===================== = End-of-Day report = =====================
Timeframe: Mittwoch 01-06-2022 18:00 − Donnerstag 02-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Conti ransomware targeted Intel firmware for stealthy attacks ∗∗∗ --------------------------------------------- Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-int...
∗∗∗ Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks ∗∗∗ --------------------------------------------- As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns. --------------------------------------------- https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.htm...
∗∗∗ Europol: FluBot-Infrastruktur unter Kontrolle von Strafverfolgern ∗∗∗ --------------------------------------------- Internationale Strafverfolger konnten die SMS-basierte Android-Spyware FluBot einbremsen. Dies gelang durch die Übernahme der FluBot-Infrastruktur. --------------------------------------------- https://heise.de/-7130270
∗∗∗ Warnung vor Spoofing mit BSI-Rufnummer ∗∗∗ --------------------------------------------- Das BSI erhält derzeit Meldungen, dass vermehrte Anrufe mit der Rufnummer des BSI und einer zweistelligen Durchwahl erfolgen. Es handelt sich nicht um Anrufe des BSI. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen...
∗∗∗ Vorsicht Telefon-Betrug: Tonbandstimme lockt in die Falle! ∗∗∗ --------------------------------------------- Zahlreiche Meldungen berichten von Anrufen einer Tonbandstimme, die dazu auffordert auf die Taste 1 zu drücken. Folgen Sie den Anweisungen nicht! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-telefon-betrug-tonbandstimme...
===================== = Vulnerabilities = =====================
∗∗∗ SearchNightmare: Windows 10 search-ms: URI Handler 0-day Exploit mit Office 2019 ∗∗∗ --------------------------------------------- Nach der Entdeckung des Missbrauchs der Follina-Schwachstelle (CVE-2022-30190) über das Windows ms-msdt-Protokolls wird diese Bastion "sturmreif" geschossen. Ein Hacker hat sich den search-ms: URI Handler in Windows 10 angesehen und einen ähnlichen Exploit wie Follina entwickelt. --------------------------------------------- https://www.borncity.com/blog/2022/06/02/searchnightmare-windows-10-search-m...
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (thunderbird and vim), Red Hat (firefox, postgresql:10, postgresql:12, and postgresql:13), Scientific Linux (firefox and rsyslog), SUSE (hdf5, hdf5, suse-hpc, postgresql14, rubygem-yajl-ruby, and udisks2), and Ubuntu (imagemagick and influxdb). --------------------------------------------- https://lwn.net/Articles/896896/
∗∗∗ Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks ∗∗∗ --------------------------------------------- Millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability discovered recently by researchers at cybersecurity firm Check Point. --------------------------------------------- https://www.securityweek.com/millions-budget-smartphones-unisoc-chips-vulner...
∗∗∗ Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2022-0391) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-using...
∗∗∗ Security Bulletin: Multiple Vulnerabilities in Node.js affects IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability CVE-2021-35550 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-managem...
∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vu...
∗∗∗ Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-common-licensing-is-vu...
∗∗∗ Security Bulletin: Multiple vulnerabilities in Java SE that could allow an unauthenticated attacker to obtain sensitive information affect IBM® Db2®. (CVE-2021-35603, CVE-2021-35550, CVE-2021-2341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ Security Bulletin: Vulnerability in Nginx affects IBM Cloud Private and could allow a remote attacker to obtain sensitive information (177988) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nginx-aff...
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect...
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect...
∗∗∗ Security Bulletin: Watson Machine Learning Accelerator is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-watson-machine-learning-ac...
∗∗∗ Security Bulletin: CVE-2022-21299 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2022-21299-may-affect-...
∗∗∗ Security Bulletin: HMC is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-hmc-is-affected-but-not-cl...
∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting due to Angular (220414) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vu...
∗∗∗ Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-managem...
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect...
∗∗∗ Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vu...
∗∗∗ Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities – IBM JDK 8.0.7.0 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-using...
∗∗∗ Security Bulletin: IBM Robotic Process Automation is vulnerable to cross tenant information exposure (CVE-2022-22506) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automa...
∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-m...
∗∗∗ Security Bulletin: CVE-2021-35561 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35561-may-affect-...
∗∗∗ Long Term Support Channel Update for ChromeOS ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2022/05/long-term-support-channel-updat...
∗∗∗ Security Vulnerabilities fixed in Firefox for iOS 101 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2022-23/
∗∗∗ Autodesk AutoCAD: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0677
∗∗∗ Illumina Local Run Manager ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-153-02