[CERT-daily] Tageszusammenfassung - 20.06.2022

Mon Jun 20 18:22:07 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 17-06-2022 18:00 − Montag 20-06-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Kritische CVE-2022-20825 in Cisco Small-Business-Routern wird nicht gefixt ∗∗∗
---------------------------------------------
In den Small-Business-Routern RV110W, RV130, RV130W und RV215W gibt es eine kritische Schwachstelle CVE-2022-20825, die mit dem CVE-Wert von 9.8 bewertet wurde. Auf Grund einer fehlenden Authentifizierung ermöglicht die Schwachstelle sowohl eine Remote Command Execution als auch Denial of Service-Angriffe.
---------------------------------------------
https://www.borncity.com/blog/2022/06/20/kritische-cve-2022-20825-in-cisco-small-business-routern-wird-nicht-gefixt/


∗∗∗ New phishing attack infects devices with Cobalt Strike ∗∗∗
---------------------------------------------
Security researchers have noticed a new malicious spam campaign that delivers the Matanbuchus malware to drop Cobalt Strike beacons on compromised machines.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-phishing-attack-infects-devices-with-cobalt-strike/


∗∗∗ Android-wiping BRATA malware is evolving into a persistent threat ∗∗∗
---------------------------------------------
The threat actors operating the BRATA banking trojan have evolved their tactics and incorporated new information-stealing features into their malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/android-wiping-brata-malware-is-evolving-into-a-persistent-threat/


∗∗∗ Decoding Obfuscated BASE64 Statistically ∗∗∗
---------------------------------------------
In diary entry "Houdini is Back Delivered Through a JavaScript Dropper", Xavier mentions that he had to deal with an obfuscated BASE64 string.
---------------------------------------------
https://isc.sans.edu/diary/rss/28758


∗∗∗ The Importance of White-Box Testing: A Dive into CVE-2022-21662 ∗∗∗
---------------------------------------------
When CVE-2022-21662 came out there wasn’t a much-published material regarding this vulnerability. I want to take some time to explain the importance of using a white-box approach when testing applications for vulnerabilities.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-importance-of-white-box-testing-a-dive-into-cve-2022-21662/


∗∗∗ Cerber2021 Ransomware Back in Action ∗∗∗
---------------------------------------------
In December 2021, researchers identified a new version of Cerber ransomware targeting both Linux and Windows users. In this infection, Cerber2021 was delivered by targeting the vulnerabilities in the Confluence and Gitlab servers. These vulnerabilities are tracked as CVE-2021-26084 and CVE-2021-22205, respectively.
---------------------------------------------
https://blog.cyble.com/2022/06/17/cerber2021-ransomware-back-in-action/


∗∗∗ Europol-Masche: Neue Welle betrügerischer Anrufe ∗∗∗
---------------------------------------------
Die Telefonbetrugsmasche, bei der sich die Kriminellen als Ermittlungsbehörde ausgeben, ist nicht neu. Dennoch rollt aktuell wieder eine Welle solcher Anrufe.
---------------------------------------------
https://heise.de/-7146013


∗∗∗ Erpressung per E-Mail: Hacker fordert die Überweisung von Bitcoins ∗∗∗
---------------------------------------------
Sie haben ein E-Mail von einem Hacker bekommen? Er schreibt, dass er Ihren Computer gehackt hat und Sie beim Masturbieren gefilmt hat? Er droht damit das Video zu verbreiten, wenn Sie keine Bitcoins überweisen? Im E-Mail wird sogar eines Ihrer Passwörter genannt? Machen Sie sich keine Sorgen! Dieses E-Mail ist Fake. Lassen Sie sich nicht erpressen und überweisen Sie keinesfalls Bitcoins. Ändern Sie aber umgehend Ihr Passwort!
---------------------------------------------
https://www.watchlist-internet.at/news/erpressung-per-e-mail-hacker-fordert-die-ueberweisung-von-bitcoins/


∗∗∗ Azure Attack Paths: Common Findings and Fixes (Part 1) ∗∗∗
---------------------------------------------
This post will walk through various services within the Azure catalogue and look at potential attack paths.
---------------------------------------------
https://blog.zsec.uk/azure-fundamentals-pt1/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ AWS: Amazon-Hotpatch für log4j-Lücke ermöglicht Rechteausweitung ∗∗∗
---------------------------------------------
In einem Skript zum Absichern vor der log4j-Lücke von Amazon findet sich eine Sicherheitslücke. Angreifer könnten ihre Rechte damit ausweiten.
---------------------------------------------
https://heise.de/-7145383


