Daily

daily@lists.cert.at

1 participants
3182 discussions

Tageszusammenfassung - 05.07.2022
by Daily end-of-shift report 05 Jul '22

05 Jul '22

===================== = End-of-Day report = ===================== Timeframe: Montag 04-07-2022 18:00 − Dienstag 05-07-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Jetzt aktualisieren! Zero-Day-Lücke in Google Chrome geschlossen ∗∗∗ --------------------------------------------- Im Webbrowser Google Chrome hat der Hersteller mehrere Sicherheitslücken geschlossen. Angreifer missbrauchen eine davon bereits in freier Wildbahn. --------------------------------------------- https://heise.de/-7162462 ∗∗∗ Erpressungstrojaner AstraLocker ist Geschichte, Entschlüsselungstools verfügbar ∗∗∗ --------------------------------------------- Die Drahtzieher der Ransomware AstraLocker wollen die Cybercrime-Branche wechseln und veröffentlichen Tools, über die Opfer auf ihre Daten zugreifen können. --------------------------------------------- https://heise.de/-7163123 ∗∗∗ Memory Sanitizer: Neues Kernel-Werkzeug findet 300 Speicherfehler ∗∗∗ --------------------------------------------- Trotz Compilerwarnungen und -Werkzeuge gibt es weiter neue Speicherfehler im Linux-Kernel. Ein Memory Sanitizer soll das zum Teil verhindern. --------------------------------------------- https://www.golem.de/news/memory-sanitizer-neues-kernel-werkzeug-findet-300… ∗∗∗ Abo-Falle auf lebenslaufschreiben.com ∗∗∗ --------------------------------------------- Sie erstellen gerade einen Lebenslauf und suchen im Internet nach Vorlagen? Möglicherweise landen Sie bei lebenslaufschreiben.com – einem Lebenslaufgenerator. Online können alle Informationen eingetippt und ein sehr professioneller Lebenslauf gebastelt werden. Doch Vorsicht: Sie werden in eine Abo-Falle gelockt. --------------------------------------------- https://www.watchlist-internet.at/news/abo-falle-auf-lebenslaufschreibencom/ ∗∗∗ EternalBlue 5 years after WannaCry and NotPetya, (Tue, Jul 5th) ∗∗∗ --------------------------------------------- We are about two months past the 5-year anniversary of WannaCry outbreak[1] and about a week past the 5-year anniversary of NotPetya outbreak[2]. Since both WannaCry and NotPetya used the EternalBlue[3] exploit in order to spread, I thought that it might be interesting to take a look at how many internet-facing systems still remain vulnerable to it. --------------------------------------------- https://isc.sans.edu/diary/rss/28816 ∗∗∗ When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors ∗∗∗ --------------------------------------------- Penetration testing and adversary emulation tool Brute Ratel C4 is effective at defeating modern detection capabilities – and malicious actors have begun to adopt it. --------------------------------------------- https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate für Django Web Framework ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im Django Web-Framework ermöglichte Angreifern das Einschleusen von SQL-Befehlen. Aktualisierte Software bessert die Schwachstelle aus. --------------------------------------------- https://heise.de/-7163246 ∗∗∗ IBM Security Bulletins 2022-07-04 ∗∗∗ --------------------------------------------- IBM Tivoli Network Manager, IBM App Connect Enterprise, IBM Integration Bus, IBM Engineering Test Management, IBM WebSphere Cast Iron Solution, IBM App Connect Professional, IBM Cloud Pak, IBM Tivoli Netcool, IBM Netezza, IBM Operations Analytics, App Connect professional. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Fortinet Security Advisories 2022-07-05 ∗∗∗ --------------------------------------------- On Jul 05, 2022, Fortinet has released 11 advisories for issues resolved in Fortinet products. (Severity: Low (1), Medium (6), High (4)) --------------------------------------------- https://fortiguard.fortinet.com/psirt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (blender and thunderbird), SUSE (ImageMagick, qemu, and sysstat), and Ubuntu (php7.0). --------------------------------------------- https://lwn.net/Articles/900064/ ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2022-0006 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2022-22662 Versions affected: WebKitGTK and WPE WebKit before 2.36.0. --------------------------------------------- https://webkitgtk.org/security/WSA-2022-0006.html ∗∗∗ OpenSSL: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um Informationen offenzulegen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0561 ∗∗∗ JFrog Artifactory: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um Cross-Site Scripting- und Cross-Site Request Forgery Angriffe durchzuführen und um Informationen offenzulegen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0562 ∗∗∗ July 5th 2022 Security Releases ∗∗∗ --------------------------------------------- The Node.js project will release new versions of the 14.x, 16.x, and 18.x releases lines on or shortly after Tuesday, July 5th, 2022 in order to address: Three medium severity issues. Two high severity issues. --------------------------------------------- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases ∗∗∗ LiteCart vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN32625020/ ∗∗∗ Xen Security Advisory CVE-2022-33743 / XSA-405 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-405.html ∗∗∗ Xen Security Advisory CVE-2022-33744 / XSA-406 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-406.html ∗∗∗ Xen Security Advisory CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742 / XSA-403 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-403.html ∗∗∗ Nextcloud: Schwachstelle ermöglicht Injektion von Kommandos ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0558 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.07.2022
by Daily end-of-shift report 04 Jul '22

