[CERT-daily] Tageszusammenfassung - 04.07.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 01-07-2022 18:00 − Montag 04-07-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Raspberry Robin: Microsoft warnt vor mysteriösem Wurm ∗∗∗
---------------------------------------------
Die Schadsoftware verbreitet sich über USB-Sticks. Unklar bleibt, wer die Urheber*innen sind und welches Ziel damit verfolgt wird.
---------------------------------------------
https://futurezone.at/digital-life/raspberry-robin-wurm-windows-microsoft-warnt-usb/402061579


∗∗∗ Warnung vor Hackerangriffen auf Politiker ∗∗∗
---------------------------------------------
Das BSI und der Verfassungsschutz warnen vor Hackern, die durch einen einfachen Trick den Zugang zu Chats von hochrangigen Politikern erlangen könnten.
---------------------------------------------
https://www.tagesschau.de/investigativ/ndr-wdr/hacker-angriffe-verfassungsschutz-bsi-101.html


∗∗∗ Gefälschtes ÖBB-Gewinnspiel auf WhatsApp ∗∗∗
---------------------------------------------
Viele WhatsApp-Nutzer:innen verbreiten unter ihren Kontakten unwissentlich ein Fake-ÖBB-Gewinnspiel. Die Nachricht lautet „ÖBB 100 Jahre Staatliche Verkehrsförderung! Jeder Bürger kann sich über…“. Darunter ist ein Link. Der Link führt zu einem gefälschten Gewinnspiel. Klicken Sie nicht auf den Link, Sie werden abgezockt. Ignorieren Sie die Nachricht und melden Sie sie an WhatsApp.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschtes-oebb-gewinnspiel-auf-whatsapp/


∗∗∗ CISA fordert US-Einrichtungen zum Patchen von CVE-2022-26925 in AD-Umgebungen auf ∗∗∗
---------------------------------------------
Zum 1. Juli 2022 hat die US Cybersecurity & Infrastructur Security Agency (CISA) erneut den Patch für die Schwachstelle CVE-2022-26925 (Active Directory) in die Liste der zu schließenden Schwachstellen aufgenommen (soll bis 22. 7. 2022 geschlossen werden).
---------------------------------------------
https://www.borncity.com/blog/2022/07/04/cisa-fordert-us-einrichtungen-zum-patchen-von-cve-2022-26925-in-ad-umgebungen-auf/


∗∗∗ Cloud OSINT. Finding Interesting Resources ∗∗∗
---------------------------------------------
Locating sensitive information, personally identifiable information (PII) and questionable assets in the cloud. TL; DR I had a curiosity driven excursion into the public clouds of AWS and Azure to [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/cloud-osint-finding-interesting-resources/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Django fixes SQL Injection vulnerability in new releases ∗∗∗
---------------------------------------------
Django, an open source Python-based web framework has patched a high severity vulnerability in its latest releases. Tracked as CVE-2022-34265, the potential SQL Injection vulnerability impacts Djangos main branch, and versions 4.1 (currently in beta), 4.0, and 3.2, with patches and new releases issued fixing the vulnerability.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/django-fixes-sql-injection-vulnerability-in-new-releases/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gnupg2 and kernel), Fedora (golang-github-apache-beam-2, golang-github-etcd-io-gofail, golang-github-intel-goresctrl, golang-github-spf13-cobra, golang-k8s-pod-security-admission, and vim), Oracle (.NET 6.0, compat-openssl10, compat-openssl11, cups, curl, expat, firefox, go-toolset:ol8, grub2,, gzip, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libarchive, libgcrypt, libinput, libxml2, pcre2, postgresql, python, rsync, rsyslog, [...]
---------------------------------------------
https://lwn.net/Articles/899963/


∗∗∗ libTIFF: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0544


∗∗∗ xpdf: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0543


∗∗∗ HPE FlexNetwork und FlexFabric Switches: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0542


∗∗∗ Kyocera Drucker: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0551


∗∗∗ Trend Micro Maximum Security: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0550


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-cast-iron-solution-app-connect-professional-5/


∗∗∗ Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2022 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-cloud-pak-for-business-automation-ifixes-for-june-2022/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-cast-iron-solution-app-connect-professional-4/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-cast-iron-solution-app-connect-professional-3/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-cast-iron-solution-app-connect-professional-2/


∗∗∗ Security Bulletin: Remote code execution vulnerability affect IBM Business Automation Workflow – CVE-2021-43138 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-remote-code-execution-vulnerability-affect-ibm-business-automation-workflow-cve-2021-43138/


∗∗∗ Security Bulletin: junrar Denial of Service (DoS) security vulnerability in IBM FileNet Content Manager Content Search Services (CSS) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-junrar-denial-of-service-dos-security-vulnerability-in-ibm-filenet-content-manager-content-search-services-css/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-functional-tester-8/


∗∗∗ Security Bulletin: junrar v7.4.0 and prior Denial of Service (DoS) security vulnerability in IBM FileNet Content Manager Content Search Services (CSS) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-junrar-v7-4-0-and-prior-denial-of-service-dos-security-vulnerability-in-ibm-filenet-content-manager-content-search-services-css/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily