[CERT-daily] Tageszusammenfassung - 07.06.2022

Daily end-of-shift report team at cert.at
Tue Jun 7 19:12:46 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 03-06-2022 18:00 − Dienstag 07-06-2022 18:15
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ WatchDog hacking group launches new Docker cryptojacking campaign ∗∗∗
---------------------------------------------
​The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/watchdog-hacking-group-launches-new-docker-cryptojacking-campaign/


∗∗∗ QBot now pushes Black Basta ransomware in bot-powered attacks ∗∗∗
---------------------------------------------
The Black Basta ransomware gang has partnered with the QBot malware operation to gain spread laterally through hacked corporate environments.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qbot-now-pushes-black-basta-ransomware-in-bot-powered-attacks/


∗∗∗ Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware ∗∗∗
---------------------------------------------
A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady.
---------------------------------------------
https://thehackernews.com/2022/06/researchers-warn-of-spam-campaign.html


∗∗∗ Neues Phishing-E-Mail der Erste Bank und Sparkasse ∗∗∗
---------------------------------------------
Aktuell kursiert ein neues Phishing-E-Mail im Namen der Erste Bank und Sparkasse. Im Schreiben werden Sie über eine angebliche Abbuchung von 1 259 Euro informiert.
---------------------------------------------
https://www.watchlist-internet.at/news/neues-phishing-e-mail-der-erste-bank-und-sparkasse/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Fortiguard June 2022 Vulnerability Advisories ∗∗∗
---------------------------------------------
FortiAP-U, FortiDDoS, FortiOS, FortiAnalyzer, FortiManager, FortiSandbox, FortiTokenMobile, FortiAuthenticator, Apache Airflow and FortiClient.
---------------------------------------------
https://www.fortiguard.com/psirt-monthly-advisory/june-2022-vulnerability-advisories


∗∗∗ Jetzt patchen! Lage um Attacken auf Atlassian Confluence spitzt sich zu ∗∗∗
---------------------------------------------
Aufgrund von öffentlich verfügbarem Exploit-Code steigen die Attacken auf Confluence-Instanzen. Patches sind jetzt verfügbar.
---------------------------------------------
https://heise.de/-7132633


∗∗∗ Patchday: Google schließt Kernel- und Software-Lücken in Android ∗∗∗
---------------------------------------------
Besitzer von Android-Hardware sollte ihre Geräte aus Sicherheitsgründen auf den aktuellen Stand bringen.
---------------------------------------------
https://heise.de/-7133294


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (clamav, firefox-esr, pidgin, and thunderbird), Fedora (dotnet3.1, firefox, kernel, vim, and webkit2gtk3), Mageia (firefox/nss/nspr, gimp, logrotate, mariadb, thunderbird, trojita, webkit2, and webmin), Oracle (thunderbird), Red Hat (compat-openssl11, postgresql:10, postgresql:12, and thunderbird), Slackware (pidgin), and SUSE (openvpn).
---------------------------------------------
https://lwn.net/Articles/897163/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (glib2.0, librecad, and php-horde-mime-viewer), Fedora (vim), and Ubuntu (freerdp2, ruby2.3, ruby2.5, ruby2.7, ruby3.0, and vim).
---------------------------------------------
https://lwn.net/Articles/897226/


∗∗∗ Critical U-Boot Vulnerability Allows Rooting of Embedded Systems ∗∗∗
---------------------------------------------
A critical vulnerability in the U-Boot boot loader could be exploited to write arbitrary data, which can allow an attacker to root Linux-based embedded systems, according to NCC Group.
---------------------------------------------
https://www.securityweek.com/critical-u-boot-vulnerability-allows-rooting-embedded-systems


∗∗∗ Security Advisory -Input Verification Vulnerabilities Involved in Huawei Printer Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220608-01-1a91f8a4-en


∗∗∗ Security Bulletin: IBM Cognos Controller is affected but not vulnerable to arbitrary code execution and SQL injection due to Apache Log4j v1 vulnerabilities (CVE-2022-23305, CVE-2022-23302, CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-is-affected-but-not-vulnerable-to-arbitrary-code-execution-and-sql-injection-due-to-apache-log4j-v1-vulnerabilities-cve-2022-23305-cve-2022-23302-cve-2021-4/


∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-18/


∗∗∗ Security Bulletin: Public disclosed vulnerability from OpenSSL affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerability-from-openssl-affects-ibm-netezza-host-management-3/


∗∗∗ Security Bulletin: IBM DataPower Gateway affected by prototype pollution in DOJO (CVE-2021-23450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-affected-by-prototype-pollution-in-dojo-cve-2021-23450/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL Injection (CVE-2022-31768) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-sql-injection-cve-2022-31768/


∗∗∗ Security Bulletin: Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-36090, CVE-2021-35517) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-as-used-by-ibm-qradar-siem-is-vulnerable-to-denial-of-service-cve-2021-35515-cve-2021-35516-cve-2021-36090-cve-2021-35517/


∗∗∗ Security Bulletin: CP4D Match 360 is vulnerable to remote attacker executing arbitrary code within IBM WebSphere Application Server Liberty (CVE-2021-23450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cp4d-match-360-is-vulnerable-to-remote-attacker-executing-arbitrary-code-within-ibm-websphere-application-server-liberty-cve-2021-23450/


∗∗∗ Security Bulletin: Vulnerabilities have been identified in Apache Log4j and the application code shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-apache-log4j-and-the-application-code-shipped-with-the-ds8000-hardware-management-console-hmc-3/


∗∗∗ Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector-system-is-affected-by-multiple-apache-http-server-vulnerabilities/


∗∗∗ Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-data-system-1-0-is-vulnerable-to-denial-of-service-due-to-apache-log4j-cve-2021-45105/


∗∗∗ Security Bulletin: Multiple vulnerabilities in multiple dependencies affect IBM MessageGateway/ MessageSight ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-multiple-dependencies-affect-ibm-messagegateway-messagesight/


∗∗∗ Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway uses Eclipse Jetty with multiple known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maas360-mobile-enterprise-gateway-uses-eclipse-jetty-with-multiple-known-vulnerabilities/


∗∗∗ Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maas360-cloud-extender-agent-mobile-enterprise-gateway-and-vpn-module-have-multiple-vulnerabilities-cve-2021-22060-cve-2022-22950-cve-2022-0547-cve-2022-0778-cve-2022-2296/


∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in NumPy. (CVE-2021-33430). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-numpy-cve-2021-33430/


∗∗∗ K29421535: Intel processor vulnerability CVE-2021-33117 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K29421535


∗∗∗ K95204515: Intel CPU vulnerability CVE-2022-21151 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K95204515


∗∗∗ Grafana: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K22-0690


∗∗∗ Case update: DIVD-2022-00032 - Exchange backdoor ∗∗∗
---------------------------------------------
https://csirt.divd.nl/cases/DIVD-2022-00032/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list