04 Jul '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-07-2022 18:00 − Montag 04-07-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Raspberry Robin: Microsoft warnt vor mysteriösem Wurm ∗∗∗ --------------------------------------------- Die Schadsoftware verbreitet sich über USB-Sticks. Unklar bleibt, wer die Urheber*innen sind und welches Ziel damit verfolgt wird. --------------------------------------------- https://futurezone.at/digital-life/raspberry-robin-wurm-windows-microsoft-w… ∗∗∗ Warnung vor Hackerangriffen auf Politiker ∗∗∗ --------------------------------------------- Das BSI und der Verfassungsschutz warnen vor Hackern, die durch einen einfachen Trick den Zugang zu Chats von hochrangigen Politikern erlangen könnten. --------------------------------------------- https://www.tagesschau.de/investigativ/ndr-wdr/hacker-angriffe-verfassungss… ∗∗∗ Gefälschtes ÖBB-Gewinnspiel auf WhatsApp ∗∗∗ --------------------------------------------- Viele WhatsApp-Nutzer:innen verbreiten unter ihren Kontakten unwissentlich ein Fake-ÖBB-Gewinnspiel. Die Nachricht lautet „ÖBB 100 Jahre Staatliche Verkehrsförderung! Jeder Bürger kann sich über…“. Darunter ist ein Link. Der Link führt zu einem gefälschten Gewinnspiel. Klicken Sie nicht auf den Link, Sie werden abgezockt. Ignorieren Sie die Nachricht und melden Sie sie an WhatsApp. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschtes-oebb-gewinnspiel-auf-wh… ∗∗∗ CISA fordert US-Einrichtungen zum Patchen von CVE-2022-26925 in AD-Umgebungen auf ∗∗∗ --------------------------------------------- Zum 1. Juli 2022 hat die US Cybersecurity & Infrastructur Security Agency (CISA) erneut den Patch für die Schwachstelle CVE-2022-26925 (Active Directory) in die Liste der zu schließenden Schwachstellen aufgenommen (soll bis 22. 7. 2022 geschlossen werden). --------------------------------------------- https://www.borncity.com/blog/2022/07/04/cisa-fordert-us-einrichtungen-zum-… ∗∗∗ Cloud OSINT. Finding Interesting Resources ∗∗∗ --------------------------------------------- Locating sensitive information, personally identifiable information (PII) and questionable assets in the cloud. TL; DR I had a curiosity driven excursion into the public clouds of AWS and Azure to [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/cloud-osint-finding-interesti… ===================== = Vulnerabilities = ===================== ∗∗∗ Django fixes SQL Injection vulnerability in new releases ∗∗∗ --------------------------------------------- Django, an open source Python-based web framework has patched a high severity vulnerability in its latest releases. Tracked as CVE-2022-34265, the potential SQL Injection vulnerability impacts Djangos main branch, and versions 4.1 (currently in beta), 4.0, and 3.2, with patches and new releases issued fixing the vulnerability. --------------------------------------------- https://www.bleepingcomputer.com/news/security/django-fixes-sql-injection-v… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gnupg2 and kernel), Fedora (golang-github-apache-beam-2, golang-github-etcd-io-gofail, golang-github-intel-goresctrl, golang-github-spf13-cobra, golang-k8s-pod-security-admission, and vim), Oracle (.NET 6.0, compat-openssl10, compat-openssl11, cups, curl, expat, firefox, go-toolset:ol8, grub2,, gzip, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libarchive, libgcrypt, libinput, libxml2, pcre2, postgresql, python, rsync, rsyslog, [...] --------------------------------------------- https://lwn.net/Articles/899963/ ∗∗∗ libTIFF: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0544 ∗∗∗ xpdf: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0543 ∗∗∗ HPE FlexNetwork und FlexFabric Switches: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0542 ∗∗∗ Kyocera Drucker: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0551 ∗∗∗ Trend Micro Maximum Security: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0550 ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2022 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Remote code execution vulnerability affect IBM Business Automation Workflow – CVE-2021-43138 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-remote-code-execution-vul… ∗∗∗ Security Bulletin: junrar Denial of Service (DoS) security vulnerability in IBM FileNet Content Manager Content Search Services (CSS) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-junrar-denial-of-service-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: junrar v7.4.0 and prior Denial of Service (DoS) security vulnerability in IBM FileNet Content Manager Content Search Services (CSS) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-junrar-v7-4-0-and-prior-d… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.07.2022
by Daily end-of-shift report 01 Jul '22

01 Jul '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-06-2022 18:00 − Freitag 01-07-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft-Analyse: Linux-Malware-Kampagne erhält bemerkenswertes Update ∗∗∗ --------------------------------------------- Ein Sicherheitsteam von Microsoft hat beobachtet, dass die Malware-Gruppe "8220 Gang" ihre Kampagne signifikant aktualisiert hat. Im Visier: Linux-Systeme. --------------------------------------------- https://heise.de/-7159495 ∗∗∗ FBI and CISA warn: This ransomware is using RDP flaws to break into networks ∗∗∗ --------------------------------------------- US exposes MedusaLocker, one of the ransomware gangs that ramped up activity as the pandemic gripped the world. --------------------------------------------- https://www.zdnet.com/article/fbi-and-cisa-warn-this-ransomware-is-using-rd… ∗∗∗ RanSim: a ransomware simulation script written in PowerShell ∗∗∗ --------------------------------------------- You can use RanSim to test your defenses and backups against real ransomware-like activity in a controlled setting. The same script can be used to decrypt the files if needed. --------------------------------------------- https://github.com/lawndoc/RanSim ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Viele Jenkins-Plug-ins als Schlupflöcher für Angreifer ∗∗∗ --------------------------------------------- Software-Entwickler aufgepasst: Lücken in Plug-ins für den Automation-Server Jenkins geschlossen. Etliche Patches lassen aber noch auf sich warten. --------------------------------------------- https://heise.de/-7160083 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, isync, kernel, and systemd), Fedora (chromium, curl, firefox, golang-github-vultr-govultr-2, and xen), Mageia (openssl, python-bottle, and python-pyjwt), Red Hat (compat-openssl10, curl, expat, firefox, go-toolset-1.17 and go-toolset-1.17-golang, go-toolset:rhel8, kernel, kpatch-patch, libarchive, libgcrypt, libinput, libxml2, pcre2, php:7.4, php:8.0, qemu-kvm, ruby:2.6, thunderbird, and vim), and Ubuntu (curl, libjpeg6b, and vim). --------------------------------------------- https://lwn.net/Articles/899701/ ∗∗∗ GitLab: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um Informationen offenzulegen, Sicherheitseinstellungen zu umgehen, einen Denial of Service zu verursachen, Daten zu manipulieren und Code zur Ausführung zu bringen. --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0531 ∗∗∗ Microsoft Edge 103.0.1264.44 fixt CVE-2022-33680 (30. Juni 2022) ∗∗∗ --------------------------------------------- Microsoft hat zum 30. Juni 2022 den Edge-Browser im Stable Channel auf die Version 103.0.1264.44 aktualisiert. Es ist ein Wartungsupdate, welches die als kritisch eingestufte Elevation of Privilege-Schwachstelle CVE-2022-33680 (Ausbruch aus der Sandbox) beseitigt. --------------------------------------------- https://www.borncity.com/blog/2022/07/01/microsoft-edge-103-0-1264-44-fixt-… ∗∗∗ ZDI-22-948: Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-948/ ∗∗∗ Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5709.php ∗∗∗ Security Bulletin: IBM UrbanCode Deploy (UCD) could disclose sensitive database information to a local user in plain text. (CVE-2022-22367) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-… ∗∗∗ Security Bulletin: IBM Urbancode Deploy (UCD) vulnerable to information disclosure which can be read by a local user. (CVE-2022-22366) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-… ∗∗∗ Security Bulletin: Vulnerabilities in Samba, OpenSSL, Python, and XStream affect IBM Spectrum Protect Plus (CVE-2021-20254, CVE-2021-3712, CVE-2021-43859, CVE-2022-0778, CVE-2020-25717, CVE-2021-23192, CVE-2021-3733) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-samba-… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server Pack for SAP Apps and BW Packs is affected by an improper validation vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: UrbanCode Deploy is vulnerable to denial of service due to Jackson-databind (CVE-2020-36518) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-urbancode-deploy-is-vulne… ∗∗∗ Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Protect Plus ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-postgres… ∗∗∗ Kibana: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0527 ∗∗∗ npm: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0524 ∗∗∗ Exemys RME1 ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-181-01 ∗∗∗ Yokogawa Wide Area Communication Router ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-181-02 ∗∗∗ Emerson DeltaV Distributed Control System ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-181-03 ∗∗∗ Distributed Data Systems WebHMI ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-181-04 ∗∗∗ 2022-09 FragAttacks ProSoft RadioLinx RLX2 ∗∗∗ --------------------------------------------- https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=14521&mediaformat… ∗∗∗ Unauthorized RCE CVE-2022-28219 in Zoho ManageEngine ADAudit Plus ∗∗∗ --------------------------------------------- https://www.borncity.com/blog/2022/07/01/unauthorized-rce-cve-2022-28219-in… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.06.2022
by Daily end-of-shift report 30 Jun '22

30 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-06-2022 18:00 − Donnerstag 30-06-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Atlassian warnt vor Sicherheitslücke in Projektverwaltung Jira ∗∗∗ --------------------------------------------- Vor einer Sicherheitslücke mit hohem Risiko in Jira warnt Hersteller Atlassian. Updates stehen bereit. Auch ein Workaround bietet das Unternehmen an. --------------------------------------------- https://heise.de/-7157892 ∗∗∗ Recovery-Scams: Kriminelle geben sich als FMA und Börsenaufsicht aus! ∗∗∗ --------------------------------------------- Sind Sie Opfer einer unseriösen Trading-Plattform geworden? Anbieter wie börsenaufsicht.net, finanzmarktaufsicht.net und payback-ltd.com versprechen Ihr verlorenes Geld zurückzuholen. Vorsicht! Es handelt sich um betrügerische Dienste, die Sie noch weiter abzocken wollen. --------------------------------------------- https://www.watchlist-internet.at/news/recovery-scams-kriminelle-geben-sich… ∗∗∗ Microsoft Exchange Server: Remote Code Execution-Schwachstelle CVE-2022-23277 trotz Patch ausnutzbar? ∗∗∗ --------------------------------------------- Sind auf dem aktuellen Patch-Stand befindliche Microsoft Exchange Server über die Remote Code Execution-Schwachstelle CVE-2022-23277 immer noch angreifbar? Mir sind gerade einige Informationsfragmente unter die Augen gekommen, die dies zumindest nahelegen, dass der betreffende Patch die Möglichkeiten zur Ausnutzung nicht [...] --------------------------------------------- https://www.borncity.com/blog/2022/06/30/microsoft-exchange-server-remote-c… ∗∗∗ CISA warns of hackers exploiting PwnKit Linux vulnerability ∗∗∗ --------------------------------------------- The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploi… ∗∗∗ AstraLocker 2.0 infects users directly from Word attachments ∗∗∗ --------------------------------------------- A lesser-known ransomware strain called AstraLocker has recently released its second major version, and according to threat analysts, its operators engage in rapid attacks that drop its payload directly from email attachments. --------------------------------------------- https://www.bleepingcomputer.com/news/security/astralocker-20-infects-users… ∗∗∗ XFiles info-stealing malware adds support for Follina delivery ∗∗∗ --------------------------------------------- The XFiles info-stealer malware has added a delivery module that exploits CVE-2022-30190, aka Follina, for dropping the payload on target computers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/xfiles-info-stealing-malware… ∗∗∗ The SessionManager IIS backdoor ∗∗∗ --------------------------------------------- In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East. --------------------------------------------- https://securelist.com/the-sessionmanager-iis-backdoor/106868/ ∗∗∗ Toll fraud malware: How an Android application can drain your wallet ∗∗∗ --------------------------------------------- Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware - and it continues to evolve. --------------------------------------------- https://www.microsoft.com/security/blog/2022/06/30/toll-fraud-malware-how-a… ∗∗∗ Case Study: Cobalt Strike Server Lives on After Its Domain Is Suspended, (Thu, Jun 30th) ∗∗∗ --------------------------------------------- How do threat actors behind a Cobalt Strike server keep it running after its domain is taken down? If the server is not hosted through the domain registrar, it merely keeps running on the same IP address. Today's diary is a case study where Cobalt Strike remained active on the same IP address at least one week after its domain was suspended. --------------------------------------------- https://isc.sans.edu/diary/rss/28804 ∗∗∗ Flubot: the evolution of a notorious Android Banking Malware ∗∗∗ --------------------------------------------- Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the [...] --------------------------------------------- https://blog.fox-it.com/2022/06/29/flubot-the-evolution-of-a-notorious-andr… ∗∗∗ Amazon Photos vulnerability could have given attackers access to user files and data ∗∗∗ --------------------------------------------- The retail giant patched a serious flaw in its Amazon Photos app that left user access token exposed to potential attackers. --------------------------------------------- https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/amazon-p… ∗∗∗ Cloudy with a Chance of Risk: Managing Risks in Cloud-Managed OT Networks ∗∗∗ --------------------------------------------- In this blog, we'll examine the potential threats and risks of OT cloud migration, offering guidance on how to manage and mitigate them effectively. --------------------------------------------- https://claroty.com/2022/06/30/blog-research-cloudy-with-a-chance-of-risk/ ∗∗∗ Reducing data exfiltration by malicious insiders ∗∗∗ --------------------------------------------- Advice and recommendations for mitigating this type of insider behaviour. --------------------------------------------- https://www.ncsc.gov.uk/guidance/reducing-data-exfiltration-by-malicious-in… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins 2022-06-29 ∗∗∗ --------------------------------------------- IBM Spectrum Protect, IBM Watson Discovery, IBM Sterling B2B Integrator, IBM Sterling Connect, IBM Cloud Pak, IBM Tivoli Netcool Impact, IBM Db2 --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, firejail, and ublock-origin), Fedora (chromium, firefox, thunderbird, and vim), Mageia (kernel and kernel-linus), Oracle (389-ds-base and python-virtualenv), SUSE (chromium), and Ubuntu (cloud-init). --------------------------------------------- https://lwn.net/Articles/899483/ ∗∗∗ Mitsubishi Electric FA Engineering Software (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-21-350-05 Mitsubishi Electric FA Engineering Software that was published December 16, 2021, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Out-of-bounds Read, and Integer Underflow vulnerabilities in Mitsubishi Electrics FA Engineering Software products. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05 ∗∗∗ CODESYS Gateway Server (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-15-258-02 3S CODESYS Gateway Server Buffer overflow Vulnerability that was published September 15, 2015, on the ICS webpage at cisa.gov/ics. This advisory provides mitigation details for a heap-based buffer overflow vulnerability in CODESYS Gateway Server products. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/ICSA-15-258-02 ∗∗∗ Revision von CVE-2021-26414 (Windows DCOM Server Security Feature Bypass) vom 28. Juni 2022 ∗∗∗ --------------------------------------------- Microsoft hat seine Beschreibung von CVE-2021-26414 (Windows DCOM Server Security Feature Bypass) zum 28. Juni 2022 revidiert. Es wurden die Sicherheitsupdates für Windows 10 Version 21H2, Windows 11 und Windows Server 2022 hinzugefügt, da diese Windows-Versionen ebenfalls von dieser Sicherheitslücke [...] --------------------------------------------- https://www.borncity.com/blog/2022/06/29/revision-von-cve-2022-26414-window… ∗∗∗ Config Terms - Critical - Access bypass - SA-CONTRIB-2022-047 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2022-047 ∗∗∗ Lottiefiles Field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-046 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2022-046 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.06.2022
by Daily end-of-shift report 29 Jun '22

