[CERT-daily] Tageszusammenfassung - 18.08.2022

Daily end-of-shift report team at cert.at
Thu Aug 18 18:23:40 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 17-08-2022 18:00 − Donnerstag 18-08-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ BlackByte ransomware gang is back with new extortion tactics ∗∗∗
---------------------------------------------
The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-gang-is-back-with-new-extortion-tactics/


∗∗∗ Microsoft Sysmon can now block malicious EXEs from being created ∗∗∗
---------------------------------------------
Microsoft has released Sysmon 14 with a new FileBlockExecutable option that lets you block the creation of malicious executables, such as EXE, DLL, and SYS files, for better protection against malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-can-now-block-malicious-exes-from-being-created/


∗∗∗ Schwere Lücken: Vorsicht bei VPN-Nutzung auf Apple-Geräten ∗∗∗
---------------------------------------------
Wer über Apples iOS einen VPN-Dienst nutzt, ist nicht so sicher unterwegs, wie man es eigentlich vermuten würde.
---------------------------------------------
https://futurezone.at/produkte/schwere-luecken-vorsicht-vpn-apple-iphone-ipad-ios/402115401


∗∗∗ Clop: Ransomwaregruppe erpresst wohl falsches Wasserwerk ∗∗∗
---------------------------------------------
Eine Ransomwaregruppe hat sich nach einem Hack eines Wasserversorgungsunternehmens in Großbritannien offenbar vertan und ein anderes Werk erpresst.
---------------------------------------------
https://www.golem.de/news/clop-ransomwaregruppe-erpresst-scheinbar-falsches-wasserwerk-2208-167659.html


∗∗∗ Hacking: Der Bad-USB-Stick Rubber Ducky wird noch gefährlicher ∗∗∗
---------------------------------------------
Mit einer neuen Version des Bad-USB-Sticks Rubber Ducky lassen sich Rechner noch leichter angreifen und neuerdings auch heimlich Daten ausleiten.
---------------------------------------------
https://www.golem.de/news/hacking-der-bad-usb-stick-rubber-ducky-wird-noch-gefaehrlicher-2208-167713.html


∗∗∗ Hackers Using Bumblebee Loader to Compromise Active Directory Services ∗∗∗
---------------------------------------------
The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities.
---------------------------------------------
https://thehackernews.com/2022/08/hackers-using-bumblebee-loader-to.html


∗∗∗ Deluge of of entries to Spamhaus blocklists includes various household names ∗∗∗
---------------------------------------------
Nastymail tracking service blames sloppy sending practices for swelling lists of dangerous mailers Spam-tracking service Spamhaus reported Tuesday that some of the worlds biggest brands are getting loose with their email practices, causing its spam blocklists (SBL) to swell significantly.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2022/08/18/deluge_of_entries_to_spamhaus/


∗∗∗ Real-Time Behavior-Based Detection on Android Reveals Dozens of Malicious Apps on Google Play Store ∗∗∗
---------------------------------------------
Cybersecurity researchers identify 35 apps, many downloaded over 100,000 times, that have been serving up malware to millions of Android users.
---------------------------------------------
https://www.bitdefender.com/blog/labs/real-time-behavior-based-detection-on-android-reveal-dozens-of-malicious-apps-on-google-play-store


∗∗∗ PayPal Phishing Scam Uses Invoices Sent Via PayPal ∗∗∗
---------------------------------------------
Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge.
---------------------------------------------
https://krebsonsecurity.com/2022/08/paypal-phishing-scam-uses-invoices-sent-via-paypal/


∗∗∗ ASEC Weekly Malware Statistics (August 8th, 2022 – August 14th, 2022) ∗∗∗
---------------------------------------------
This post will list weekly statistics collected from August 8th, 2022 (Monday) to August 14th, 2022 (Sunday).
---------------------------------------------
https://asec.ahnlab.com/en/37837/


