===================== = End-of-Day report = =====================
Timeframe: Freitag 24-06-2022 18:00 − Montag 27-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Fake copyright infringement emails install LockBit ransomware ∗∗∗ --------------------------------------------- LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-e...
∗∗∗ Clever phishing method bypasses MFA using Microsoft WebView2 apps ∗∗∗ --------------------------------------------- A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victims authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypass...
∗∗∗ NetSec Goggle shows search results only from cybersecurity sites ∗∗∗ --------------------------------------------- A new Brave Search Goggle modifies Brave Search results to only show reputable cybersecurity sites, making it easier to search for and find security information. --------------------------------------------- https://www.bleepingcomputer.com/news/security/netsec-goggle-shows-search-re...
∗∗∗ LockBit 3.0 introduces the first ransomware bug bounty program ∗∗∗ --------------------------------------------- The LockBit ransomware operation has released LockBit 3.0, introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-fir...
∗∗∗ Malicious Code Passed to PowerShell via the Clipboard, (Sat, Jun 25th) ∗∗∗ --------------------------------------------- Another day, another malicious script was found! Today, the script is a Windows bat file that executes malicious PowerShell code but the way it works is interesting. --------------------------------------------- https://isc.sans.edu/diary/rss/28784
∗∗∗ Encrypted Client Hello: Anybody Using it Yet?, (Mon, Jun 27th) ∗∗∗ --------------------------------------------- The first payload sent by a TLS client to a TLS server is a "Client Hello." It includes several parameters supported by the client, such as available cipher suites, to start negotiating a compatible set of TLS parameters with the server. --------------------------------------------- https://isc.sans.edu/diary/rss/28792
∗∗∗ Ransomware-Gang Conti schließt Leak- und Verhandlungsplattform ∗∗∗ --------------------------------------------- Die Conti-Gruppe hinter dem gleichnamigen Erpressungstrojaner finalisiert ihren Rückzug und teilt sich weiter in kleinere Gangs auf. --------------------------------------------- https://heise.de/-7154035
∗∗∗ Flut von Angriffen auf Paketmanager PyPI schleust Backdoor in Python-Pakete ein ∗∗∗ --------------------------------------------- Nachdem zunächst Sonatype einen Angriff auf fünf Pakete im Python-Paketmanager entdeckt hat, füllt sich die CVE-Schwachstellendatenbank mit weiteren Vorfällen. --------------------------------------------- https://heise.de/-7154405
∗∗∗ Ransomware: Unternehmen im Gesundheitswesen zahlen am häufigsten Lösegeld ∗∗∗ --------------------------------------------- Verschlüsselungsangriffe haben vor allem in der Gesundheitsbranche in den vergangenen Monaten stark zugenommen. Die Daten sind bei Angreifern beliebt. --------------------------------------------- https://heise.de/-7154906
∗∗∗ NIST Releases New macOS Security Guidance for Organizations ∗∗∗ --------------------------------------------- The National Institute of Standards and Technology (NIST) has published the final version of its guidance on securing macOS endpoints and assessing their security. --------------------------------------------- https://www.securityweek.com/nist-releases-new-macos-security-guidance-organ...
∗∗∗ Vorsicht vor Fake-E-Mails der Wiener Polizei ∗∗∗ --------------------------------------------- In einem gefälschten E-Mail der Polizei werden Sie beschuldigt, eine Straftat begangen zu haben. Es geht um Kinderpornografie, Pädophilie, Cyberpornografie und Exhibitionismus. Sie werden aufgefordert, per E-Mail eine Rechtfertigung zu schicken. Antworten Sie nicht und ignorieren Sie dieses Schreiben. Es ist Fake! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-fake-e-mails-der-wiener-...
∗∗∗ CISA Adds Eight Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2022/06/27/cisa-adds-eight-kn...
===================== = Vulnerabilities = =====================
∗∗∗ Citrix dichtet Sicherheitslücken in Hypervisor ab ∗∗∗ --------------------------------------------- Der Hypervisor von Citrix enthält mehrere Schwachstellen. Angreifer könnten die Kontrolle übernehmen. Aktualisierte Pakete dichten die Lücken ab. --------------------------------------------- https://heise.de/-7154435
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openssl), Fedora (dotnet6.0, mediawiki, and python2.7), Mageia (389-ds-base, chromium-browser-stable, exo, and libtiff), Oracle (httpd:2.4 and microcode_ctl), SUSE (dbus-broker, drbd, kernel, liblouis, mariadb, openssl, openssl-1_1, openSUSE kernel modules, oracleasm, php7, php72, python39, salt, and wdiff), and Ubuntu (linux, linux-hwe, mozjs91, and vim). --------------------------------------------- https://lwn.net/Articles/899158/
∗∗∗ Security Bulletin: Multiple Vulnerabilities found in Apache Tika used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-f...
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35603) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect...
∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-...
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-...
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35550) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect...
∗∗∗ Security Bulletin: IBM MQ is vulnerable to an issue within Jackson ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-an...
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to denial of service due to zlib (CVE-2018-25032) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect...
∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-affecte...
∗∗∗ Spring Function Cloud DoS (CVE-2022-22979) and Unintended Function Invocation ∗∗∗ --------------------------------------------- https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unin...