29 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-06-2022 18:00 − Mittwoch 29-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ MITM at the Edge: Abusing Cloudflare Workers ∗∗∗ --------------------------------------------- Cloudflare Workers provide a powerful serverless solution to run code that sits between every HTTP request and response. In this post, we’ll see how an attacker compromising a Cloudflare account can abuse Workers to establish persistence and exfiltrate sensitive data. --------------------------------------------- https://blog.christophetd.fr/abusing-cloudflare-workers/ ∗∗∗ Achtung vor Fake-Shops mit Gartenmöbeln! ∗∗∗ --------------------------------------------- Kriminelle passen ihre Fake-Shops aktuell wieder an die Sommersaison an, indem sie vermehrt Gartenmöbel, Rasenmäher oder sonstige Gartengeräte anbieten. Beispiele sind waganu.de, bbvipanswer.shop, strandkorbia.com oder zzyha.shop. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-fake-shops-mit-gartenmoe… ∗∗∗ CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1 ∗∗∗ --------------------------------------------- CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication ("Modern Auth") before Microsoft begins permanently disabling Basic Auth on October 1, 2022. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/06/28/cisa-releases-gui… ∗∗∗ YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom” ∗∗∗ --------------------------------------------- YTStealer is a malware whose objective is to steal YouTube authentication cookies. --------------------------------------------- https://www.intezer.com/blog/research/ytstealer-malware-youtube-cookies/ ∗∗∗ Decryptor für Hive Ransomware v1 bis v4 verfügbar ∗∗∗ --------------------------------------------- Opfer der Hive Ransomware können ggf. hoffen, ihre verschlüsselten Dateien wieder entschlüsseln zu können. Denn koreanischen Sicherheitsforschern ist es gelungen, einen Decryptor für die Versionen 1 bis 4 dieser Hive Ransomware zu entwickeln. --------------------------------------------- https://www.borncity.com/blog/2022/06/29/decryptor-fr-hive-ransomware-v1-bi… ∗∗∗ Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- Cross-Site Scripting (XSS) is a well-known vulnerability that has been around for a long time and can be used to steal sessions, create fake logins and carry out actions as someone else, etc. In addition, many users are unaware of the potential dangers associated with their browser’s credential autofill feature. --------------------------------------------- https://www.gosecure.net/blog/2022/06/29/did-you-know-your-browsers-autofil… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2022-30522 – Denial of Service (DoS) Vulnerability in Apache httpd “mod_sed” filter ∗∗∗ --------------------------------------------- This past March we posted an analysis of a vulnerability in the Apache HTTP Server mod_sed filter module, CVE-2022-23943, in which a Denial of Service (DoS) can be triggered due to a miscalculation of buffers’ sizes. While analyzing this Apache httpd vulnerability and its patch, we suspected that although the fix resolved the issue, it created a new unwanted behavior. --------------------------------------------- https://jfrog.com/blog/cve-2022-30522-denial-of-service-dos-vulnerability-i… ∗∗∗ Groupware: Präparierte E-Mails könnten zur Codeausführung in Zimbra führen ∗∗∗ --------------------------------------------- Angreifer könnten in Zimbra Backdoors per E-Mail hochladen. Schuld daran ist eine Lücke im Entpacker unrar, die die Erstellung beliebiger Dateien erlaubt. --------------------------------------------- https://heise.de/-7156812 ∗∗∗ Datenverwaltung: Kritische Lücke in Dell EMC PowerScale OneFS abgedichtet ∗∗∗ --------------------------------------------- Dell EMC PowerScale OneFS zur skalierbaren Datenspeicherung und -verwaltung enthält teils kritische Sicherheitslücken. Updates sollen sie schließen. --------------------------------------------- https://heise.de/-7156674 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (blender, libsndfile, and maven-shared-utils), Fedora (openssl), Red Hat (389-ds-base, kernel, kernel-rt, kpatch-patch, and python-virtualenv), Scientific Linux (389-ds-base, kernel, python, and python-virtualenv), and Slackware (curl, mozilla, and openssl). --------------------------------------------- https://lwn.net/Articles/899364/ ∗∗∗ FabricScape: Escaping Service Fabric and Taking Over the Cluster ∗∗∗ --------------------------------------------- Unit 42 researchers identified FabricScape (CVE-2022-30137), a vulnerability of important severity in Microsoft’s Service Fabric – commonly used with Azure – that allows Linux containers to escalate their privileges in order to gain root privileges on the node, and then compromise all of the nodes in the cluster. The vulnerability could be exploited on containers that are configured to have runtime access, which is granted by default to every container. --------------------------------------------- https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/ ∗∗∗ Security Bulletin: IBM Netezza as a Service is vulnerable to denial of service due to Golang net package (CVE-2021-33194, CVE-2021-44716, CVE-2021-31525) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-netezza-as-a-service-… ∗∗∗ Security Bulletin: OpenSSL for IBM i is vulnerable to command injection due to a flaw in c_rehash script (CVE-2022-1292) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-vuln… ∗∗∗ Security Bulletin: Zlib for IBM i is vulnerable to a denial of service attack due to memory corruption (CVE-2018-25032) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-zlib-for-ibm-i-is-vulnera… ∗∗∗ Security Vulnerabilities fixed in Thunderbird 91.11 and Thunderbird 102 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/ ∗∗∗ Security Vulnerabilities fixed in Firefox for iOS 102 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-27/ ∗∗∗ Advantech iView ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-179-03 ∗∗∗ Motorola Solutions MOSCAD IP and ACE IP Gateways ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-179-04 ∗∗∗ Motorola Solutions MDLC ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-179-05 ∗∗∗ Motorola Solutions ACE1000 ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-179-06 ∗∗∗ Omron SYSMAC CS/CJ/CP Series and NJ/NX Series ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-179-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.06.2022
by Daily end-of-shift report 28 Jun '22

