===================== = End-of-Day report = =====================
Timeframe: Mittwoch 20-04-2022 18:00 − Donnerstag 21-04-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Microsoft Exchange servers hacked to deploy Hive ransomware ∗∗∗ --------------------------------------------- A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-ha...
∗∗∗ REvils TOR sites come alive to redirect to new ransomware operation ∗∗∗ --------------------------------------------- REvil ransomwares servers in the TOR network are back up after months of inactivity and redirect to a new operation that appears to have started since at least mid-December last year. --------------------------------------------- https://www.bleepingcomputer.com/news/security/revils-tor-sites-come-alive-t...
∗∗∗ Multi-Cryptocurrency Clipboard Swapper, (Thu, Apr 21st) ∗∗∗ --------------------------------------------- It’s not the first time that I found a piece of code that monitors the clipboard and swap the BTC address found with the attacker's one. This time, the script that I found supports a lot of cryptocurrencies! --------------------------------------------- https://isc.sans.edu/diary/rss/28574
∗∗∗ Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark ∗∗∗ --------------------------------------------- This time we will take a closer look at what the CIS Google Cloud Platform Foundation Benchmark offers against 10 of the most common GCP misconfigurations that NCC Group comes across during client assessments. --------------------------------------------- https://research.nccgroup.com/2022/04/20/mitigating-the-top-10-security-thre...
∗∗∗ Two OpenWrt updates ∗∗∗ --------------------------------------------- The OpenWrt 21.02.3 and 19.07.10 updates have been released. These updates contain some security fixes and improved device support. --------------------------------------------- https://lwn.net/Articles/892161/
∗∗∗ Willhaben, ebay, Vinted & Co. im Fokus von Kriminellen! ∗∗∗ --------------------------------------------- Egal ob Sie etwas kaufen oder verkaufen wollen – nehmen Sie sich vor der Abzocke auf Kleinanzeigenplattformen in Acht! Wenn Sie dazu aufgefordert werden, die Transaktion mithilfe eines Kurierdienstes abzuwickeln, brechen Sie den Kontakt ab. --------------------------------------------- https://www.watchlist-internet.at/news/willhaben-ebay-vinted-co-im-fokus-von...
∗∗∗ Abusing Azure Container Registry Tasks ∗∗∗ --------------------------------------------- In this post, I will explain how one Azure service supporting DevOps can start in a very solid “secure by default” state, but then quickly descend into a very dangerous configured state. --------------------------------------------- https://posts.specterops.io/abusing-azure-container-registry-tasks-1f407bfaa...
∗∗∗ Understanding Cobalt Strike Profiles - Updated for Cobalt Strike 4.6 ∗∗∗ --------------------------------------------- A deep dive into specifics around cobalt strike malleable c2 profiles and key information that is new in cobalt strike 4.6 --------------------------------------------- https://blog.zsec.uk/cobalt-strike-profiles/
∗∗∗ TeamTNT targeting AWS, Alibaba ∗∗∗ --------------------------------------------- TeamTNT is actively modifying its scripts after they were made public by security researchers. These scripts primarily target Amazon Web Services, but can also run in on-premise, container, or other forms of Linux instances. --------------------------------------------- http://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.html
===================== = Vulnerabilities = =====================
∗∗∗ Cisco Security Advisories 2022-04-20 ∗∗∗ --------------------------------------------- Cisco published 12 Security Advisories (3 High, 9 Medium Severity) --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&se...
∗∗∗ Statischer SSH-Schlüssel macht Cloudsicherheitssystem Cisco Umbrella zu schaffen ∗∗∗ --------------------------------------------- Wichtige Sicherheitsupdates für Hard- und Software von Cisco schließen mehrere Lücken. Angreifer könnten Admin-Zugangsdaten mitschneiden. --------------------------------------------- https://heise.de/-7061311
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (frr, grafana, gzip, and pdns), Oracle (java-11-openjdk), Red Hat (java-11-openjdk and kernel), Scientific Linux (java-11-openjdk), SUSE (dcraw, GraphicsMagick, gzip, kernel, nbd, netty, qemu, SDL, and xen), and Ubuntu (libinput, linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure,[...] --------------------------------------------- https://lwn.net/Articles/892214/
∗∗∗ Drupal core - Moderately critical - Access bypass - SA-CORE-2022-009 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2022-009
∗∗∗ Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-008 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2022-008
∗∗∗ Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting (CVE-2022-22436) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-managemen...
∗∗∗ Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting (CVE-2022-22435) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-managemen...
∗∗∗ Security Bulletin: Vulnerability in OpenSSL affect App Connect Professional. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-a...
∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-a...
∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-m...
∗∗∗ Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-i...
∗∗∗ Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-i...
∗∗∗ Security Bulletin: Vulnerability in Linux Kernel affects IBM Integrated Analytics System. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-linux-ker...
∗∗∗ Security Bulletin: IBM Emptoris Supplier Lifecycle Management vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-emptoris-supplier-life...
∗∗∗ Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-i...
∗∗∗ Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-use-case-manage...
∗∗∗ Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the included Expat 3rd party library (CVE-2022-23852 and CVE-2022-23990) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-affected-by-mul...
∗∗∗ Security Bulletin: A Vulnerability in IBM WebSphere Application Server – Liberty affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-web...
∗∗∗ Jira Security Advisory 2022-04-20 ∗∗∗ --------------------------------------------- https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115...
∗∗∗ Delta Electronics ASDA-Soft ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-111-01
∗∗∗ Johnson Controls Metasys SCT Pro ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-111-02
∗∗∗ Hitachi Energy MicroSCADA Pro/X SYS600 ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-111-03