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cyrus-imapd, exo, sleuthkit, slurm-wlm, vim, and vlc), Fedora (golang-github-docker-libnetwork, kernel, moby-engine, ntfs-3g-system-compression, python-cookiecutter, python2.7, python3.6, python3.7, python3.8, python3.9, rubygem-mechanize, and webkit2gtk3), Mageia (bluez, dnsmasq, exempi, halibut, and php), Oracle (.NET 6.0, .NET Core 3.1, and xz), SUSE (chafa, firejail, kernel, python-Twisted, and tensorflow2), and Ubuntu (intel-microcode).
---------------------------------------------
https://lwn.net/Articles/898413/


∗∗∗ Security Advisory - Input Verification Vulnerability Involving Huawei Printer Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220620-01-6e028b61-en


∗∗∗ Security Bulletin: An Unspecified Vulnerability in Java runtime affects IBM SPSS (CVE-2021-35550) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-runtime-affects-ibm-spss-cve-2021-35550/


∗∗∗ Security Bulletin: StoredIQ Is Vulnerable To Arbitrary Code Execution Due to Apache Log4j (CVE-2021-44228). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-storediq-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44228/


∗∗∗ Security Bulletin: StoredIQ Is Vulnerable To Arbitrary Code Execution Due To Apache Log4j (CVE-2021-4104). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-storediq-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/


∗∗∗ Security Bulletin: Potential module resolution error in DataPower Operator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-module-resolution-error-in-datapower-operator/


∗∗∗ Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in jackson-databind (217968) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-may-be-affected-by-denial-of-service-vulnerability-in-jackson-databind-217968/


∗∗∗ Security Bulletin: StoredIQ is vulnerable to denial of service and remote code execution in Apache Log4j (CVE-2021-44228, CVE-2021-45046). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-storediq-is-vulnerable-to-denial-of-service-and-remote-code-execution-in-apache-log4j-cve-2021-44228-cve-2021-45046/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-apache-thrift-4/


∗∗∗ Security Bulletin: IBM Robotic Process Automation is vulnerable to configuration credentials unencrypted in system memory (CVE-2022-22414) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-configuration-credentials-unencrypted-in-system-memory-cve-2022-22414/


∗∗∗ Security Bulletin: IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-wincollect-is-vulnerable-to-using-components-with-known-vulnerabilities/


∗∗∗ Security Bulletin: Potential Denial of Service in IBM DataPower Gateway (CVE-2022-23806) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-denial-of-service-in-ibm-datapower-gateway-cve-2022-23806/


∗∗∗ Security Bulletin: IBM Integration Bus is vulnerable to arbitrary code execution due to json-schema (CVE-2021-3918) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-is-vulnerable-to-arbitrary-code-execution-due-to-json-schema-cve-2021-3918/


∗∗∗ Security Bulletin: IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics for Communications Service Providers and Datasets Impacted by Log4j Vulnerabilities ( CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-analytic-accelerator-framework-for-communication-service-providers-ibm-customer-and-network-analytics-for-communications-service-providers-and-datasets-impacted-by-log4j-v-2/


∗∗∗ Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in JDOM (CVE-2021-33813) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-may-be-affected-by-denial-of-service-vulnerability-in-jdom-cve-2021-33813/


∗∗∗ Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-22444) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-denial-of-service-due-to-lpd-cve-2022-22444-2/


∗∗∗ Security Bulletin: Vulnerabilities with Kernel, Eclipse Jetty, and OpenJDK affect IBM Cloud Object Storage Systems (June 2022) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-eclipse-jetty-and-openjdk-affect-ibm-cloud-object-storage-systems-june-2022/


∗∗∗ Security Bulletin: Cúram Social Program Management is affected by session timeout issues (CVE-2022-22318, CVE-2022-22317) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-is-affected-by-session-timeout-issues-cve-2022-22318-cve-2022-22317/


∗∗∗ Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980) ∗∗∗
---------------------------------------------
https://spring.io/blog/2022/06/20/spring-data-mongodb-spel-expression-injection-vulnerability-cve-2022-22980

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily