Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - 09.06.2022
by Daily end-of-shift report 09 Jun '22

09 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-06-2022 18:00 − Donnerstag 09-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Emotet Variant Stealing Users Credit Card Information from Google Chrome ∗∗∗ --------------------------------------------- The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. --------------------------------------------- https://thehackernews.com/2022/06/new-emotet-variant-stealing-users.html ∗∗∗ MakeMoney malvertising campaign adds fake update template ∗∗∗ --------------------------------------------- We catch up with some old acquaintances that just arent ready to hang up the towel just yet. The post MakeMoney malvertising campaign adds fake update template appeared first on Malwarebytes Labs. --------------------------------------------- https://blog.malwarebytes.com/threat-intelligence/2022/06/makemoney-malvert… ∗∗∗ ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat ∗∗∗ --------------------------------------------- A review of whats changed in malware in 2022, and what hasnt, based on Adam Kujawas talk at RSAC 2022. The post ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat appeared first on Malwarebytes Labs. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2022/06/asyncrat-surpasses-dr… ∗∗∗ Nebenjob als Betrugshelfer:in – Vorsicht vor europost-eu.biz ∗∗∗ --------------------------------------------- Ein vielversprechender Nebenjob als Paketempfänger:in lockt mit Home-Office und guten Arbeitsbedingungen. Für 25 € pro Stunde müssen Sie Pakete empfangen und weiterversenden. Was nicht erwähnt wird: Nehmen Sie den Job an, beteiligen Sie sich möglicherweise an Bestellbetrug und machen sich strafbar! --------------------------------------------- https://www.watchlist-internet.at/news/nebenjob-als-betrugshelferin-vorsich… ∗∗∗ LockBit 2.0: How This RaaS Operates and How to Protect Against It ∗∗∗ --------------------------------------------- LockBit 2.0 has so far been this years most active ransomware gang on double-extortion leak sites. Learn about their tactics. --------------------------------------------- https://unit42.paloaltonetworks.com/lockbit-2-ransomware/ ∗∗∗ How to audit Node.js modules ∗∗∗ --------------------------------------------- Node.js is one of the best and most widely used Javascript runtimes used for building APIs. But, this popularity status has led to many hackers distributing insecure modules that exploit the Node.js application or provide a weak point for exploitation. --------------------------------------------- https://mattermost.com/blog/how-to-audit-nodejs-modules/ ∗∗∗ Follina-Schwachstelle (CVE-2022-30190): Neue Erkenntnisse, neue Risiken (9.6.2022) ∗∗∗ --------------------------------------------- Die seit Ende Mai 2022 bekannt gewordene Schwachstelle CVE-2022-30190 (Follina) in Windows entwickelt sich langsam zum Problembär. Die von Microsoft und hier im Blog beschriebenen Gegenmaßnahmen erscheinen nicht ausreichend. --------------------------------------------- https://www.borncity.com/blog/2022/06/09/follina-schwachstelle-cve-2022-301… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücken in veralteten Zyxel-Firewalls: Neukauf als Fix ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Zyxel warnt vor Sicherheitslücken in älteren Firewalls, deren Support ausgelaufen ist. Abhilfe schaffe der Austausch mit neueren Geräten. --------------------------------------------- https://heise.de/-7135405 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mailman and python-bottle), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, subversion:1.14, and xz), Scientific Linux (python-twisted-web), Slackware (httpd), and Ubuntu (ca-certificates, ffmpeg, ghostscript, and varnish). --------------------------------------------- https://lwn.net/Articles/897372/ ∗∗∗ Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat ∗∗∗ --------------------------------------------- Symbiote is a new Linux malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on machines. --------------------------------------------- https://www.intezer.com/blog/research/new-linux-threat-symbiote/ ∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-v… ∗∗∗ Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-gov… ∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting due to Angular (220414) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-v… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2022) affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Rational Software Architect RealTime Edition (RSA RT) is vulnerable to Apache Log4j2 – CVE-2021-44832 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-software-arc… ∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-v… ∗∗∗ Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to exposure of sensitive information (CVE-2021-35603) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-gov… ∗∗∗ Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-… ∗∗∗ K13559191: Linux kernel vulnerability CVE-2022-25636 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13559191?utm_source=f5support&utm_mediu… ∗∗∗ Xen Security Advisory CVE-2022-26363, CVE-2022-26364 / XSA-402 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-402.html ∗∗∗ Xen Security Advisory CVE-2022-26362 / XSA-401 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-401.html ∗∗∗ Case opened: DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution ∗∗∗ --------------------------------------------- https://csirt.divd.nl/cases/DIVD-2021-00037/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.06.2022
by Daily end-of-shift report 08 Jun '22

08 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-06-2022 18:00 − Mittwoch 08-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Linux version of Black Basta ransomware targets VMware ESXi servers ∗∗∗ --------------------------------------------- Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-version-of-black-basta… ∗∗∗ Poisoned CCleaner search results spread information-stealing malware ∗∗∗ --------------------------------------------- Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program. --------------------------------------------- https://www.bleepingcomputer.com/news/security/poisoned-ccleaner-search-res… ∗∗∗ Cuba ransomware returns to extorting victims with updated encryptor ∗∗∗ --------------------------------------------- The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cuba-ransomware-returns-to-e… ∗∗∗ Targeted phishing past defender ∗∗∗ --------------------------------------------- Signature based detections has shortcomings that matter in real scenarios. Depending only on prevention through an EDR like Defender is not enough in a modern attack scenario. --------------------------------------------- https://www.derant.com/network%20monitoring/2022/06/07/Targetted-phishing-p… ∗∗∗ New Technique Used by Attackers in NPM to Avoid Detection ∗∗∗ --------------------------------------------- Checkmarx SCS team recently detected several malicious NPM packages using a new evasion technique, enhancing dependency confusion attacks to help malicious packages avoid detection. --------------------------------------------- https://checkmarx.com/blog/new-technique-used-by-attackers-in-npm-to-avoid-… ===================== = Vulnerabilities = ===================== ∗∗∗ Researchers Warn of Unpatched "DogWalk" Microsoft Windows Vulnerability ∗∗∗ --------------------------------------------- An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild. --------------------------------------------- https://thehackernews.com/2022/06/researchers-warn-of-unpatched-dogwalk.html ∗∗∗ Zero-Day-Lücke: Cybergangs missbrauchen MSDT-Leck für Qakbot-Infektionen ∗∗∗ --------------------------------------------- Die Cybergang hinter der Malware Quakbot missbraucht in Phishing-Kampagnen die MSDT-Zero-Day-Lücke. Infizierte Rechner verkauft sie meist an Ransomware-Banden. --------------------------------------------- https://heise.de/-7134949 ∗∗∗ Fehler in Linux-Kernel ermöglicht Rechteausweitung ∗∗∗ --------------------------------------------- Ein Fehler im Firewall-Code des Linux-Kernels ermöglicht es Nutzern, Befehle als Root auszuführen. Administratoren können einen Workaround anwenden. --------------------------------------------- https://heise.de/-7134791 ∗∗∗ Kritische Schadcode-Lücke bedroht Universal Boot Loader U-Boot ∗∗∗ --------------------------------------------- Die Entwickler von U-Boot haben zwei gefährliche Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-7134785 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (avahi), Fedora (firefox), Oracle (grub2, python-twisted-web, shim, shim-signed, and thunderbird), Red Hat (kernel and python-twisted-web), SUSE (gcc48, go1.17, go1.18, and mariadb), and Ubuntu (e2fsprogs, linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-intel-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, [...] --------------------------------------------- https://lwn.net/Articles/897297/ ∗∗∗ Technical Details Released for Recently Patched Zyxel Firewall Vulnerabilities ∗∗∗ --------------------------------------------- Security researchers with HN Security have published technical details on two vulnerabilities affecting many Zyxel products. --------------------------------------------- https://www.securityweek.com/technical-details-released-recently-patched-zy… ∗∗∗ Owl Labs Patches Severe Vulnerability in Video Conferencing Devices ∗∗∗ --------------------------------------------- Video conferencing company Owl Labs has released patches for a severe vulnerability affecting its Meeting Owl Pro and Whiteboard Owl devices. --------------------------------------------- https://www.securityweek.com/owl-labs-patches-severe-vulnerability-video-co… ∗∗∗ Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer ∗∗∗ --------------------------------------------- Symantec has observed threat actors exploiting remote code execution flaw to drop AsyncRAT and information stealer. --------------------------------------------- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/fo… ∗∗∗ Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache… ∗∗∗ Security Bulletin: IBM Cognos Command Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-command-center… ∗∗∗ Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application… ∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44228) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-l… ∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-l… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: Vulnerabilities have been identified in Spring Framework, OpenSSL and Apache HTTP Server shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-command-center… ∗∗∗ FESTO: CECC-X-M1 - command injection vulnerabilities ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-020/ ∗∗∗ Apache HTTP Server: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0692 ∗∗∗ Mehrere Schwachstellen in "sicheren" mobilen Festplatten und Crypto-USB-Sticks von Verbatim (SYSS-2022-001/-017) ∗∗∗ --------------------------------------------- https://www.syss.de/pentest-blog/mehrere-schwachstellen-in-sicheren-mobilen… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.06.2022
by Daily end-of-shift report 07 Jun '22

07 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-06-2022 18:00 − Dienstag 07-06-2022 18:15 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ WatchDog hacking group launches new Docker cryptojacking campaign ∗∗∗ --------------------------------------------- The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/watchdog-hacking-group-launc… ∗∗∗ QBot now pushes Black Basta ransomware in bot-powered attacks ∗∗∗ --------------------------------------------- The Black Basta ransomware gang has partnered with the QBot malware operation to gain spread laterally through hacked corporate environments. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qbot-now-pushes-black-basta-… ∗∗∗ Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware ∗∗∗ --------------------------------------------- A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. --------------------------------------------- https://thehackernews.com/2022/06/researchers-warn-of-spam-campaign.html ∗∗∗ Neues Phishing-E-Mail der Erste Bank und Sparkasse ∗∗∗ --------------------------------------------- Aktuell kursiert ein neues Phishing-E-Mail im Namen der Erste Bank und Sparkasse. Im Schreiben werden Sie über eine angebliche Abbuchung von 1 259 Euro informiert. --------------------------------------------- https://www.watchlist-internet.at/news/neues-phishing-e-mail-der-erste-bank… ===================== = Vulnerabilities = ===================== ∗∗∗ Fortiguard June 2022 Vulnerability Advisories ∗∗∗ --------------------------------------------- FortiAP-U, FortiDDoS, FortiOS, FortiAnalyzer, FortiManager, FortiSandbox, FortiTokenMobile, FortiAuthenticator, Apache Airflow and FortiClient. --------------------------------------------- https://www.fortiguard.com/psirt-monthly-advisory/june-2022-vulnerability-a… ∗∗∗ Jetzt patchen! Lage um Attacken auf Atlassian Confluence spitzt sich zu ∗∗∗ --------------------------------------------- Aufgrund von öffentlich verfügbarem Exploit-Code steigen die Attacken auf Confluence-Instanzen. Patches sind jetzt verfügbar. --------------------------------------------- https://heise.de/-7132633 ∗∗∗ Patchday: Google schließt Kernel- und Software-Lücken in Android ∗∗∗ --------------------------------------------- Besitzer von Android-Hardware sollte ihre Geräte aus Sicherheitsgründen auf den aktuellen Stand bringen. --------------------------------------------- https://heise.de/-7133294 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (clamav, firefox-esr, pidgin, and thunderbird), Fedora (dotnet3.1, firefox, kernel, vim, and webkit2gtk3), Mageia (firefox/nss/nspr, gimp, logrotate, mariadb, thunderbird, trojita, webkit2, and webmin), Oracle (thunderbird), Red Hat (compat-openssl11, postgresql:10, postgresql:12, and thunderbird), Slackware (pidgin), and SUSE (openvpn). --------------------------------------------- https://lwn.net/Articles/897163/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (glib2.0, librecad, and php-horde-mime-viewer), Fedora (vim), and Ubuntu (freerdp2, ruby2.3, ruby2.5, ruby2.7, ruby3.0, and vim). --------------------------------------------- https://lwn.net/Articles/897226/ ∗∗∗ Critical U-Boot Vulnerability Allows Rooting of Embedded Systems ∗∗∗ --------------------------------------------- A critical vulnerability in the U-Boot boot loader could be exploited to write arbitrary data, which can allow an attacker to root Linux-based embedded systems, according to NCC Group. --------------------------------------------- https://www.securityweek.com/critical-u-boot-vulnerability-allows-rooting-e… ∗∗∗ Security Advisory -Input Verification Vulnerabilities Involved in Huawei Printer Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220608-… ∗∗∗ Security Bulletin: IBM Cognos Controller is affected but not vulnerable to arbitrary code execution and SQL injection due to Apache Log4j v1 vulnerabilities (CVE-2022-23305, CVE-2022-23302, CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-is-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Public disclosed vulnerability from OpenSSL affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerab… ∗∗∗ Security Bulletin: IBM DataPower Gateway affected by prototype pollution in DOJO (CVE-2021-23450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-aff… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL Injection (CVE-2022-31768) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-36090, CVE-2021-35517) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-as-used-by… ∗∗∗ Security Bulletin: CP4D Match 360 is vulnerable to remote attacker executing arbitrary code within IBM WebSphere Application Server Liberty (CVE-2021-23450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cp4d-match-360-is-vulnera… ∗∗∗ Security Bulletin: Vulnerabilities have been identified in Apache Log4j and the application code shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been… ∗∗∗ Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotecto… ∗∗∗ Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-data-sy… ∗∗∗ Security Bulletin: Multiple vulnerabilities in multiple dependencies affect IBM MessageGateway/ MessageSight ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway uses Eclipse Jetty with multiple known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maas360-mobile-enterp… ∗∗∗ Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maas360-cloud-extende… ∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in NumPy. (CVE-2021-33430). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-service… ∗∗∗ K29421535: Intel processor vulnerability CVE-2021-33117 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K29421535 ∗∗∗ K95204515: Intel CPU vulnerability CVE-2022-21151 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95204515 ∗∗∗ Grafana: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K22-0690 ∗∗∗ Case update: DIVD-2022-00032 - Exchange backdoor ∗∗∗ --------------------------------------------- https://csirt.divd.nl/cases/DIVD-2022-00032/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.06.2022
by Daily end-of-shift report 03 Jun '22

03 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-06-2022 18:00 − Freitag 03-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Chinese LuoYu hackers deploy cyber-espionage malware via app updates ∗∗∗ --------------------------------------------- A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy… ∗∗∗ Evil Corp switches to LockBit ransomware to evade sanctions ∗∗∗ --------------------------------------------- The Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets networks to evade sanctions imposed by the U.S. Treasury Departments Office of Foreign Assets Control (OFAC). --------------------------------------------- https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbi… ∗∗∗ Analysis of the Massive NDSW/NDSX Malware Campaign ∗∗∗ --------------------------------------------- Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive infections don’t go unnoticed by Sucuri and we immediately recognized that the infection in their writeup belonged to the campaign we internally refer to as “ndsw/ndsx” malware. --------------------------------------------- https://blog.sucuri.net/2022/06/analysis-massive-ndsw-ndsx-malware-campaign… ∗∗∗ Reich mit Öl? Vorsicht vor der betrügerischen Investment-Plattform „Öl-Profit“! ∗∗∗ --------------------------------------------- Noch nie war der Online-Ölhandel so einfach wie heute. Jede Person könne hier reich werden – ohne etwas über Öl oder Wirtschaft zu wissen. So heißt es in einem angeblichen Artikel der deutschen Tageszeitung BILD. --------------------------------------------- https://www.watchlist-internet.at/news/reich-mit-oel-vorsicht-vor-der-betru… ∗∗∗ Popping Eagle: How We Leveraged Global Analytics to Discover a Sophisticated Threat Actor ∗∗∗ --------------------------------------------- We observed a specially crafted DLL hijacking attack used by a previously unknown piece of malware that we dubbed Popping Eagle. --------------------------------------------- https://unit42.paloaltonetworks.com/popping-eagle-malware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Angriffe auf Code-Execution-Lücke bedrohen Confluence-Installationen ∗∗∗ --------------------------------------------- Seit Anfang der Woche installieren Angreifer Backdoors über eine neue Lücke in Confluence. Admins sollten noch vor dem langen Wochenende Maßnahmen ergreifen. --------------------------------------------- https://heise.de/-7131081 ∗∗∗ GitLab Issues Security Patch for Critical Account Takeover Vulnerability ∗∗∗ --------------------------------------------- GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. --------------------------------------------- https://thehackernews.com/2022/06/gitlab-issues-security-patch-for.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cifs-utils, debian-security-support, and pypdf2), Fedora (fapolicyd, mariadb, openssl, and qt5-qtbase), Oracle (firefox, maven:3.5, maven:3.6, postgresql:10, postgresql:12, and postgresql:13), Red Hat (.NET 6.0, firefox, gzip, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, pcs, rsync, subversion, thunderbird, and zlib), Scientific Linux (thunderbird), Slackware (mozilla), SUSE (firefox, hdf5, suse-hpc, kernel-firmware, libarchive, patch, php8, and redis), and Ubuntu (cifs-utils and vim). --------------------------------------------- https://lwn.net/Articles/897016/ ∗∗∗ Security Bulletin: IBM Edge Application Manager is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-edge-application-mana… ∗∗∗ Security Bulletin: IBM DataPower Gateway Virtual Edition uses out of date ICU libraries in open-vm-tools ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vir… ∗∗∗ Security Bulletin: IBM Telco Network Cloud Manager – Performance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832,CVE-2022-23302 and CVE-2022-23305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-telco-network-cloud-m… ∗∗∗ Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to improper input validation in Spring Framework (CVE-2022-22950) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-service… ∗∗∗ Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Kerberos ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-aff… ∗∗∗ Security Bulletin: IBM Flex System switch firmware products are affected by a vulnerability in glibc (CVE-2021-35942) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-fi… ∗∗∗ Security Bulletin: IBM RackSwitch firmware products are affected by a vulnerability in glibc (CVE-2021-35942) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-p… ∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthenticated attacker obtaining sensitive information and other attacks due to multiple vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java… ∗∗∗ Security Bulletin: IBM Spectrum Protect Plus may disclose sensitive information in virgo log file (CVE-2022-22396) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-plus… ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0682 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.06.2022
by Daily end-of-shift report 02 Jun '22

02 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 01-06-2022 18:00 − Donnerstag 02-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Conti ransomware targeted Intel firmware for stealthy attacks ∗∗∗ --------------------------------------------- Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-in… ∗∗∗ Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks ∗∗∗ --------------------------------------------- As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns. --------------------------------------------- https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.ht… ∗∗∗ Europol: FluBot-Infrastruktur unter Kontrolle von Strafverfolgern ∗∗∗ --------------------------------------------- Internationale Strafverfolger konnten die SMS-basierte Android-Spyware FluBot einbremsen. Dies gelang durch die Übernahme der FluBot-Infrastruktur. --------------------------------------------- https://heise.de/-7130270 ∗∗∗ Warnung vor Spoofing mit BSI-Rufnummer ∗∗∗ --------------------------------------------- Das BSI erhält derzeit Meldungen, dass vermehrte Anrufe mit der Rufnummer des BSI und einer zweistelligen Durchwahl erfolgen. Es handelt sich nicht um Anrufe des BSI. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldunge… ∗∗∗ Vorsicht Telefon-Betrug: Tonbandstimme lockt in die Falle! ∗∗∗ --------------------------------------------- Zahlreiche Meldungen berichten von Anrufen einer Tonbandstimme, die dazu auffordert auf die Taste 1 zu drücken. Folgen Sie den Anweisungen nicht! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-telefon-betrug-tonbandstimm… ===================== = Vulnerabilities = ===================== ∗∗∗ SearchNightmare: Windows 10 search-ms: URI Handler 0-day Exploit mit Office 2019 ∗∗∗ --------------------------------------------- Nach der Entdeckung des Missbrauchs der Follina-Schwachstelle (CVE-2022-30190) über das Windows ms-msdt-Protokolls wird diese Bastion "sturmreif" geschossen. Ein Hacker hat sich den search-ms: URI Handler in Windows 10 angesehen und einen ähnlichen Exploit wie Follina entwickelt. --------------------------------------------- https://www.borncity.com/blog/2022/06/02/searchnightmare-windows-10-search-… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (thunderbird and vim), Red Hat (firefox, postgresql:10, postgresql:12, and postgresql:13), Scientific Linux (firefox and rsyslog), SUSE (hdf5, hdf5, suse-hpc, postgresql14, rubygem-yajl-ruby, and udisks2), and Ubuntu (imagemagick and influxdb). --------------------------------------------- https://lwn.net/Articles/896896/ ∗∗∗ Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks ∗∗∗ --------------------------------------------- Millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability discovered recently by researchers at cybersecurity firm Check Point. --------------------------------------------- https://www.securityweek.com/millions-budget-smartphones-unisoc-chips-vulne… ∗∗∗ Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2022-0391) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-usin… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in Node.js affects IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability CVE-2021-35550 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-manage… ∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-v… ∗∗∗ Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-common-licensing-is-v… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Java SE that could allow an unauthenticated attacker to obtain sensitive information affect IBM® Db2®. (CVE-2021-35603, CVE-2021-35550, CVE-2021-2341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Vulnerability in Nginx affects IBM Cloud Private and could allow a remote attacker to obtain sensitive information (177988) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nginx-af… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: Watson Machine Learning Accelerator is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-watson-machine-learning-a… ∗∗∗ Security Bulletin: CVE-2022-21299 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2022-21299-may-affect… ∗∗∗ Security Bulletin: HMC is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-hmc-is-affected-but-not-c… ∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting due to Angular (220414) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-v… ∗∗∗ Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-manage… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-v… ∗∗∗ Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities – IBM JDK 8.0.7.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-usin… ∗∗∗ Security Bulletin: IBM Robotic Process Automation is vulnerable to cross tenant information exposure (CVE-2022-22506) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-autom… ∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: CVE-2021-35561 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35561-may-affect… ∗∗∗ Long Term Support Channel Update for ChromeOS ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2022/05/long-term-support-channel-upda… ∗∗∗ Security Vulnerabilities fixed in Firefox for iOS 101 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-23/ ∗∗∗ Autodesk AutoCAD: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0677 ∗∗∗ Illumina Local Run Manager ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-153-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.06.2022