28 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Montag 27-06-2022 18:00 − Dienstag 28-06-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Over 900,000 Kubernetes instances found exposed online ∗∗∗ --------------------------------------------- Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-inst… ∗∗∗ Raccoon Stealer is back with a new version to steal your passwords ∗∗∗ --------------------------------------------- The Raccoon Stealer malware is back with a second major version circulating on cybercrime forums, offering hackers elevated password-stealing functionality and upgraded operational capacity. --------------------------------------------- https://www.bleepingcomputer.com/news/security/raccoon-stealer-is-back-with… ∗∗∗ ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks ∗∗∗ --------------------------------------------- A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. --------------------------------------------- https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html ∗∗∗ Microsoft: Support-Ende von Exchange 2013 naht - jetzt Migration planen ∗∗∗ --------------------------------------------- Der Exchange-Server 2013 erreicht in neun Monaten sein absolutes Support-Ende. Daran erinnert Microsofts Exchange-Team und empfiehlt die zügige Migration. --------------------------------------------- https://heise.de/-7155579 ∗∗∗ Lockbit-Ransomware-Gruppe stellt sich professioneller auf ∗∗∗ --------------------------------------------- Die Erpresserbande hinter der Ransomware Lockbit hebt den Professionalisierungsgrad auf eine neue Stufe. Sogar ein Bug-Bounty-Programm hat sie aufgelegt. --------------------------------------------- https://heise.de/-7155742 ∗∗∗ Krypto-Lovescam: Wenn Tinder-Matches Investment-Tipps geben ∗∗∗ --------------------------------------------- Betrügerische Internetbekanntschaften zielen nicht darauf ab, Sie näher kennenzulernen. Sie bauen Vertrauen auf, um Sie später auf gefälschte Investitionsplattformen zu locken. --------------------------------------------- https://www.watchlist-internet.at/news/krypto-lovescam-wenn-tinder-matches-… ∗∗∗ Understanding the Function Call Stack ∗∗∗ --------------------------------------------- That thread was inspired by a series of tweets by inversecos who shared how malware authors will often use Native APIs instead of Win32 APIs as a mechanism to evade naive detections that assume every application will use the Win32 API function. --------------------------------------------- https://posts.specterops.io/understanding-the-function-call-stack-f08b5341e… ∗∗∗ De-anonymizing ransomware domains on the dark web ∗∗∗ --------------------------------------------- We have developed three techniques to identify ransomware operators dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups. --------------------------------------------- http://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains… ===================== = Vulnerabilities = ===================== ∗∗∗ Firefox 102: Mehrere Sicherheitslücken geschlossen ∗∗∗ --------------------------------------------- Mozilla hat Version 102 von Firefox veröffentlicht. Diese Major-Version des Browsers ist die neue Basis für Firefox ESR und behebt einige Sicherheitsprobleme. --------------------------------------------- https://heise.de/-7156179 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nodejs and squid), Fedora (uboot-tools), Red Hat (kernel-rt, kpatch-patch, and python), SUSE (drbd, openssl-1_0_0, oracleasm, and rubygem-rack), and Ubuntu (curl). --------------------------------------------- https://lwn.net/Articles/899239/ ∗∗∗ 2022 CWE Top 25 Most Dangerous Software Weaknesses ∗∗∗ --------------------------------------------- The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/06/28/2022-cwe-top-25-m… ∗∗∗ Security Advisory - Password Verification Vulnerability of Huawei Router ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220628-… ∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent(CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-remote-attack-vulnerabi… ∗∗∗ Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21248) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-ja… ∗∗∗ Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-lodash… ∗∗∗ Security Bulletin: IBM Robotic Process Automation may be affected by multiple vulnerabilities in open source components (CVE-2019-0820, CVE-2020-15522, CVE-2021-43569) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-autom… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-31805) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-s… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability (CVE-2021-39074) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 – October 2021 & January 2022 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ K01311313: Linux kernel vulnerability CVE-2021-3612 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01311313 ∗∗∗ Long Term Support Channel Update for ChromeOS ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2022/06/long-term-support-channel-upda… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.06.2022
by Daily end-of-shift report 27 Jun '22

