A vulnerability foud in IBM Installation Manager which is shipped with IBM® Intelligent Operations Center(CVE-2021-36373)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-foud-in-ibm-installation-manager-which-is-shipped-with-ibm-intelligent-operations-centercve-2021-36373/
Security Bulletin: IBM Sterling Connect:Direct for i5/OS is vulnerable to denial of service due to Zlib (CVE-2018-25032)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-i5-os-is-vulnerable-to-denial-of-service-due-to-zlib-cve-2018-25032/
Security Bulletin: Multiple vulnerabilities found in IBM DB2 which is shipped with IBM® Intelligent Operations Center(CVE-2021-38931, CVE-2021-29678, CVE-2021-20373, CVE-2021-39002, CVE-2021-38926)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-found-in-ibm-db2-which-is-shipped-with-ibm-intelligent-operations-centercve-2021-38931-cve-2021-29678-cve-2021-20373-cve-2021-39002-cve-2021-3892/
Security Bulletin: A vulnerability found in Apache HttpClient which is shipped with IBM® Intelligent Operations Center (CVE-2020-13956)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-found-in-apache-httpclient-which-is-shipped-with-ibm-intelligent-operations-center-cve-2020-13956/
Security Bulletin: XML vulnerability found in IBM Java 8.0 which is shipped with IBM® Intelligent Operations Center (CVE-2022-21299)
https://www.ibm.com/blogs/psirt/security-bulletin-xml-vulnerability-found-in-ibm-java-8-0-which-is-shipped-with-ibm-intelligent-operations-center-cve-2022-21299/
Security Bulletin: A vulnerability found in XMLBeans which hipped with IBM® Intelligent Operations Center (CVE-2021-23926)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-found-in-xmlbeans-which-hipped-with-ibm-intelligent-operations-center-cve-2021-23926/
Security Bulletin: Multiple vulnerabilities found in IBM MQ and Java 8 which is shipped with IBM® Intelligent Operations Center(CVE-2021-2388, CVE-2021-2369, CVE-2021-2432)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-found-in-ibm-mq-and-java-8-which-is-shipped-with-ibm-intelligent-operations-centercve-2021-2388-cve-2021-2369-cve-2021-2432/
Security Bulletin: A vulnerability have been identified in IBM Java 8 shipped with IBM® Intelligent Operations Center (CVE-2021-35603)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-ibm-java-8-shipped-with-ibm-intelligent-operations-center-cve-2021-35603/
Security Bulletin: A vulneraqbility in Zlib affects IBM Tivoli Composite Application Manager for Transactions Response Time agents (CVE-2018-25032)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-zlib-affects-ibm-tivoli-composite-application-manager-for-transactions-response-time-agents-cve-2018-25032/
Security Bulletin: A vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM® Intelligent Operations Center (CVE-2021-29842)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-liberty-shipped-with-ibm-intelligent-operations-center-cve-2021-29842/