by Daily end-of-shift report 01 Jun '22

01 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 31-05-2022 18:00 − Mittwoch 01-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Zero-Day-Lücke: Erste Cybergangs greifen MSDT-Sicherheitslücke an ∗∗∗ --------------------------------------------- Die Zero-Day-Lücke von Microsoft wird inzwischen von Cybergangs für Angriffe missbraucht. Der Hersteller ordnete das Problem erst falsch als irrelevant ein. --------------------------------------------- https://heise.de/-7128265 ∗∗∗ FluBot Android malware operation shutdown by law enforcement ∗∗∗ --------------------------------------------- Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence. --------------------------------------------- https://www.bleepingcomputer.com/news/security/flubot-android-malware-opera… ∗∗∗ New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers ∗∗∗ --------------------------------------------- An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. --------------------------------------------- https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html ∗∗∗ New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email ∗∗∗ --------------------------------------------- A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. --------------------------------------------- https://thehackernews.com/2022/06/new-unpatched-horde-webmail-bug-lets.html ∗∗∗ Watch out for phishing emails that inject spyware trio ∗∗∗ --------------------------------------------- You wait for one infection and then three come along at once. An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2022/06/01/phishing-rat… ∗∗∗ Certificate Transparency data is used to compromise WordPress before installation ∗∗∗ --------------------------------------------- Recently in the community forums of WordPress and Lets Encrypt, reports have shown up about webshells on freshly installed WordPress blogs that were later used for DDoS attacks. --------------------------------------------- https://www.feistyduck.com/bulletproof-tls-newsletter/issue_89_certificate_… ∗∗∗ AA22-152A: Karakurt Data Extortion Group ∗∗∗ --------------------------------------------- The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group, also known as the Karakurt Team and Karakurt Lair. --------------------------------------------- https://us-cert.cisa.gov/ncas/alerts/aa22-152a ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libjpeg-turbo, webkit2gtk, and wpewebkit), Fedora (golang-github-opencontainers-runc, mingw-pcre2, python-jwt, python-ujson, and weechat), Oracle (nodejs:16 and rsyslog), Red Hat (container-tools:3.0, expat, fapolicyd, kernel, kernel-rt, kpatch-patch, mariadb:10.3, postgresql:12, rsyslog and rsyslog7, and zlib), Slackware (mozilla), SUSE (bind, dpdk, fribidi, hdf5, librelp, php74, postgresql12, and postgresql13), and Ubuntu (cups, linux-gcp-5.13, linux-oracle, linux-oracle-5.13, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/896803/ ∗∗∗ T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN28659051/ ∗∗∗ Security Advisory - Insufficient Input Verification Vulnerability In Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220601-… ∗∗∗ Security Bulletin: IBM® PureData System for Operational Analytics is vulnerable to arbitrary code execution, remote code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-puredata-system-for-o… ∗∗∗ Security Bulletin: IBM CICS TX Standard is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-standard-is-v… ∗∗∗ Security Bulletin: Vulnerability in bind (CVE-2021-25214) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-cve… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM CICS TX Advanced is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-advanced-is-v… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to code injection due to CVE-2022-29078 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-data-synchroni… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow an attacker to decrypt highly sensitive information(CVE-2022-22368) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: Vulnerability in Apache HTTP (CVE-2022-22720) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-h… ∗∗∗ K43541501: Intel CPU vulnerabilities CVE-2022-21131 and CVE-2022-21136 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43541501 ∗∗∗ Security Vulnerabilities fixed in Thunderbird 91.10 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/ ∗∗∗ BD Pyxis ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-22-151-01 ∗∗∗ BD Synapsys ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-22-151-02 ∗∗∗ Fuji Electric Alpha7 PC Loader ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-151-01 ∗∗∗ SSRF-Schwachstelle in Canto Cumulus (SYSS-2022-023) ∗∗∗ --------------------------------------------- https://www.syss.de/pentest-blog/ssrf-schwachstelle-in-canto-cumulus-syss-2… ∗∗∗ Microsoft Edge 102.0.1245.30 schließt Schwachstellen ∗∗∗ --------------------------------------------- https://www.borncity.com/blog/2022/06/01/microsoft-edge-102-0-1245-30-schli… ∗∗∗ Security Advisory: Multiple Vulnerabilities Impact 3CX Phone System ∗∗∗ --------------------------------------------- https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.05.2022
by Daily end-of-shift report 31 May '22

31 May '22

===================== = End-of-Day report = ===================== Timeframe: Montag 30-05-2022 18:00 − Dienstag 31-05-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Meeting Owl Pro: Konferenzeule hat viele Sicherheitslücken ∗∗∗ --------------------------------------------- Das Konferenzsystem Meeting Owl Pro sieht putzig aus, hat aber viele Sicherheitslücken, die auch nach vier Monaten nicht geschlossen wurden. --------------------------------------------- https://www.golem.de/news/meeting-owl-pro-konferenzeule-hat-viele-sicherhei… ∗∗∗ GSM-Codes: Whatsapp-Konten per Anruf übernehmen ∗∗∗ --------------------------------------------- Mit einer neuen Masche können Betrüger Whatsapp-Konten übernehmen. Nutzer sollen zum Anrufen dubioser Telefonnummern verleitet werden. --------------------------------------------- https://www.golem.de/news/gsm-codes-whatsapp-konten-per-anruf-uebernehmen-2… ∗∗∗ Over 3.6 million exposed MySQL servers on IPv4 and IPv6 ∗∗∗ --------------------------------------------- We have recently began scanning for accessible MySQL server instances on port 3306/TCP. These are instances that respond to our MySQL connection request with a Server Greeting. Surprisingly to us, we found around 2.3M IPv4 addresses responding with such a greeting to our queries. Even more surprisingly, we found over 1.3M IPv6 devices responding as well (though mostly associated with a single AS). IPv4 and IPv6 scans together uncover 3.6M accessible MySQL servers worldwide. --------------------------------------------- https://www.shadowserver.org/news/over-3-6m-exposed-mysql-servers-on-ipv4-a… ∗∗∗ Buchen Sie Ihre Unterkunft nicht auf ferienhaeuser-porec.de ∗∗∗ --------------------------------------------- ferienhaeuser-porec.de ist eine betrügerische Buchungswebseite für „Exklusive Villen und Ferienhäuser“ in Porec, Kroatien. Auf den ersten Blick wirkt die Webseite professionell. Das Impressum sowie das Foto der deutschen Inhaber stiften Vertrauen. Aber: Wer dort bucht und bezahlt verliert sein Geld und hat keine Unterkunft. --------------------------------------------- https://www.watchlist-internet.at/news/buchen-sie-ihre-unterkunft-nicht-auf… ∗∗∗ Nächste Runde: FluBot-Banking-Malware (Mai 2022) ∗∗∗ --------------------------------------------- Kleines Update in Sachen Flubot. Die Cyberkriminellen hinter FluBot greifen Smartphone-Nutzer in Europa mit einer Neuauflage ihrer Smishing-Kampagne an, um die Malware zum Stehlen persönlicher Banking-Daten auf mobilen Telefonen in Europa zu verbreiten. --------------------------------------------- https://www.borncity.com/blog/2022/05/31/nchste-rund-flubot-banking-malware… ∗∗∗ CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations ∗∗∗ --------------------------------------------- In this blogpost we discuss a zero-day topic for finding privilege escalation vulnerabilities discovered by Ahmad Mahfouz. It abuses applications like Software Center, which are typically used in large-scale environments for automated software deployment performed on demand by regular (i.e. unprivileged) users. --------------------------------------------- https://blog.nviso.eu/2022/05/31/cve-farming-through-software-center-a-grou… ===================== = Vulnerabilities = ===================== ∗∗∗ Zero-Day-Lücke in MS Office: Microsoft gibt Empfehlungen ∗∗∗ --------------------------------------------- Microsoft gibt Handlungsempfehlungen gegen die Zero-Day-Schwachstelle in Office. Angreifer könnten diese zum Einschleusen von Schadcode missbrauchen. --------------------------------------------- https://heise.de/-7126993 ∗∗∗ Content Management System: Sicherheitslücke in Drupal erlaubt Website-Übernahme ∗∗∗ --------------------------------------------- Die Sicherheitslücke findet sich nicht im eigentlichen Drupal-Code, sondern in der Drittherstellerbibliothek Guzzle. Darüber wickelt Drupal HTTP-Anfragen und -Antworten an externe Dienste ab. Das Guzzle-Projekt hat ein Update veröffentlicht, dass zwar nicht den Drupal-Core betreffe, jedoch Auswirkungen auf beigesteuerte Projekte oder individuell angepassten Code von Drupal-Seiten haben könnte. --------------------------------------------- https://heise.de/-7127268 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (haproxy, libdbi-perl, pjproject, spip, and trafficserver), Oracle (firefox, kernel, kernel-container, libvirt libvirt-python, and thunderbird), Red Hat (maven:3.5, maven:3.6, nodejs:16, postgresql, postgresql:10, and rsyslog), SUSE (gimp, helm-mirror, ImageMagick, mailman, openstack-neutron, pcmanfm, pcre2, postgresql10, and tiff), and Ubuntu (dpkg and freetype). --------------------------------------------- https://lwn.net/Articles/896721/ ∗∗∗ Siemens Healthineers SHSA-455016: Deserialization Vulnerability in Healthcare Products ∗∗∗ --------------------------------------------- https://www.siemens-healthineers.com/support-documentation/cybersecurity/sh… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in Apache HTTP (CVE-2021-34798 and CVE-2021-39275) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… ∗∗∗ Security Bulletin:IBM Common Licensing is affected but not classified as vulnerable by a remote code execution in Spring Framework (220575,CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletinibm-common-licensing-is-af… ∗∗∗ Security Bulletin: Vulnerability in IBM SDK, Java Technology (CVE-2022-21341, CVE-2022-21294, CVE-2022-21293 and CVE-2022-21248) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-sdk-… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL (CVE-2021-3712) affects Power HMC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Vulnerabilities fixed in Firefox ESR 91.10 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/ ∗∗∗ Security Vulnerabilities fixed in Firefox 101 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.05.2022
by Daily end-of-shift report 30 May '22

30 May '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-05-2022 18:00 − Montag 30-05-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Clop ransomware gang is back, hits 21 victims in a single month ∗∗∗ --------------------------------------------- After effectively shutting down their entire operation for several months, between November and February, the Clop ransomware is now back according to NCC Group researchers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-is-back… ∗∗∗ New Windows Subsystem for Linux malware steals browser auth cookies ∗∗∗ --------------------------------------------- Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-windows-subsystem-for-li… ∗∗∗ New GoodWill Ransomware Forces Victims to Donate Money and Clothes to the Poor ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need. --------------------------------------------- https://thehackernews.com/2022/05/new-goodwill-ransomware-forces-victims.ht… ∗∗∗ Understanding CVE-2022-22972 (VMWare Workspace One Access Auth Bypass) ∗∗∗ --------------------------------------------- We’ve got a copy of the vulnerable version of VMWare Workspace One Access, and we’ve gone through the extremely boring process of setting it up (oh the joys of vulnerability research). At this stage, we want to try and narrow down exactly where this vulnerability exists in code. --------------------------------------------- https://blog.assetnote.io/2022/05/27/understanding-cve-2022-22972-vmware-wo… ∗∗∗ Bösartige Browser-Erweiterung: ChromeLoader kommt als ISO getarnt ∗∗∗ --------------------------------------------- Eine bösartige Erweiterung kann allen Browserverkehr über unerwünschte Server leiten und so Daten abschöpfen. ChromeLoader geht dabei trickreich vor. --------------------------------------------- https://heise.de/-7126317 ∗∗∗ Probleme mit Ihrer Lebensversicherung? Vorsicht vor Beratungsleistungen von konsumentenschuetzer.com ∗∗∗ --------------------------------------------- Im Internet finden Sie die Beratungsagentur „Konsumentenschützer“, die Ihren Vertrag prüft und bei Bedarf eine Klage bei Ihrer Versicherung einbringt. Wir raten zur Vorsicht. --------------------------------------------- https://www.watchlist-internet.at/news/probleme-mit-ihrer-lebensversicherun… ∗∗∗ Microsoft findet Schwachstellen in Apps großer Mobilfunkprovider (Mai 2022) ∗∗∗ --------------------------------------------- Das Microsoft 365 Defender Research Team hat in einem mobilen Framework von mce Systems einige Schwachstellen gefunden. --------------------------------------------- https://www.borncity.com/blog/2022/05/30/microsoft-findet-schwachstellen-in… ∗∗∗ Detecting BCD Changes To Inhibit System Recovery ∗∗∗ --------------------------------------------- Earlier this year, we observed a rise in malware that inhibits system recovery. This tactic is mostly used by ransomware and wiper malware. One notable example of such malware is “Hermetic wiper”. To inhibit recovery an attacker has many possibilities, one of which is changing the Boot Configuration Database (BCD). --------------------------------------------- https://blog.nviso.eu/2022/05/30/detecting-bcd-changes-to-inhibit-system-re… ∗∗∗ Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices ∗∗∗ --------------------------------------------- Alien Labs has discovered that EnemyBot is expanding its capabilities, exploiting recently identified vulnerabilities (2022), and now targeting IoT devices, web servers, Android devices and content management system (CMS) servers. --------------------------------------------- https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malw… ∗∗∗ GitHub RepoJacking Weakness Exploited in the Wild by Attackers ∗∗∗ --------------------------------------------- A logical flaw in GitHub allows attackers to take control over thousands of repositories, enabling the poisoning of popular open-source packages. This flaw is yet to be fixed and the steps to exploit it were recently published. --------------------------------------------- https://checkmarx.com/blog/github-repojacking-weakness-exploited-in-the-wil… ===================== = Vulnerabilities = ===================== ∗∗∗ New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme, (Mon, May 30th) ∗∗∗ --------------------------------------------- It was a long weekend for many European countries and it’s an off-day in the US but we were aware of a new attack vector for Microsoft Office documents. --------------------------------------------- https://isc.sans.edu/diary/rss/28694 ∗∗∗ Zero-Day-Lücke in Microsoft Office ermöglicht Codeschmuggel ∗∗∗ --------------------------------------------- Sicherheitsforscher haben ein Word-Dokument entdeckt, das beim Öffnen Schadcode nachladen und ausführen kann. Aktuelle Software scheint davor zu schützen. --------------------------------------------- https://heise.de/-7125635 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (modsecurity-apache, pngcheck, rsyslog, and smarty3), Fedora (firefox, golang-github-opencontainers-runc, gron, kernel, kernel-headers, kernel-tools, logrotate, mingw-pcre2, and rubygem-git), Mageia (admesh, chromium-browser-stable, golang, kernel, kernel-linus, and pidgin), Red Hat (firefox, openvswitch2.13, openvswitch2.15, openvswitch2.16, rsyslog, and thunderbird), SUSE (bind, curl, opera, pcp, postgresql12, and postgresql14), [...] --------------------------------------------- https://lwn.net/Articles/896640/ ∗∗∗ Security Bulletin: PowerVC installation on RHEL is vulnerable to MariaDB with CVE-2021-46669, CVE-2022-24048, MariaDB – 219814, MariaDB – 219815, CVE-2022-24050, CVE-2022-24052 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-powervc-installation-on-r… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a number of security vulnerabilities in Netty, which is used by Guardium (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A vulnerability exists in golang x/crypto (CVE-2020-9283) which is consumed by IBM CICS TX Standard ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in… ∗∗∗ Security Bulletin: A vulnerability exists in golang x/crypto (CVE-2020-9283) which is consumed by IBM CICS TX Advanced ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by FasterXML jackson-databind vulnerabilities (CVE-2020-25649, X-Force ID 217968) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote attack due to Moment.js CVE-2022-24785 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-automation-assets-in-ibm-… ∗∗∗ Security Bulletin: Cross-Site Request Forgery vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2022-22361 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-request-forger… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by path traversal and crypto vulnerabilities (CVE-2021-29425, CVE-2021-39076) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ MariaDB: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0665 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.05.2022
by Daily end-of-shift report 27 May '22

27 May '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-05-2022 18:00 − Freitag 27-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ New ChromeLoader malware surge threatens browsers worldwide ∗∗∗ --------------------------------------------- The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable operation volume since the start of the year, which means that the malvertiser is now becoming a widespread threat. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-chromeloader-malware-sur… ∗∗∗ New ‘Cheers’ Linux ransomware targets VMware ESXi servers ∗∗∗ --------------------------------------------- A new ransomware named Cheers has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-… ∗∗∗ New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps ∗∗∗ --------------------------------------------- The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-ermac-20-android-malware… ∗∗∗ Microsoft shares mitigation for Windows KrbRelayUp LPE attacks ∗∗∗ --------------------------------------------- Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigation-… ∗∗∗ Windows 11 KB5014019 breaks Trend Micro ransomware protection ∗∗∗ --------------------------------------------- This weeks Windows optional cumulative update previews have introduced a compatibility issue with some of Trend Micros security products that breaks some of their capabilities, including the ransomware protection feature. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-… ∗∗∗ Warten auf abgesicherte Version: Anonymes Surfen unter Tails gefährdet ∗∗∗ --------------------------------------------- Wer mit dem Tor Browser des Tails-Systems surft, könnte Passwörter an Angreifer preisgeben. --------------------------------------------- https://heise.de/-7123771 ∗∗∗ Sie sollen Zollgebühren mit einer Paysafecard bezahlen? Achtung, Betrug! ∗∗∗ --------------------------------------------- Kriminelle versenden betrügerische E-Mails im Namen des Zolls und behaupten, dass Sie Zollgebühren bezahlen müssen, und zwar in Form einer Paysafecard. Nur so könne Ihr Paket zugestellt werden. Ignorieren Sie solche E-Mails, Kriminelle versuchen nur an Ihr Geld zu kommen. --------------------------------------------- https://www.watchlist-internet.at/news/sie-sollen-zollgebuehren-mit-einer-p… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins 2022-05-26 - 2022-05-27 ∗∗∗ --------------------------------------------- IBM MQ Internet Pass-Thru, IBM MQ Operator, IBM MQ Appliance, IBM MQ trace, IBM Semeru Runtime, IBM Sterling Control Center, IBM App Connect Enterprise, IBM Watson Discovery, IBM Spectrum Control, IBM Netezza Host Management, IBM Tivoli Netcool/OMNIbus Probe Integrations, IBM DataPower. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Sicherheitsupdates: Angreifer könnten Netzwerk-Hardware von Citrix lahmlegen ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitspatches für Citritx ADC und Citrix Gateway. Angreifer könnten die Netzwerk-Hardware lahmlegen. --------------------------------------------- https://heise.de/-7123795 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, dpkg, filezilla, irssi, puma, and python-django), Fedora (firefox, ignition, and pcre2), Mageia (cockpit, firefox/thunderbird, openldap, supertux, unrar, and vim), Oracle (firefox and thunderbird), Red Hat (rh-varnish6-varnish), SUSE (cups, fribidi, kernel-firmware, redis, and wpa_supplicant), and Ubuntu (dpkg, logrotate, and subversion). --------------------------------------------- https://lwn.net/Articles/896346/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (atftp, cups, neutron, and zipios++), Fedora (clash, moodle, python-jwt, and thunderbird), Red Hat (thunderbird), Slackware (cups), SUSE (go1.17, libredwg, opera, seamonkey, and varnish), and Ubuntu (libxv, ncurses, openssl, and subversion). --------------------------------------------- https://lwn.net/Articles/896465/ ∗∗∗ ABB Cyber Security Advisory: e-Design - Multiple vulnerabilities ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2%20CMT%200%200%206… ∗∗∗ K32760744: libxml2 vulnerability CVE-2022-23308 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32760744 ∗∗∗ K54724312: Linux kernel vulnerability CVE-2022-0492 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54724312 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0661 ∗∗∗ Drupal CORE: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0662 ∗∗∗ Keysight N6854A Geolocation server and N6841A RF Sensor software ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-146-01 ∗∗∗ Horner Automation Cscape Csfont ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-146-02 ∗∗∗ Cross-Site Request Forgery Vulnerability in Proxy Server ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-22-18 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.05.2022
by Daily end-of-shift report 25 May '22

25 May '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-05-2022 18:00 − Mittwoch 25-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Vorsicht vor unseriösen Spendenaufrufen für krebskranke Kinder ∗∗∗ --------------------------------------------- Immer wieder stoßen Watchlist Internet Leser:innen auf betrügerische Spendenaufrufe für krebskranke Kinder. Insbesondere in Werbeeinschaltungen auf YouTube werden häufig derartige Kampagnen angezeigt. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-unserioesen-spendenaufr… ∗∗∗ Bablosoft; Lowering the Barrier of Entry for Malicious Actors ∗∗∗ --------------------------------------------- Summary Evidence suggests an increasing number of threat actor groups are making use of a free-to-use browser automation framework. The framework contains numerous features which we assess may be utilized in the enablement of malicious activities. --------------------------------------------- https://team-cymru.com/blog/2022/05/25/bablosoft-lowering-the-barrier-of-en… ∗∗∗ How the Saitama backdoor uses DNS tunnelling ∗∗∗ --------------------------------------------- A walkthrough of one of the stealthy communication techniques employed in a recent attack using APT34s Saitama backdoor. --------------------------------------------- https://blog.malwarebytes.com/threat-intelligence/2022/05/how-the-saitama-b… ∗∗∗ Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service ∗∗∗ --------------------------------------------- Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service. --------------------------------------------- http://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-pl… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (lrzip and puma), Fedora (plantuml and plib), Oracle (kernel and kernel-container), Red Hat (firefox, kernel, kpatch-patch, subversion:1.14, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (kernel-firmware, libxml2, pcre2, and postgresql13), and Ubuntu (accountsservice, postgresql-10, postgresql-12, postgresql-13, postgresql-14, and rsyslog). --------------------------------------------- https://lwn.net/Articles/896216/ ∗∗∗ CISA Adds 34 Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- CISA has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/05/25/cisa-adds-34-know… ∗∗∗ Chrome 102.0.5005.61/62/63 fixen kritische Schwachstellen ∗∗∗ --------------------------------------------- Google hat zum 24. Mai 2022 die Updates des 102.0.5005.61/62/63 Google Chrome Browsers für Windows und Mac auf dem Desktop im Stable Channel freigegeben (Chrome 102 wird auch im Stable Channel für Windows und Mac aufgenommen). --------------------------------------------- https://www.borncity.com/blog/2022/05/25/chrome-102-0-5005-61-62-63-fixen-s… ∗∗∗ Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vuln… ∗∗∗ Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-node-js-as-used-by-ibm-se… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-deployment-int… ∗∗∗ Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vuln… ∗∗∗ Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vuln… ∗∗∗ VMSA-2022-0015 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2022-0015.html ∗∗∗ Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508 ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX457048 ∗∗∗ Rockwell Automation Logix Controllers ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-144-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily