[CERT-daily] Tageszusammenfassung - 09.06.2022

Thu Jun 9 19:29:07 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 08-06-2022 18:00 − Donnerstag 09-06-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New Emotet Variant Stealing Users Credit Card Information from Google Chrome ∗∗∗
---------------------------------------------
The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. 
---------------------------------------------
https://thehackernews.com/2022/06/new-emotet-variant-stealing-users.html


∗∗∗ MakeMoney malvertising campaign adds fake update template ∗∗∗
---------------------------------------------
We catch up with some old acquaintances that just arent ready to hang up the towel just yet. The post MakeMoney malvertising campaign adds fake update template appeared first on Malwarebytes Labs.
---------------------------------------------
https://blog.malwarebytes.com/threat-intelligence/2022/06/makemoney-malvertising-campaign-adds-fake-update-template/


∗∗∗ ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat ∗∗∗
---------------------------------------------
A review of whats changed in malware in 2022, and what hasnt, based on Adam Kujawas talk at RSAC 2022. The post ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat appeared first on Malwarebytes Labs.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2022/06/asyncrat-surpasses-dridex-trickbot-and-emotet-to-become-dominant-email-threat/


∗∗∗ Nebenjob als Betrugshelfer:in – Vorsicht vor europost-eu.biz ∗∗∗
---------------------------------------------
Ein vielversprechender Nebenjob als Paketempfänger:in lockt mit Home-Office und guten Arbeitsbedingungen. Für 25 € pro Stunde müssen Sie Pakete empfangen und weiterversenden. Was nicht erwähnt wird: Nehmen Sie den Job an, beteiligen Sie sich möglicherweise an Bestellbetrug und machen sich strafbar!
---------------------------------------------
https://www.watchlist-internet.at/news/nebenjob-als-betrugshelferin-vorsicht-vor-europost-eubiz/


∗∗∗ LockBit 2.0: How This RaaS Operates and How to Protect Against It ∗∗∗
---------------------------------------------
LockBit 2.0 has so far been this years most active ransomware gang on double-extortion leak sites. Learn about their tactics.
---------------------------------------------
https://unit42.paloaltonetworks.com/lockbit-2-ransomware/


∗∗∗ How to audit Node.js modules ∗∗∗
---------------------------------------------
Node.js is one of the best and most widely used Javascript runtimes used for building APIs. But, this popularity status has led to many hackers distributing insecure modules that exploit the Node.js application or provide a weak point for exploitation.
---------------------------------------------
https://mattermost.com/blog/how-to-audit-nodejs-modules/


∗∗∗ Follina-Schwachstelle (CVE-2022-30190): Neue Erkenntnisse, neue Risiken (9.6.2022) ∗∗∗
---------------------------------------------
Die seit Ende Mai 2022 bekannt gewordene Schwachstelle CVE-2022-30190 (Follina) in Windows entwickelt sich langsam zum Problembär. Die von Microsoft und hier im Blog beschriebenen Gegenmaßnahmen erscheinen nicht ausreichend.
---------------------------------------------
https://www.borncity.com/blog/2022/06/09/follina-schwachstelle-cve-2022-30190-neue-erkenntnisse-neue-risiken/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitslücken in veralteten Zyxel-Firewalls: Neukauf als Fix ∗∗∗
---------------------------------------------
Der Netzwerkausrüster Zyxel warnt vor Sicherheitslücken in älteren Firewalls, deren Support ausgelaufen ist. Abhilfe schaffe der Austausch mit neueren Geräten.
---------------------------------------------
https://heise.de/-7135405


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mailman and python-bottle), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, subversion:1.14, and xz), Scientific Linux (python-twisted-web), Slackware (httpd), and Ubuntu (ca-certificates, ffmpeg, ghostscript, and varnish).
---------------------------------------------
https://lwn.net/Articles/897372/


∗∗∗ Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat ∗∗∗
---------------------------------------------
Symbiote is a new Linux malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on machines.
---------------------------------------------
https://www.intezer.com/blog/research/new-linux-threat-symbiote/


∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vulnerable-to-directory-traversal-due-to-moment-js-cve-2022-24785-2/


∗∗∗ Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104-2/


∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting due to Angular (220414) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vulnerable-to-cross-site-scripting-due-to-angular-220414-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2022) affects IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-january-2022-affects-ibm-infosphere-information-server/


∗∗∗ Security Bulletin: IBM Rational Software Architect RealTime Edition (RSA RT) is vulnerable to Apache Log4j2 – CVE-2021-44832 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-software-architect-realtime-edition-rsa-rt-is-vulnerable-to-apache-log4j2-cve-2021-44832/


∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vulnerable-to-denial-of-service-due-to-gson-217225-3/


∗∗∗ Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to exposure of sensitive information (CVE-2021-35603) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-exposure-of-sensitive-information-cve-2021-35603-2/


∗∗∗ Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-databind-affects-ibm-process-mining-multiple-cves/


∗∗∗ K13559191: Linux kernel vulnerability CVE-2022-25636 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K13559191?utm_source=f5support&utm_medium=RSS


∗∗∗ Xen Security Advisory CVE-2022-26363, CVE-2022-26364 / XSA-402 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-402.html


∗∗∗ Xen Security Advisory CVE-2022-26362 / XSA-401 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-401.html


∗∗∗ Case opened: DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution ∗∗∗
---------------------------------------------
https://csirt.divd.nl/cases/DIVD-2021-00037/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily