[CERT-daily] Tageszusammenfassung - 27.06.2022

Daily end-of-shift report team at cert.at
Mon Jun 27 18:06:41 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 24-06-2022 18:00 − Montag 27-06-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Fake copyright infringement emails install LockBit ransomware ∗∗∗
---------------------------------------------
LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/


∗∗∗ Clever phishing method bypasses MFA using Microsoft WebView2 apps ∗∗∗
---------------------------------------------
A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victims authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/


∗∗∗ NetSec Goggle shows search results only from cybersecurity sites ∗∗∗
---------------------------------------------
A new Brave Search Goggle modifies Brave Search results to only show reputable cybersecurity sites, making it easier to search for and find security information.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/netsec-goggle-shows-search-results-only-from-cybersecurity-sites/


∗∗∗ LockBit 3.0 introduces the first ransomware bug bounty program ∗∗∗
---------------------------------------------
The LockBit ransomware operation has released LockBit 3.0, introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/


∗∗∗ Malicious Code Passed to PowerShell via the Clipboard, (Sat, Jun 25th) ∗∗∗
---------------------------------------------
Another day, another malicious script was found! Today, the script is a Windows bat file that executes malicious PowerShell code but the way it works is interesting.
---------------------------------------------
https://isc.sans.edu/diary/rss/28784


∗∗∗ Encrypted Client Hello: Anybody Using it Yet?, (Mon, Jun 27th) ∗∗∗
---------------------------------------------
The first payload sent by a TLS client to a TLS server is a "Client Hello." It includes several parameters supported by the client, such as available cipher suites, to start negotiating a compatible set of TLS parameters with the server.
---------------------------------------------
https://isc.sans.edu/diary/rss/28792


∗∗∗ Ransomware-Gang Conti schließt Leak- und Verhandlungsplattform ∗∗∗
---------------------------------------------
Die Conti-Gruppe hinter dem gleichnamigen Erpressungstrojaner finalisiert ihren Rückzug und teilt sich weiter in kleinere Gangs auf.
---------------------------------------------
https://heise.de/-7154035


∗∗∗ Flut von Angriffen auf Paketmanager PyPI schleust Backdoor in Python-Pakete ein ∗∗∗
---------------------------------------------
Nachdem zunächst Sonatype einen Angriff auf fünf Pakete im Python-Paketmanager entdeckt hat, füllt sich die CVE-Schwachstellendatenbank mit weiteren Vorfällen.
---------------------------------------------
https://heise.de/-7154405


∗∗∗ Ransomware: Unternehmen im Gesundheitswesen zahlen am häufigsten Lösegeld ∗∗∗
---------------------------------------------
Verschlüsselungsangriffe haben vor allem in der Gesundheitsbranche in den vergangenen Monaten stark zugenommen. Die Daten sind bei Angreifern beliebt.
---------------------------------------------
https://heise.de/-7154906


∗∗∗ NIST Releases New macOS Security Guidance for Organizations ∗∗∗
---------------------------------------------
The National Institute of Standards and Technology (NIST) has published the final version of its guidance on securing macOS endpoints and assessing their security.
---------------------------------------------
https://www.securityweek.com/nist-releases-new-macos-security-guidance-organizations


∗∗∗ Vorsicht vor Fake-E-Mails der Wiener Polizei ∗∗∗
---------------------------------------------
In einem gefälschten E-Mail der Polizei werden Sie beschuldigt, eine Straftat begangen zu haben. Es geht um Kinderpornografie, Pädophilie, Cyberpornografie und Exhibitionismus. Sie werden aufgefordert, per E-Mail eine Rechtfertigung zu schicken. Antworten Sie nicht und ignorieren Sie dieses Schreiben. Es ist Fake!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-fake-e-mails-der-wiener-polizei/


∗∗∗ CISA Adds Eight Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/06/27/cisa-adds-eight-known-exploited-vulnerabilities-catalog



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Citrix dichtet Sicherheitslücken in Hypervisor ab ∗∗∗
---------------------------------------------
Der Hypervisor von Citrix enthält mehrere Schwachstellen. Angreifer könnten die Kontrolle übernehmen. Aktualisierte Pakete dichten die Lücken ab.
---------------------------------------------
https://heise.de/-7154435


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (openssl), Fedora (dotnet6.0, mediawiki, and python2.7), Mageia (389-ds-base, chromium-browser-stable, exo, and libtiff), Oracle (httpd:2.4 and microcode_ctl), SUSE (dbus-broker, drbd, kernel, liblouis, mariadb, openssl, openssl-1_1, openSUSE kernel modules, oracleasm, php7, php72, python39, salt, and wdiff), and Ubuntu (linux, linux-hwe, mozjs91, and vim).
---------------------------------------------
https://lwn.net/Articles/899158/


∗∗∗ Security Bulletin: Multiple Vulnerabilities found in Apache Tika used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-found-in-apache-tika-used-by-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collect/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35603) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-microsoft-windows-is-vulnerable-to-an-unspecified-vulnerability-due-to-ibm-java-runtime-cve-2021-35603/


∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-business-developer-8/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-business-developer-6/


∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-business-developer-7/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35550) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-microsoft-windows-is-vulnerable-to-an-unspecified-vulnerability-due-to-ibm-java-runtime-cve-2021-35550/


∗∗∗ Security Bulletin: IBM MQ is vulnerable to an issue within Jackson ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-an-issue-within-jackson/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to denial of service due to zlib (CVE-2018-25032) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-microsoft-windows-is-vulnerable-to-denial-of-service-due-to-zlib-cve-2018-25032/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-runtime-environment-java-technology-edition-affects-websphere-extreme-scale/


∗∗∗ Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-affected-by-a-remote-code-execution-in-spring-framework-cve-2022-22963-cve-2022-22965-cve-2022-22950/


∗∗∗ Spring Function Cloud DoS (CVE-2022-22979) and Unintended Function Invocation ∗∗∗
---------------------------------------------
https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list