[CERT-daily] Tageszusammenfassung - 18.07.2022

Daily end-of-shift report team at cert.at
Mon Jul 18 18:19:35 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 15-07-2022 18:00 − Montag 18-07-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Cybercrime und Trickbot-Leaks: "Wir zahlen Krankengeld und 13. Monatsgehalt"​ ∗∗∗
---------------------------------------------
Cybercrime goes Business: Ein Bewerbungsgespräch im Cybercrime-Untergrund zeigt eindrucksvoll, wie sehr sich organisiertes Verbrechen schon "normalisiert" hat.
---------------------------------------------
https://heise.de/-7182800


∗∗∗ Fake-Shop für Pellets und Brennholz kontaktiert Kund:innen auf WhatsApp ∗∗∗
---------------------------------------------
Aktuell boomen Fake-Shops für Brennholz, Pellets, Photovoltaik-Anlagen und Öfen. Der betrügerische Shop wibois.com gibt sich besonders viel Mühe, um Ihnen Geld zu stehlen. Neben professionell gestalteten Werbeanzeigen auf Facebook und Instagram, senden die Kriminellen Ihnen Bestellbestätigung und Überweisungsaufforderung auf WhatsApp. Das stiftet Vertrauen und vermittelt das Gefühl von Erreichbarkeit. Zahlen Sie nicht und blockieren Sie die Nummer!
---------------------------------------------
https://www.watchlist-internet.at/news/fake-shop-fuer-pellets-und-brennholz-kontaktiert-kundinnen-auf-whatsapp/


∗∗∗ Mit Sality-Malware infiziertes Passwort Cracking-Tool für Industrie-Steuerungen/Leitsysteme verteilt ∗∗∗
---------------------------------------------
Cyberkriminelle bewerben in sozialen Netzwerken wohl ein Tool, mit denen Kennwörter in Industriesteuerungen (ICS, PLCs) geknackt werden können.
---------------------------------------------
https://www.borncity.com/blog/2022/07/16/mit-sality-malware-infiziertes-passwort-cracking-tool-fr-industrie-steuerungen-leitsysteme-verteilt/


∗∗∗ Supply Chain Attack Technique Spoofs GitHub Commit Metadata ∗∗∗
---------------------------------------------
Security researchers at Checkmarx are warning of a new supply chain attack technique that relies on spoofed commit metadata to add legitimacy to malicious GitHub repositories.
---------------------------------------------
https://www.securityweek.com/supply-chain-attack-technique-spoofs-github-commit-metadata


∗∗∗ Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability ∗∗∗
---------------------------------------------
Google informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a padding oracle vulnerability that may affect customers using Azure Storage SDK (for Python, .NET, Java) client-side encryption (CVE-2022-30187). To mitigate this vulnerability, we released a new General Availability (GA) version of the Azure Storage SDK client-side encryption feature (v2) on July 12, 2022.
---------------------------------------------
https://msrc-blog.microsoft.com/2022/07/18/mitigation-for-azure-storage-sdk-client-side-encryption-padding-oracle-vulnerability/


∗∗∗ Month of PowerShell - Working with the Event Log, Part 3 - Accessing Message Elements ∗∗∗
---------------------------------------------
In part 3 of Working with the Event Log we look at using a third-party function to make accessing event log data much easier.
---------------------------------------------
https://www.sans.org/blog/working-with-the-event-log-part-3-accessing-message-elements?msc=rss


∗∗∗ Month of PowerShell - Working with the Event Log, Part 4 - Tweaking Event Log Settings ∗∗∗
---------------------------------------------
In this final part of this series on working with the event log in PowerShell, we look at tips and commands for tweaking event log settings.
---------------------------------------------
https://www.sans.org/blog/working-with-the-event-log-part-4-tweaking-event-log-settings?msc=rss


∗∗∗ Genesis - The Birth of a Windows Process (Part 2) ∗∗∗
---------------------------------------------
In this second and final part of the series, we will go through the exact flow CreateProcess carries out to launch a process on Windows using the APIs and Data Structure we discussed in Part 1.
---------------------------------------------
https://fourcore.io/blogs/how-a-windows-process-is-created-part-2



=====================
=  Vulnerabilities  =
=====================

∗∗∗ New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain ∗∗∗
---------------------------------------------
Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," [...]
---------------------------------------------
https://thehackernews.com/2022/07/new-netwrix-auditor-bug-could-let.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mat2 and xen), Fedora (butane, caddy, clash, direnv, geoipupdate, gitjacker, golang-bug-serial-1, golang-github-a8m-envsubst, golang-github-apache-beam-2, golang-github-aws-lambda, golang-github-cespare-xxhash, golang-github-chromedp, golang-github-cloudflare, golang-github-cloudflare-redoctober, golang-github-cockroachdb-pebble, golang-github-cucumber-godog, golang-github-dreamacro-shadowsocks2, golang-github-dustinkirkland-petname, [...]
---------------------------------------------
https://lwn.net/Articles/901699/


∗∗∗ Log4J-Schwachstelle: Mittelstand schläft, DHS sieht Problem für Jahre ∗∗∗
---------------------------------------------
Die in Java ausnutzbare Log4Shell-Schwachstelle in der Log4j-Bibliothek steckt mutmaßlich in vielen Systemen bzw. Software-Paketen. Das Problem dürfte uns noch für Jahre tangieren, schätzen Experten und im deutschen Mittelstand ist das noch nicht angekommen. Auch das Department of Homeland Security [...]
---------------------------------------------
https://www.borncity.com/blog/2022/07/17/log4j-schwachstelle-mittelstand-schlft-dhs-sieht-problem-fr-jahre/


∗∗∗ SonicWall Switch Post-Authenticated Remote Code Execution ∗∗∗
---------------------------------------------
A vulnerability in SonicWall Switch 1.1.1.0-2s and earlier allows an authenticated malicious user to perform remote code execution in the host system.
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0013


∗∗∗ Festo: Controller CECC-S,LK,D family firmware 2.4.2.0 - multiple vulnerabilities in CODESYS V3 runtime system ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-027/


∗∗∗ Festo: Controller CECC-S,LK,D family <= 2.3.8.1 - multiple vulnerabilities in CODESYS V3 runtime system ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-022/


∗∗∗ Security Bulletin: IBM UrbanCode Deploy (UCD) could disclose sensitive database information to a local user in plain text. (CVE-2022-22367) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-could-disclose-sensitive-database-information-to-a-local-user-in-plain-text-cve-2022-22367-2/


∗∗∗ Security Bulletin: The CVE-2022-34305 vulnerability in Apache Tomcat affects App Connect Professional. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-the-cve-2022-34305-vulnerability-in-apache-tomcat-affects-app-connect-professional/


∗∗∗ Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2022-0778, CVE-2021-38868, CVE-2021-29799, CVE-2021-29790, CVE-2021-29788) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilites-that-affect-ibm-engineering-requirements-quality-assistant-on-premises-cve-2022-0778-cve-2021-38868-cve-2021-29799-cve-2021-29790-cve-2021-297/


∗∗∗ Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities due to its use of IBM JAVA (CVE-2021-35560, CVE-2021-35578, CVE-2021-35565, CVE-2021-35603) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-is-vulnerable-to-multiple-vulnerabilities-due-to-its-use-of-ibm-java-cve-2021-35560-cve-2021-35578-cve-2021-35565-cve-2021-35/


∗∗∗ Security Bulletin: An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-attacker-that-gains-service-access-to-the-fsp-power9-only-or-gains-admin-authority-to-a-partition-can-compromise-partition-firmware/


∗∗∗ Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial server due to its use of Apache Xerces2 (CVE-2022-23437) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-is-vulnerable-to-a-denial-server-due-to-its-use-of-apache-xerces2-cve-2022-23437/


∗∗∗ Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects PowerVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-cve-2022-0778-affects-powervm/


∗∗∗ Security Bulletin: The vulnerability CVE-2022-21299 in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-the-vulnerability-cve-2022-21299-in-ibm-java-sdk-affects-ibm-websphere-cast-iron-solution-app-connect-professional/


∗∗∗ Security Bulletin: IBM Urbancode Deploy (UCD) vulnerable to information disclosure which can be read by a local user. (CVE-2022-22366) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-vulnerable-to-information-disclosure-which-can-be-read-by-a-local-user-cve-2022-22366-2/


∗∗∗ Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple security vulnerabilities due to its use of NodeJS (CVE-2021-22918, CVE-2021-22960, CVE-2021-22959) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-is-vulnerable-to-multiple-security-vulnerabilities-due-to-its-use-of-nodejs-cve-2021-22918-cve-2021-22960-cve-2021-22959/


∗∗∗ Security Bulletin: Vulnerability in async opensource package affects IBM VM Recovery Manager HA & DR GUI ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-async-opensource-package-affects-ibm-vm-recovery-manager-ha-dr-gui/


∗∗∗ Security Bulletin: Vulnerability in the jackson-databind component affects IBM Event Streams ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-the-jackson-databind-component-affects-ibm-event-streams/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list