27 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-06-2022 18:00 − Montag 27-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Fake copyright infringement emails install LockBit ransomware ∗∗∗ --------------------------------------------- LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-… ∗∗∗ Clever phishing method bypasses MFA using Microsoft WebView2 apps ∗∗∗ --------------------------------------------- A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victims authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypas… ∗∗∗ NetSec Goggle shows search results only from cybersecurity sites ∗∗∗ --------------------------------------------- A new Brave Search Goggle modifies Brave Search results to only show reputable cybersecurity sites, making it easier to search for and find security information. --------------------------------------------- https://www.bleepingcomputer.com/news/security/netsec-goggle-shows-search-r… ∗∗∗ LockBit 3.0 introduces the first ransomware bug bounty program ∗∗∗ --------------------------------------------- The LockBit ransomware operation has released LockBit 3.0, introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-fi… ∗∗∗ Malicious Code Passed to PowerShell via the Clipboard, (Sat, Jun 25th) ∗∗∗ --------------------------------------------- Another day, another malicious script was found! Today, the script is a Windows bat file that executes malicious PowerShell code but the way it works is interesting. --------------------------------------------- https://isc.sans.edu/diary/rss/28784 ∗∗∗ Encrypted Client Hello: Anybody Using it Yet?, (Mon, Jun 27th) ∗∗∗ --------------------------------------------- The first payload sent by a TLS client to a TLS server is a "Client Hello." It includes several parameters supported by the client, such as available cipher suites, to start negotiating a compatible set of TLS parameters with the server. --------------------------------------------- https://isc.sans.edu/diary/rss/28792 ∗∗∗ Ransomware-Gang Conti schließt Leak- und Verhandlungsplattform ∗∗∗ --------------------------------------------- Die Conti-Gruppe hinter dem gleichnamigen Erpressungstrojaner finalisiert ihren Rückzug und teilt sich weiter in kleinere Gangs auf. --------------------------------------------- https://heise.de/-7154035 ∗∗∗ Flut von Angriffen auf Paketmanager PyPI schleust Backdoor in Python-Pakete ein ∗∗∗ --------------------------------------------- Nachdem zunächst Sonatype einen Angriff auf fünf Pakete im Python-Paketmanager entdeckt hat, füllt sich die CVE-Schwachstellendatenbank mit weiteren Vorfällen. --------------------------------------------- https://heise.de/-7154405 ∗∗∗ Ransomware: Unternehmen im Gesundheitswesen zahlen am häufigsten Lösegeld ∗∗∗ --------------------------------------------- Verschlüsselungsangriffe haben vor allem in der Gesundheitsbranche in den vergangenen Monaten stark zugenommen. Die Daten sind bei Angreifern beliebt. --------------------------------------------- https://heise.de/-7154906 ∗∗∗ NIST Releases New macOS Security Guidance for Organizations ∗∗∗ --------------------------------------------- The National Institute of Standards and Technology (NIST) has published the final version of its guidance on securing macOS endpoints and assessing their security. --------------------------------------------- https://www.securityweek.com/nist-releases-new-macos-security-guidance-orga… ∗∗∗ Vorsicht vor Fake-E-Mails der Wiener Polizei ∗∗∗ --------------------------------------------- In einem gefälschten E-Mail der Polizei werden Sie beschuldigt, eine Straftat begangen zu haben. Es geht um Kinderpornografie, Pädophilie, Cyberpornografie und Exhibitionismus. Sie werden aufgefordert, per E-Mail eine Rechtfertigung zu schicken. Antworten Sie nicht und ignorieren Sie dieses Schreiben. Es ist Fake! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-fake-e-mails-der-wiener… ∗∗∗ CISA Adds Eight Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/06/27/cisa-adds-eight-k… ===================== = Vulnerabilities = ===================== ∗∗∗ Citrix dichtet Sicherheitslücken in Hypervisor ab ∗∗∗ --------------------------------------------- Der Hypervisor von Citrix enthält mehrere Schwachstellen. Angreifer könnten die Kontrolle übernehmen. Aktualisierte Pakete dichten die Lücken ab. --------------------------------------------- https://heise.de/-7154435 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openssl), Fedora (dotnet6.0, mediawiki, and python2.7), Mageia (389-ds-base, chromium-browser-stable, exo, and libtiff), Oracle (httpd:2.4 and microcode_ctl), SUSE (dbus-broker, drbd, kernel, liblouis, mariadb, openssl, openssl-1_1, openSUSE kernel modules, oracleasm, php7, php72, python39, salt, and wdiff), and Ubuntu (linux, linux-hwe, mozjs91, and vim). --------------------------------------------- https://lwn.net/Articles/899158/ ∗∗∗ Security Bulletin: Multiple Vulnerabilities found in Apache Tika used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35603) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35550) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: IBM MQ is vulnerable to an issue within Jackson ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to denial of service due to zlib (CVE-2018-25032) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-affect… ∗∗∗ Spring Function Cloud DoS (CVE-2022-22979) and Unintended Function Invocation ∗∗∗ --------------------------------------------- https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-uni… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.06.2022
by Daily end-of-shift report 24 Jun '22

24 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-06-2022 18:00 − Freitag 24-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ 2FA: Wie sicher sind TOTP, Fido, SMS und Push-Apps? ∗∗∗ --------------------------------------------- Zwei- oder Multi-Faktor-Authentifizierung soll uns sicherer machen. Wir erklären, wie TOTP, Fido & Co. funktionieren und wovor sie schützen. --------------------------------------------- https://www.golem.de/news/2fa-wie-sicher-sind-totp-fido-sms-und-push-apps-2… ∗∗∗ Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys ∗∗∗ --------------------------------------------- Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. --------------------------------------------- https://thehackernews.com/2022/06/multiple-backdoored-python-libraries.html ∗∗∗ Black Basta Ransomware Becomes Major Threat in Two Months ∗∗∗ --------------------------------------------- Black Basta ransomware has become a major new threat in just a couple months. Evidence suggests it was still in development in February 2022, and only became operational in April 2022. --------------------------------------------- https://www.securityweek.com/black-basta-ransomware-becomes-major-threat-tw… ∗∗∗ There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families ∗∗∗ --------------------------------------------- Learn about the unique implementations of API Hammering malware samples and how to mitigate them. --------------------------------------------- https://unit42.paloaltonetworks.com/api-hammering-malware-families/ ===================== = Vulnerabilities = ===================== ∗∗∗ Angreifer nutzen kontinuierlich Log4Shell-Lücke in VMware Horizon aus ∗∗∗ --------------------------------------------- Die Cybersecurity & Infrastructure Security Agency warnt vor Attacken auf die Virtualisierungslösung VMware Horizon. Admins sollten zügig handeln. --------------------------------------------- https://heise.de/-7152258 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (ntfs-3g and ntfs-3g-system-compression), SUSE (389-ds, chafa, containerd, mariadb, php74, python3, salt, and xen), and Ubuntu (apache2). --------------------------------------------- https://lwn.net/Articles/898925/ ∗∗∗ Codesys Patches 11 Flaws Likely Affecting Controllers From Several ICS Vendors ∗∗∗ --------------------------------------------- Codesys this week announced patches for nearly a dozen vulnerabilities discovered in the company’s products by researchers at Chinese cybersecurity firm NSFocus. --------------------------------------------- https://www.securityweek.com/codesys-patches-11-flaws-likely-affecting-cont… ∗∗∗ ZDI-22-872: DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-22-872/ ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2022-22389) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: One or more security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics (CVE-2020-4230,CVE-2020-4135,CVE-2020-4204,CVE-2020-4200) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-one-or-more-security-vuln… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2019-10086, CVE-2021-41617) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Robotic Process Automation is vulnerable to configuration credentials unencrypted in system memory (CVE-2022-22414) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-autom… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities due to the consumed Expat library ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-affected-by-mu… ∗∗∗ Security Bulletin: CVE-2021-35603 may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35603-may-affect… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. (CVE-2022-22390) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: Multiple vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an information leak vulnerability within Kafka (CVE-2021-38153) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A vulnerability in zlib affects IBM Common Inventory Technology (CIT). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-zlib-a… ∗∗∗ Security Bulletin: CVE-2020-35550 may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-35550-may-affect… ∗∗∗ K26314875: Apache vulnerability CVE-2022-26377 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26314875 ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-upd… ∗∗∗ OFFIS DCMTK ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-22-174-01 ∗∗∗ Yokogawa STARDOM ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-174-01 ∗∗∗ Yokogawa CAMS for HIS ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-174-02 ∗∗∗ Secheron SEPCOS Control and Protection Relay ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-174-03 ∗∗∗ Pyramid Solutions EtherNet/IP Adapter Development Kit ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-174-04 ∗∗∗ Elcomplus SmartICS ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-174-05 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.06.2022
by Daily end-of-shift report 23 Jun '22

23 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-06-2022 18:00 − Donnerstag 23-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Conti ransomware hacking spree breaches over 40 orgs in a month ∗∗∗ --------------------------------------------- The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. --------------------------------------------- https://www.bleepingcomputer.com/news/security/conti-ransomware-hacking-spr… ∗∗∗ Malicious Windows LNK attacks made easy with new Quantum builder ∗∗∗ --------------------------------------------- Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malicious-windows-lnk-attack… ∗∗∗ The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs ∗∗∗ --------------------------------------------- We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks. --------------------------------------------- https://securelist.com/modern-ransomware-groups-ttps/106824/ ∗∗∗ Understanding the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190 ∗∗∗ --------------------------------------------- Initially, I began this research to generate weaponized RTF files delivering the CVE-2022-30190(Follina) exploit. --------------------------------------------- https://cymulate.com/blog/cve-2022-30190-2/ ∗∗∗ Miracle - One Vulnerability To Rule Them All ∗∗∗ --------------------------------------------- As mentioned in Jang blog, We (me and Jang) found a mega 0-day. After April Critical Patch, finally the vulnerability was patched properly. If you never known about this vulnerability, please patch your system ASAP! --------------------------------------------- https://peterjson.medium.com/miracle-one-vulnerability-to-rule-them-all-c3a… ∗∗∗ Vorsicht vor betrügerischen „Remote Jobs“ auf LinkedIn ∗∗∗ --------------------------------------------- “Work from Home Jobs No Experience Required” – von zuhause aus arbeiten, dabei bis zu 2.000€ pro Woche verdienen und das alles ohne Berufserfahrung? Laut der massenhaft geschaltenen Stellenanzeigen von KADANSE ist das möglich. Was nicht erwähnt wird: Für diesen scheinbar lukrativen Job müssen Sie erst Geld bezahlen, der Job existiert so nicht. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischen-remote-… ∗∗∗ Schwachstellen in Programmierschnittstellen ∗∗∗ --------------------------------------------- Weltweit sind 4,1 bis 7,5 Prozent der Cybersecurity-Vorfälle und -schäden auf Schwachstellen in Programmierschnittstellen (Application Programming Interfaces, APIs) zurückzuführen und verursachen Kosten in Milliardenhöhe. --------------------------------------------- https://www.zdnet.de/88402008/schwachstellen-in-programmierschnittstellen/ ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins 2022-06-22 ∗∗∗ --------------------------------------------- IBM App Connect Enterprise, IBM Engineering Lifecycle Management, WebSphere Liberty, CICS Transaction Gateway, Watson Knowledge Catalog for IBM Cloud Pak for Data, IBM Robotic Process Automation, IBM Tivoli Business Service Manager, IBM MQ Internet Pass-Thru, IBM Cognos Analytics, IBM Sterling Global Mailbox. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Synology: Aktualisierte Firmware dichtet Sicherheitslecks in Routern ab ∗∗∗ --------------------------------------------- In Firmware von Synology-Geräten hat der Hersteller Sicherheitslücken gefunden. Angreifer könnten unter anderem unberechtigt auf Dateien zugreifen. --------------------------------------------- https://heise.de/-7151202 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, firejail, and request-tracker4), Fedora (ghex, golang-github-emicklei-restful, and openssl1.1), Oracle (postgresql), Scientific Linux (postgresql), Slackware (openssl), SUSE (salt and tor), and Ubuntu (apache2 and squid, squid3). --------------------------------------------- https://lwn.net/Articles/898720/ ∗∗∗ Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ K55051330: Intel BIOS vulnerability CVE-2021-33123 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55051330 ∗∗∗ K87351324: Intel BIOS vulnerability CVE-2021-33124 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K87351324 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.06.2022
by Daily end-of-shift report 22 Jun '22

22 Jun '22

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-06-2022 18:00 − Mittwoch 22-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign ∗∗∗ --------------------------------------------- A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. --------------------------------------------- https://thehackernews.com/2022/06/newly-discovered-magecart.html ∗∗∗ Du kommst hier nicht rein: Adobes PDF-Tools blockieren Antivirenschutz ∗∗∗ --------------------------------------------- Adobe Acrobat und Reader legen einen Registry-Eintrag an. Dieser hält über Chromiums libcef.dll Sicherheitsprogramm-DLLs aus den PDF-Programmen fern. --------------------------------------------- https://heise.de/-7147804 ∗∗∗ Sharehoster Mega: Sicherheitsforscher entschlüsseln eigentlich geschützte Daten ∗∗∗ --------------------------------------------- Eine problematische Kryptografie-Implementierung kann verschlüsselte Dateien für den Betreiber oder Angreifer lesbar machen. --------------------------------------------- https://heise.de/-7148227 ∗∗∗ Machen Sie mit bei unserer Studie zum Fake-Shop-Detector! ∗∗∗ --------------------------------------------- Fake-Shops stellen Konsument:innen vor große Herausforderungen: Sie werden immer zahlreicher und sind gleichzeitig schwieriger zu erkennen. Um das Einkaufen im Internet sicherer zu machen, haben wir den Fake-Shop Detector entwickelt. --------------------------------------------- https://www.watchlist-internet.at/news/machen-sie-mit-bei-unserer-studie-zu… ∗∗∗ Keeping PowerShell: Measures to Use and Embrace ∗∗∗ --------------------------------------------- Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/06/22/keeping-powershel… ===================== = Vulnerabilities = ===================== ∗∗∗ Webbrowser: Google schließt 14 Sicherheitslücken in Chrome ∗∗∗ --------------------------------------------- Mit dem Sprung auf das 103er-Release dichtet Google im Webbrowser Chrome 14 Schwachstellen ab. Auch für Android und iOS steht die neue Version bereit. --------------------------------------------- https://heise.de/-7147522 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (exo and ntfs-3g), Fedora (collectd, golang-github-cli-gh, grub2, qemu, and xen), Red Hat (httpd:2.4, kernel, and postgresql), SUSE (drbd, fwupdate, neomutt, and trivy), and Ubuntu (apache2, openssl, openssl1.0, and qemu). --------------------------------------------- https://lwn.net/Articles/898605/ ∗∗∗ JTEKT TOYOPUC ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in the JTEKT TOYOPUC programmable logic controller. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-172-02 ∗∗∗ VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/142546 ∗∗∗ Security Bulletin: June 2022 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-june-2022-multiple-vulner… ∗∗∗ Security Bulletin: A vulnerability (CVE-2021-35550) in IBM Java Runtime affects CICS Transaction Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-cve-2021-… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35603) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM) OpenSSL vulnerability CVE-2021-4044 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-team-concert-rtc… ∗∗∗ Security Bulletin: Security vulnerability has been identified in IBM DB2 used by IBM Security Verify Governance, Identity Manager virtual appliance component ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-ha… ∗∗∗ Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer (CVE-2022-22475, CVE-2021-39038) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-we… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to unauthorized sensitive information access due to IBM Java vulnerability (CVE-2021-35603) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: Vulnerability in Spring Framework affects IBM Watson Explorer (CVE-2022-22971, CVE-2022-22968, CVE-2022-22970) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-spring-f… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35550) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server January 2022 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to unauthorized data access due to IBM Java (CVE-2021-35550) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Watson Explorer (CVE-2022-0778) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Browser User Interface has multiple vulnerabilities due to IBM Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirec… ∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2022 – Includes Oracle® January 2022 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-e… ∗∗∗ K53252134: Intel BIOS vulnerability CVE-2021-0155 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K53252134 ∗∗∗ K16162257: Intel BIOS vulnerability CVE-2021-0154 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16162257 ∗∗∗ K14454359: Intel BIOS vulnerability CVE-2021-0153 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K14454359 ∗∗∗ K04303225: Intel BIOS vulnerability CVE-2021-0190 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04303225 ∗∗∗ Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-247052-bt.html ∗∗∗ PHP Vulnerability ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-22-20 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily