[CERT-daily] Tageszusammenfassung - 01.07.2022

Daily end-of-shift report team at cert.at
Fri Jul 1 18:37:29 CEST 2022 

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 30-06-2022 18:00 − Freitag 01-07-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft-Analyse: Linux-Malware-Kampagne erhält bemerkenswertes Update ∗∗∗
---------------------------------------------
Ein Sicherheitsteam von Microsoft hat beobachtet, dass die Malware-Gruppe "8220 Gang" ihre Kampagne signifikant aktualisiert hat. Im Visier: Linux-Systeme.
---------------------------------------------
https://heise.de/-7159495


∗∗∗ FBI and CISA warn: This ransomware is using RDP flaws to break into networks ∗∗∗
---------------------------------------------
US exposes MedusaLocker, one of the ransomware gangs that ramped up activity as the pandemic gripped the world.
---------------------------------------------
https://www.zdnet.com/article/fbi-and-cisa-warn-this-ransomware-is-using-rdp-flaws-to-break-into-networks/


∗∗∗ RanSim: a ransomware simulation script written in PowerShell ∗∗∗
---------------------------------------------
You can use RanSim to test your defenses and backups against real ransomware-like activity in a controlled setting. The same script can be used to decrypt the files if needed.
---------------------------------------------
https://github.com/lawndoc/RanSim



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdates: Viele Jenkins-Plug-ins als Schlupflöcher für Angreifer ∗∗∗
---------------------------------------------
Software-Entwickler aufgepasst: Lücken in Plug-ins für den Automation-Server Jenkins geschlossen. Etliche Patches lassen aber noch auf sich warten.
---------------------------------------------
https://heise.de/-7160083


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, isync, kernel, and systemd), Fedora (chromium, curl, firefox, golang-github-vultr-govultr-2, and xen), Mageia (openssl, python-bottle, and python-pyjwt), Red Hat (compat-openssl10, curl, expat, firefox, go-toolset-1.17 and go-toolset-1.17-golang, go-toolset:rhel8, kernel, kpatch-patch, libarchive, libgcrypt, libinput, libxml2, pcre2, php:7.4, php:8.0, qemu-kvm, ruby:2.6, thunderbird, and vim), and Ubuntu (curl, libjpeg6b, and vim).
---------------------------------------------
https://lwn.net/Articles/899701/


∗∗∗ GitLab: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um Informationen offenzulegen, Sicherheitseinstellungen zu umgehen, einen Denial of Service zu verursachen, Daten zu manipulieren und Code zur Ausführung zu bringen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0531


∗∗∗ Microsoft Edge 103.0.1264.44 fixt CVE-2022-33680 (30. Juni 2022) ∗∗∗
---------------------------------------------
Microsoft hat zum 30. Juni 2022 den Edge-Browser im Stable Channel auf die Version 103.0.1264.44 aktualisiert. Es ist ein Wartungsupdate, welches die als kritisch eingestufte Elevation of Privilege-Schwachstelle CVE-2022-33680 (Ausbruch aus der Sandbox) beseitigt.
---------------------------------------------
https://www.borncity.com/blog/2022/07/01/microsoft-edge-103-0-1264-44-fixt-cve-2022-33680-30-juni-2022/


∗∗∗ ZDI-22-948: Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-948/


∗∗∗ Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5709.php


∗∗∗ Security Bulletin: IBM UrbanCode Deploy (UCD) could disclose sensitive database information to a local user in plain text. (CVE-2022-22367) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-could-disclose-sensitive-database-information-to-a-local-user-in-plain-text-cve-2022-22367/


∗∗∗ Security Bulletin: IBM Urbancode Deploy (UCD) vulnerable to information disclosure which can be read by a local user. (CVE-2022-22366) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-vulnerable-to-information-disclosure-which-can-be-read-by-a-local-user-cve-2022-22366/


∗∗∗ Security Bulletin: Vulnerabilities in Samba, OpenSSL, Python, and XStream affect IBM Spectrum Protect Plus (CVE-2021-20254, CVE-2021-3712, CVE-2021-43859, CVE-2022-0778, CVE-2020-25717, CVE-2021-23192, CVE-2021-3733) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-samba-openssl-python-and-xstream-affect-ibm-spectrum-protect-plus-cve-2021-20254-cve-2021-3712-cve-2021-43859-cve-2022-0778-cve-2020-25717-cve-2021-2319/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server Pack for SAP Apps and BW Packs is affected by an improper validation vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-pack-for-sap-apps-and-bw-packs-is-affected-by-an-improper-validation-vulnerability/


∗∗∗ Security Bulletin: UrbanCode Deploy is vulnerable to denial of service due to Jackson-databind (CVE-2020-36518) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-urbancode-deploy-is-vulnerable-to-denial-of-service-due-to-jackson-databind-cve-2020-36518/


∗∗∗ Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-postgresql-may-affect-ibm-spectrum-protect-plus/


∗∗∗ Kibana: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0527


∗∗∗ npm: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0524


∗∗∗ Exemys RME1 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-181-01


∗∗∗ Yokogawa Wide Area Communication Router ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-181-02


∗∗∗ Emerson DeltaV Distributed Control System ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-181-03


∗∗∗ Distributed Data Systems WebHMI ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-181-04


∗∗∗ 2022-09 FragAttacks ProSoft RadioLinx RLX2 ∗∗∗
---------------------------------------------
https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=14521&mediaformatid=50063&destinationid=10016


∗∗∗ Unauthorized RCE CVE-2022-28219 in Zoho ManageEngine ADAudit Plus ∗∗∗
---------------------------------------------
https://www.borncity.com/blog/2022/07/01/unauthorized-rce-cve-2022-28219-in-zoho-manageengine-adaudit-plus/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list