[CERT-daily] Tageszusammenfassung - 07.09.2022

Wed Sep 7 18:07:42 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 06-09-2022 18:00 − Mittwoch 07-09-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ So schützen Sie sich vor Schadsoftware! ∗∗∗
---------------------------------------------
Auf dubiosen Websites, in betrügerischen E-Mails, in scheinbar harmlosen Chat-Nachrichten oder durch Sicherheitslücken in nicht aktualisierten Programmen: Schadsoftware kann auf unterschiedlichen Wegen auf Ihren Computer gelangen, um dort beispielsweise sensible Daten auszulesen und zu stehlen oder gar ganze Systeme lahmzulegen.
---------------------------------------------
https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-schadsoftware/


∗∗∗ Worok: The big picture ∗∗∗
---------------------------------------------
Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files.
---------------------------------------------
https://www.welivesecurity.com/2022/09/06/worok-big-picture/


∗∗∗ Wie Cyberkriminelle USB missbrauchen ∗∗∗
---------------------------------------------
Den Fluch des Universal Serial Bus (USB) und die Attraktion für Cyberkriminelle untersucht Andrew Rose, Resident CISO, EMEA bei Proofpoint, in einem Gastbeitrag.
---------------------------------------------
https://www.zdnet.de/88403293/wie-cyberkriminelle-usb-missbrauchen/?utm_source=rss&utm_medium=rss&utm_campaign=rss


∗∗∗ AA22-249A: #StopRansomware: Vice Society ∗∗∗
---------------------------------------------
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.
---------------------------------------------
https://us-cert.cisa.gov/ncas/alerts/aa22-249a


∗∗∗ Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issues ∗∗∗
---------------------------------------------
Since Aug. 20, 2022, Cisco Talos has been monitoring suspected distributed denial-of-service (DDoS) attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service (RaaS) data leak sites.
---------------------------------------------
http://blog.talosintelligence.com/2022/09/ransomware-leaksite-ddos.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins 2022-09-06 ∗∗∗
---------------------------------------------
IBM Elastic Storage System, IBM Planning Analytics Workspace, IBM Rational Asset analyzer, IBM App Connect Enterprise, IBM Integration Bus, IBM WebSphere Application Server Liberty, IBM Sterling Connect, IBM Spectrum Scale, IBM SPSS Analytic Server, IBM Business Automation Workflow.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Auf NAS-Systeme von Zyxel könnte Schadcode gelangen ∗∗∗
---------------------------------------------
Aktualisierte Firmware-Versionen schließen eine kritische Sicherheitslücke in mehreren NAS-Modellen des Herstellers Zyxel.
---------------------------------------------
https://heise.de/-7255585


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (curl, protobuf-c, and vim) and SUSE (gimp, java-1_8_0-openj9, libostree, openvswitch, python-bottle, python-Flask-Security-Too, and zabbix).
---------------------------------------------
https://lwn.net/Articles/907382/


∗∗∗ K12055286: Intel CPU vulnerability CVE-2021-33060 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K12055286


∗∗∗ Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-039/


∗∗∗ Helmholz: Unauthenticated user enumeration in myREX24 and myREX24.virtual ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-017/


∗∗∗ MB connect line: Unauthenticated user enumeration in mbCONNECT24 and mymbCONNECT24 ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-011/


∗∗∗ [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.21.0: Patch SC-202209.1 ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2022-18

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily