[CERT-daily] Tageszusammenfassung - 05.08.2022

Fri Aug 5 18:38:09 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 04-08-2022 18:00 − Freitag 05-08-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ ENISA Threat Landscape for Ransomware Attacks ∗∗∗
---------------------------------------------
This report aims to bring new insights into the reality of ransomware incidents through mapping and studying ransomware incidents from May 2021 to June 2022.
---------------------------------------------
https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-ransomware-attacks


∗∗∗ Kopieren mit rsync anfällig für Angriffe ∗∗∗
---------------------------------------------
Die angekündigte neue rsync-Version soll verhindern, dass ein Server gezielt Dateien auf dem Client überschreibt und diesen damit kompromittiert.
---------------------------------------------
https://heise.de/-7202888


∗∗∗ VMware-Updates: Schnelles Handeln "extrem wichtig" ∗∗∗
---------------------------------------------
Admin-Zugang ohne Passwort – und das ist nur eine der zehn Lücken, für die VMware dringliche Updates bringt.
---------------------------------------------
https://heise.de/-7204524


∗∗∗ Achtung vor falschen Polizeianrufen! ∗∗∗
---------------------------------------------
Werden Sie von einer unauffälligen Nummer angerufen, wo Ihnen angeblich die Polizei verwirft, ein Verbrechen begangen zu haben? Bekommen Sie viele Anrufe, Nachrichten oder Sprachboxnachrichten von fremden Personen, die auf ein Telefongespräch hinweisen, welches Sie nicht führten? Das ist alles Teil einer Betrugsmasche.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-vor-falschen-polizeianrufen/


∗∗∗ New Linux malware brute-forces SSH servers to breach networks ∗∗∗
---------------------------------------------
A new botnet called RapperBot has emerged in the wild since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers and then establishing persistence.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-linux-malware-brute-forces-ssh-servers-to-breach-networks/


∗∗∗ Facebook finds new Android malware used by APT hackers ∗∗∗
---------------------------------------------
Meta (Facebook) has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as Bitter APT and APT36 (aka Transparent Tribe) using new Android malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/facebook-finds-new-android-malware-used-by-apt-hackers/


∗∗∗ Finding hooks with windbg ∗∗∗
---------------------------------------------
In this blogpost we are going to look into hooks, how to find them, and how to restore the original functions.
---------------------------------------------
https://blog.nviso.eu/2022/08/05/finding-hooks-with-windbg/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Kritische Lücken in Ciscos SMB-Routern ∗∗∗
---------------------------------------------
Das Web-Interface der Cisco-Router der RV-Serie ermöglicht diverse unauthentifizierte Aktionen - Updates stellen das ab.
---------------------------------------------
https://heise.de/-7203891


∗∗∗ VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal ∗∗∗
---------------------------------------------
Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device.
---------------------------------------------
https://kb.cert.org/vuls/id/495801


∗∗∗ IBM Security Bulletins 2022-08-04 ∗∗∗
---------------------------------------------
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data, IBM Security Identity Manager Virtual Appliance, IBM Robotic Process Automation, IBM Spectrum Scale Data Access Services, IBM Sterling Connect:Direct for UNIX Certified Container
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security update available in Foxit Reader for Linux 2.4.5 ∗∗∗
---------------------------------------------
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability. This occurs as the application executes the destructor under png_safe_execute. (CVE-2019-7317)
---------------------------------------------
https://www.foxit.com/support/security-bulletins.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, thunderbird, and xorg-x11-server), Debian (xorg-server), Gentoo (Babel, go, icingaweb2, lib3mf, and libmcpp), Oracle (389-ds:1.4, go-toolset:ol8, httpd, mariadb:10.5, microcode_ctl, and ruby:2.5), Red Hat (xorg-x11-server), Scientific Linux (xorg-x11-server), SUSE (buildah, go1.17, go1.18, harfbuzz, python-ujson, qpdf, u-boot, and wavpack), and Ubuntu (gnutls28, libxml2, mod-wsgi, openjdk-8, openjdk-8, openjdk-lts, openjdk-17, openjdk-18, [...]
---------------------------------------------
https://lwn.net/Articles/903997/


∗∗∗ Regarding vulnerability measure against buffer overflow for Laser Printers and Small Office Multifunction Printers – 04 August 2022 ∗∗∗
---------------------------------------------
Multiple cases of buffer overflow vulnerabilities have been identified with Canon Laser Printers and Small Office Multifunctional Printers. Related CVEs are: CVE-2022-24672, CVE-2022-24673 and CVE-2022-24674. A list of affected models is given below.
---------------------------------------------
https://www.canon-europe.com/support/product-security-latest-news/


∗∗∗ ZDI-22-1064: OPC Foundation UA .NET Standard BrowseRequest Missing Authentication Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-1064/


∗∗∗ F-Secure Linux Security und Internet GateKeeper: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0928


∗∗∗ vim: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0926

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily