[CERT-daily] Tageszusammenfassung - 13.07.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 12-07-2022 18:00 − Mittwoch 13-07-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud ∗∗∗
---------------------------------------------
A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the user had enabled multifactor authentication (MFA).
---------------------------------------------
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/


∗∗∗ Using Referers to Detect Phishing Attacks, (Wed, Jul 13th) ∗∗∗
---------------------------------------------
Referers are useful information for webmasters and system administrators that would like to have a better overview of the visitors browsing their websites. The referer is an HTTP header that identifies the address of the web page from which the resource has been requested.
---------------------------------------------
https://isc.sans.edu/diary/rss/28836


∗∗∗ Infected WordPress Site Reveals Malicious C&C Script ∗∗∗
---------------------------------------------
Cryptomining infections accounted for less than 4% of total detections last year. Despite the fact that CoinHive – one of the most popular JavaScript based miners – shut down its operations in 2019, we still find occasional infections on compromised environments during remote and server-side scans.
---------------------------------------------
https://blog.sucuri.net/2022/07/infected-wordpress-site-reveals-malicious-cc-script.html


∗∗∗ Researchers Uncover New Attempts by Qakbot Malware to Evade Detection ∗∗∗
---------------------------------------------
The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection.
---------------------------------------------
https://thehackernews.com/2022/07/researchers-uncover-new-attempts-by.html


∗∗∗ Open-Source-Tool von Microsoft erstellt "Software Bill of Materials" ∗∗∗
---------------------------------------------
Das SBOM-Tool Salus listet alle Komponenten und Dependencies von Projekten auf, um potenzielle Schwachstellen in der Software Supply Chain aufzuspüren.
---------------------------------------------
https://heise.de/-7177889


∗∗∗ Vorsicht vor Fake-Shops am Energiesektor! ∗∗∗
---------------------------------------------
Zahlreichen Fake-Shops mit Brennholz, lassen Kriminelle nun Photovoltaik-Shops wie solanex.de und solarnetz.at folgen. Die aktuelle Energiekrise soll offenbar maximal ausgenützt werden.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-fake-shops-am-energiesektor/


∗∗∗ Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption ∗∗∗
---------------------------------------------
We show how metadata encryption and decryption contributes to making Cobalt Strike an effective emulator that is difficult to defend against.
---------------------------------------------
https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encryption-decryption/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ AMD Prozessoren: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann mehrere Schwachstellen in AMD Prozessoren ausnutzen, um beliebigen Programmcode auszuführen oder Informationen offenzulegen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0665


∗∗∗ Intel Prozessoren: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um Informationen offenzulegen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0650


∗∗∗ Microsoft Security Update Summary (12. Juli 2022) ∗∗∗
---------------------------------------------
Am 12. Juli 2022 hat Microsoft Sicherheitsupdates für Windows-Clients und -Server, für Office usw. – sowie für weitere Produkte – veröffentlicht. Die Sicherheitsupdates beseitigen zudem 84 Schwachstellen, davon einen 0-day.
---------------------------------------------
https://www.borncity.com/blog/2022/07/12/microsoft-security-update-summary-12-juli-2022/


∗∗∗ Adobe dichtet teils kritische Lücken ab ∗∗∗
---------------------------------------------
In Adobe Acrobat und Reader, Photoshop, RoboHelp und Character Animator schließt der Hersteller Sicherheitslücken. Einige sind kritisch.
---------------------------------------------
https://heise.de/-7177696


∗∗∗ IBM Security Bulletins 2022-07-12 ∗∗∗
---------------------------------------------
IBM Answer Retrieval for Watson Discovery, IBM Event Streams, IBM QRadar Network Security, IBM Cloud, Content Manager OnDemand, IBM Rational Build Forge, IBM App Connect Enterprise, IBM Sterling Connect, Digital Certificate Manager, Enterprise Content Management System Monitor.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (xen), Mageia (x11-server), SUSE (chromium, kernel, pcre, pcre2, squid, and xorg-x11-server), and Ubuntu (gnupg, gnupg2, uriparser, xorg-server, xorg-server-hwe-16.04, and xorg-server, xorg-server-hwe-18.04, xwayland).
---------------------------------------------
https://lwn.net/Articles/901029/


∗∗∗ Ruby on Rails: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
Ein entfernter Angreifer kann eine Schwachstelle in Ruby on Rails ausnutzen, um beliebigen Programmcode auszuführen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0662


∗∗∗ ZDI-22-968: BMC Track-It! HTTP Module Improper Access Control Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-968/


∗∗∗ ZDI-22-967: BMC Track-It! GetPopupSubQueryDetails SQL Injection Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-967/


∗∗∗ VMSA-2022-0020 - VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0020.html


∗∗∗ VMSA-2022-0019 - VMware vRealize Log Insight contains multiple stored cross-site scripting vulnerabilities ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0019.html


∗∗∗ VMSA-2022-0018 - VMware vCenter Server updates address a server-side request forgery vulnerability ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0018.html


∗∗∗ Dahua ASI7213X-T1 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-193-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily