===================== = End-of-Day report = =====================
Timeframe: Dienstag 07-06-2022 18:00 − Mittwoch 08-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Linux version of Black Basta ransomware targets VMware ESXi servers ∗∗∗ --------------------------------------------- Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-version-of-black-basta-...
∗∗∗ Poisoned CCleaner search results spread information-stealing malware ∗∗∗ --------------------------------------------- Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program. --------------------------------------------- https://www.bleepingcomputer.com/news/security/poisoned-ccleaner-search-resu...
∗∗∗ Cuba ransomware returns to extorting victims with updated encryptor ∗∗∗ --------------------------------------------- The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cuba-ransomware-returns-to-ex...
∗∗∗ Targeted phishing past defender ∗∗∗ --------------------------------------------- Signature based detections has shortcomings that matter in real scenarios. Depending only on prevention through an EDR like Defender is not enough in a modern attack scenario. --------------------------------------------- https://www.derant.com/network%20monitoring/2022/06/07/Targetted-phishing-pa...
∗∗∗ New Technique Used by Attackers in NPM to Avoid Detection ∗∗∗ --------------------------------------------- Checkmarx SCS team recently detected several malicious NPM packages using a new evasion technique, enhancing dependency confusion attacks to help malicious packages avoid detection. --------------------------------------------- https://checkmarx.com/blog/new-technique-used-by-attackers-in-npm-to-avoid-d...
===================== = Vulnerabilities = =====================
∗∗∗ Researchers Warn of Unpatched "DogWalk" Microsoft Windows Vulnerability ∗∗∗ --------------------------------------------- An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild. --------------------------------------------- https://thehackernews.com/2022/06/researchers-warn-of-unpatched-dogwalk.html
∗∗∗ Zero-Day-Lücke: Cybergangs missbrauchen MSDT-Leck für Qakbot-Infektionen ∗∗∗ --------------------------------------------- Die Cybergang hinter der Malware Quakbot missbraucht in Phishing-Kampagnen die MSDT-Zero-Day-Lücke. Infizierte Rechner verkauft sie meist an Ransomware-Banden. --------------------------------------------- https://heise.de/-7134949
∗∗∗ Fehler in Linux-Kernel ermöglicht Rechteausweitung ∗∗∗ --------------------------------------------- Ein Fehler im Firewall-Code des Linux-Kernels ermöglicht es Nutzern, Befehle als Root auszuführen. Administratoren können einen Workaround anwenden. --------------------------------------------- https://heise.de/-7134791
∗∗∗ Kritische Schadcode-Lücke bedroht Universal Boot Loader U-Boot ∗∗∗ --------------------------------------------- Die Entwickler von U-Boot haben zwei gefährliche Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-7134785
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (avahi), Fedora (firefox), Oracle (grub2, python-twisted-web, shim, shim-signed, and thunderbird), Red Hat (kernel and python-twisted-web), SUSE (gcc48, go1.17, go1.18, and mariadb), and Ubuntu (e2fsprogs, linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-intel-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, [...] --------------------------------------------- https://lwn.net/Articles/897297/
∗∗∗ Technical Details Released for Recently Patched Zyxel Firewall Vulnerabilities ∗∗∗ --------------------------------------------- Security researchers with HN Security have published technical details on two vulnerabilities affecting many Zyxel products. --------------------------------------------- https://www.securityweek.com/technical-details-released-recently-patched-zyx...
∗∗∗ Owl Labs Patches Severe Vulnerability in Video Conferencing Devices ∗∗∗ --------------------------------------------- Video conferencing company Owl Labs has released patches for a severe vulnerability affecting its Meeting Owl Pro and Whiteboard Owl devices. --------------------------------------------- https://www.securityweek.com/owl-labs-patches-severe-vulnerability-video-con...
∗∗∗ Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer ∗∗∗ --------------------------------------------- Symantec has observed threat actors exploiting remote code execution flaw to drop AsyncRAT and information stealer. --------------------------------------------- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/fol...
∗∗∗ Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-...
∗∗∗ Security Bulletin: IBM Cognos Command Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-command-center-...
∗∗∗ Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-...
∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44228) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-lo...
∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-lo...
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect...
∗∗∗ Security Bulletin: Vulnerabilities have been identified in Spring Framework, OpenSSL and Apache HTTP Server shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-...
∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-command-center-...
∗∗∗ FESTO: CECC-X-M1 - command injection vulnerabilities ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2022-020/
∗∗∗ Apache HTTP Server: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0692
∗∗∗ Mehrere Schwachstellen in "sicheren" mobilen Festplatten und Crypto-USB-Sticks von Verbatim (SYSS-2022-001/-017) ∗∗∗ --------------------------------------------- https://www.syss.de/pentest-blog/mehrere-schwachstellen-in-sicheren-mobilen-...