[CERT-daily] Tageszusammenfassung - 02.08.2022
Daily end-of-shift report
team at cert.at
Tue Aug 2 18:07:53 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Montag 01-08-2022 18:00 − Dienstag 02-08-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Microsoft announces new solutions for threat intelligence and attack surface management ∗∗∗
---------------------------------------------
Defenders are up against the most sophisticated threat landscape we’ve ever seen. Today, we’re proud to execute our threat intelligence vision behind that acquisition and announce several new solutions to help security teams get ahead of adversaries and catch what others miss.
---------------------------------------------
https://www.microsoft.com/security/blog/2022/08/02/microsoft-announces-new-solutions-for-threat-intelligence-and-attack-surface-management/
∗∗∗ Raccoon Stealer v2: The Latest Generation of the Raccoon Family ∗∗∗
---------------------------------------------
In this blog, ThreatLabz will analyze Raccoon Stealer v2 in the exe format, and highlight key differences from its predecessors.
---------------------------------------------
https://www.zscaler.com/blogs/security-research/raccoon-stealer-v2-latest-generation-raccoon-family
∗∗∗ Analyzing Attack Data and Trends Targeting Log4J ∗∗∗
---------------------------------------------
The Log4j vulnerability, initially reported in November 2021, has affected millions of devices and applications around the world.
---------------------------------------------
https://www.wordfence.com/blog/2022/08/analyzing-attack-data-and-trends-targeting-log4j/
∗∗∗ Die Watchlist Internet ist jetzt auf Instagram ∗∗∗
---------------------------------------------
Wir versorgen Sie ab sofort auch auf Instagram mit Warnungen vor Internetbetrug. In den Beiträgen und Storys zeigen wir Ihnen, wie Sie sich vor Internetbetrug schützen, Fallen rasch erkennen und sicher im Internet surfen.
---------------------------------------------
https://www.watchlist-internet.at/news/die-watchlist-internet-ist-jetzt-auf-instagram/
∗∗∗ giesler-drogerie.com ist Fake ∗∗∗
---------------------------------------------
Bei giesler-drogerie.com finden Sie günstige Parfums, Styling-Produkte und Kosmetikartikel. Das vollständige Impressum sowie die angeführten Kontaktmöglichkeiten vermitteln einen seriösen Eindruck. Die Angaben sind aber gefälscht. Wenn Sie dort einkaufen, verlieren Sie Ihr Geld und erhalten keine Lieferung.
---------------------------------------------
https://www.watchlist-internet.at/news/giesler-drogeriecom-ist-fake/
∗∗∗ Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities ∗∗∗
---------------------------------------------
The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area.
---------------------------------------------
http://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html
∗∗∗ Manjusaka: A Chinese sibling of Sliver and Cobalt Strike ∗∗∗
---------------------------------------------
Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework.
---------------------------------------------
http://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
=====================
= Vulnerabilities =
=====================
∗∗∗ VMware urges admins to patch critical auth bypass bug immediately ∗∗∗
---------------------------------------------
VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-patch-critical-auth-bypass-bug-immediately/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl and jetty9), Fedora (dovecot), Gentoo (vault), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, and squid), SUSE (booth, dovecot22, dwarves and elfutils, firefox, gimp, java-11-openjdk, kernel, and oracleasm), and Ubuntu (linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, net-snmp, and samba).
---------------------------------------------
https://lwn.net/Articles/903555/
∗∗∗ Go-Based Apps Vulnerable to Attacks Due to URL Parsing Issue ∗∗∗
---------------------------------------------
Israeli cloud-native application security testing firm Oxeye discovered that the way URL parsing is implemented in some Go-based applications creates vulnerabilities that could allow threat actors to conduct unauthorized actions.
---------------------------------------------
https://www.securityweek.com/go-based-apps-vulnerable-attacks-due-url-parsing-issue
∗∗∗ GnuTLS patches memory mismanagement bug – update now! ∗∗∗
---------------------------------------------
https://nakedsecurity.sophos.com/2022/08/01/gnutls-patches-memory-mismanagement-bug-update-now/
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by arbitrary code executiondue to GNU cpio (CVE-2021-38185) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-certified-container-is-affected-by-arbitrary-code-executiondue-to-gnu-cpio-cve-2021-38185/
∗∗∗ VMSA-2022-0021 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
∗∗∗ vim: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0880
∗∗∗ FastStone ImageViewer: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list