∗∗∗ Analyzing the Hidden Danger of Environment Variables for Keeping Secrets ∗∗∗
---------------------------------------------
While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for their malicious activities, as our analysis shows.
---------------------------------------------
https://www.trendmicro.com/en_us/research/22/h/analyzing-hidden-danger-of-environment-variables-for-keeping-secrets.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Aktive Exploits: macOS 12.5.1, iOS 15.6.1 und iPadOS 15.6.1 verfügbar ∗∗∗
---------------------------------------------
Apple legt nochmals Aktualisierungen für seine 2021er Betriebssysteme vor. Grund sind wichtige Sicherheitsfixes. Für die Apple Watch kommt ein Extra-Update.
---------------------------------------------
https://heise.de/-7223549


∗∗∗ Cisco Secure Web Appliance Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8


∗∗∗ Webkonferenzen: Teils kritische Lücken in Zoom ∗∗∗
---------------------------------------------
In mehreren Zoom-Varianten stecken teilweise kritische Sicherheitslücken. Updates sollen sie abdichten. Mac-Nutzer müssen erneut aktualisieren.
---------------------------------------------
https://heise.de/-7223873


∗∗∗ TP-Link: Schadcode-Schmuggel durch Sicherheitslücke in Routern ∗∗∗
---------------------------------------------
Sicherheitsforscher aus Vietnam haben im WLAN-Router TL-WR841N von TP-Link einen kritischen Fehler festgestellt, der Code-Ausführung auf dem Gerät ermöglicht.
---------------------------------------------
https://heise.de/-7224392


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, epiphany-browser, freecad, and schroot), Fedora (freeciv, microcode_ctl, qemu, and rsync), Oracle (httpd), SUSE (aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins, bluez, curl, gnutls, kernel, ntfs-3g_ntfsprogs, podman, and ucode-intel), and Ubuntu (zlib).
---------------------------------------------
https://lwn.net/Articles/905072/


∗∗∗ Apache ActiveMQ Artemis: Schwachstelle ermöglicht Darstellen falscher Informationen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache ActiveMQ Artemis ausnutzen, um falsche Informationen darzustellen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1069


∗∗∗ TypeORM 0.3.7 Information Disclosure ∗∗∗
---------------------------------------------
TypeORM 0.3.7 Information Disclosure Risk: I found what I think is a vulnerability in the latest typeorm 0.3.7.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2022080057


∗∗∗ DSA-2022-238: Dell Client BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities ∗∗∗
---------------------------------------------
https://www.dell.com/support/kbdoc/de-at/000202475/dsa-2022-238-dell-client-bios-security-update-for-multiple-tianocore-edk2-vulnerabilities


∗∗∗ Security Bulletin: Vulnerability in Moment affects IBM Process Mining . CVE-2022-31129 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-moment-affects-ibm-process-mining-cve-2022-31129/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2022 – Includes Oracle April 2022 CPU (minus CVE-2022-21426)affects IBM Security Verify Governance, Identity Manager virtual appliance component ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2022-includes-oracle-april-2022-cpu-minus-cve-2022-21426affects-ibm-security-verify-governance-identity-manager-virtual-app/


∗∗∗ Security Bulletin: Vulnerability in FasterXML jackson-databind affects IBM Process Mining . CVE-2020-36518 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-fasterxml-jackson-databind-affects-ibm-process-mining-cve-2020-36518/


∗∗∗ Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2022-1292 and CVE-2022-2068) or an attacker may obtain sensitive information (CVE-2022-2097) due to OpenSSL ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-arbitrary-command-execution-cve-2022-1292-and-cve-2022-2068-or-an-attacker-may-obtain-sensitive-information-cve-2022-2097-due-to-openssl/


∗∗∗ Security Bulletin: Multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-due-to-openssl-and-node-js-which-affect-ibm-app-connect-enterprise-and-ibm-integration-bus/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-cloud-pak-system-3/


∗∗∗ Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-eclipse-jetty-vulnerability-affects-ibm-rational-functional-tester-3/


∗∗∗ Security Bulletin: Samba for IBM i is vulnerable to attacker obtaining sensitive information due to a memory leak with SMB1 requests (CVE-2022-32742) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-samba-for-ibm-i-is-vulnerable-to-attacker-obtaining-sensitive-information-due-to-a-memory-leak-with-smb1-requests-cve-2022-32742/


∗∗∗ Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining . CVE-2020-36518 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-process-mining-cve-2020-36518/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list