[CERT-daily] Tageszusammenfassung - 11.08.2022

Thu Aug 11 18:31:12 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 10-08-2022 18:00 − Donnerstag 11-08-2022 18:00
Handler:     Stephan Richter
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ OpenTIP, command line edition ∗∗∗
---------------------------------------------
We released Python-based command line tools for our OpenTIP service that also implement a client class that you can reuse in your own tools.
---------------------------------------------
https://securelist.com/opentip-command-line-edition/107109/


∗∗∗ InfoStealer Script Based on Curl and NSudo, (Thu, Aug 11th) ∗∗∗
---------------------------------------------
If sudo is a well known tool used daily by most UNIX system administrators, NSudo remains less below the radar. This is a tool running on Microsoft Windows which allows you to execute processes with different access tokens and privileges like System, TrustedInstaller and CurrentUser.
---------------------------------------------
https://isc.sans.edu/diary/rss/28932


∗∗∗ capa v4: casting a wider .NET ∗∗∗
---------------------------------------------
We are excited to announce version 4.0 of capa with support for analyzing .NET executables. This open-source tool automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering.
---------------------------------------------
https://www.mandiant.com/resources/capa-v4-casting-wider-net


∗∗∗ Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study ∗∗∗
---------------------------------------------
A recently uncovered malware sample dubbed ‘Saitama’ was uncovered by security firm Malwarebytes in a weaponized document, possibly targeted towards the Jordan government. This Saitama implant uses DNS as its sole Command and Control channel and utilizes long sleep times and (sub)domain randomization to evade detection.
---------------------------------------------
https://research.nccgroup.com/2022/08/11/detecting-dns-implants-old-kitten-new-tricks-a-saitama-case-study/


∗∗∗ Palo Alto Networks Firewalls Targeted for Reflected, Amplified DDoS Attacks ∗∗∗
---------------------------------------------
Palo Alto Networks is working on fixes for a reflected amplification denial-of-service (DoS) vulnerability that impacts PAN-OS, the platform powering its next-gen firewalls.
---------------------------------------------
https://www.securityweek.com/palo-alto-networks-firewalls-targeted-reflected-amplified-ddos-attack


∗∗∗ Years after claiming DogWalk wasn’t a vulnerability, Microsoft confirms flaw is being exploited and issues patch ∗∗∗
---------------------------------------------
This week Microsoft finally released a patch for a zero-day security flaw being exploited by hackers, that the company had claimed since 2019 was not actually a vulnerability.
---------------------------------------------
https://www.bitdefender.com/blog/hotforsecurity/years-after-claiming-dogwalk-wasnt-a-vulnerability-microsoft-confirms-flaw-is-being-exploited-and-issues-patch/


∗∗∗ BlueSky Ransomware: Fast Encryption via Multithreading ∗∗∗
---------------------------------------------
BlueSky ransomware is an emerging family that has adopted modern techniques to evade security defenses.
---------------------------------------------
https://unit42.paloaltonetworks.com/bluesky-ransomware/


∗∗∗ AA22-223A: #StopRansomware: Zeppelin Ransomware ∗∗∗
---------------------------------------------
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Zeppelin ransomware IOCs and TTPs associated with ransomware variants identified through FBI investigations as recently as 21 June 2022.
---------------------------------------------
https://us-cert.cisa.gov/ncas/alerts/aa22-223a


∗∗∗ Cisco Talos shares insights related to recent cyber attack on Cisco ∗∗∗
---------------------------------------------
On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate.
---------------------------------------------
http://blog.talosintelligence.com/2022/08/recent-cyber-attack.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical Flaws Disclosed in Device42 IT Asset Management Software ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited, could enable a malicious actor to seize control of affected systems.
---------------------------------------------
https://thehackernews.com/2022/08/critical-flaws-disclosed-in-device42-it.html


∗∗∗ [R1] Nessus Version 8.15.6 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
Two separate vulnerabilities that utilize the Audit functionality in Nessus were discovered, reported and fixed.
---------------------------------------------
https://www.tenable.com/security/tns-2022-16


∗∗∗ Cisco: Angreifer könnten an private RSA-Schlüssel in ASA und Firepower gelangen ∗∗∗
---------------------------------------------
Der Netzwerkausrüster Cisco schließt mit aktualisierter Software eine Sicherheitslücke in ASA und Firepower. Angreifer könnten private RSA-Keys auslesen.
---------------------------------------------
https://heise.de/-7216863


∗∗∗ Kritische Sicherheitslücke in Zoho ManageEngine OpManager ∗∗∗
---------------------------------------------
Zoho hat Updates veröffentlicht, die eine kritische und weitere Sicherheitslücken in ManageEngine OpManager schließen. Angreifer könnten unbefugt zugreifen.
---------------------------------------------
https://heise.de/-7217521


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Gentoo (aiohttp, faac, isync, motion, and nextcloud), Red Hat (.NET 6.0), SUSE (libnbd, oracleasm, python-codecov, rubygem-tzinfo, sssd, and thunderbird), and Ubuntu (http-parser, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi, linux-intel-iotg, linux-oem-5.14, linux-oem-5.17, and node-moment).
---------------------------------------------
https://lwn.net/Articles/904457/


∗∗∗ Organizations Warned of Critical Vulnerabilities in NetModule Routers ∗∗∗
---------------------------------------------
Flashpoint is warning organizations of two newly identified critical vulnerabilities in NetModule Router Software (NRSW) that could be exploited in attacks.
---------------------------------------------
https://www.securityweek.com/organizations-warned-critical-vulnerabilities-netmodule-routers


∗∗∗ BOSCH-SA-463993: SafeLogic Designer vulnerabilities ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-463993.html


∗∗∗ Drupal: jQuery UI Checkboxradio - Moderately critical - Cross site scripting - SA-CONTRIB-2022-052 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-052


∗∗∗ Security Bulletin: Vulnerability in the Node.js got module affects IBM Event Streams (CVE-2022-33987) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-the-node-js-got-module-affects-ibm-event-streams-cve-2022-33987/


∗∗∗ Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-31129 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-automation-assets-in-ibm-cloud-pak-for-integration-is-vulnerable-to-denial-of-service-due-to-cve-2022-31129/


∗∗∗ Security Bulletin: Multiple security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-has-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/


∗∗∗ Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-multiple-vulnerabilities/


∗∗∗ Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote access due to Go CVE-2022-29526 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-remote-access-due-to-go-cve-2022-29526/


∗∗∗ Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to information disclosure CVE-2022-30629 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-information-disclosure-cve-2022-30629/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily