[CERT-daily] Tageszusammenfassung - 08.07.2022
Daily end-of-shift report
team at cert.at
Fri Jul 8 19:03:46 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 07-07-2022 18:00 − Freitag 08-07-2022 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Gesundheitseinrichtungen im Visier nordkoreanischer Cyberkrimineller ∗∗∗
---------------------------------------------
US-amerikanische Sicherheitsbehörden warnen vor der Maui-Ransomware. Mit ihr greifen nordkoreanische Cybergangs Organisationen des Gesundheitswesens an.
---------------------------------------------
https://heise.de/-7166692
∗∗∗ Free decryptor released for AstraLocker, Yashma ransomware victims ∗∗∗
---------------------------------------------
New Zealand-based cybersecurity firm Emsisoft has released a free decryption tool to help AstraLocker and Yashma ransomware victims recover their files without paying a ransom.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-astralocker-yashma-ransomware-victims/
∗∗∗ SiteCheck Malware Trends Report – Q2 2022 ∗∗∗
---------------------------------------------
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious code and detect security issues on their website without installing any software or applications.
---------------------------------------------
https://blog.sucuri.net/2022/07/sitecheck-malware-trends-report-q2-2022.html
∗∗∗ Over 1,200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign ∗∗∗
---------------------------------------------
Researchers have disclosed what they say could be an attempt to kick-off a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi, involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts.
---------------------------------------------
https://thehackernews.com/2022/07/over-1200-npm-packages-found-involved.html
∗∗∗ Koh: The Token Stealer ∗∗∗
---------------------------------------------
In this post I will introduce a toolkit called Koh that can indefinitely (..) harvest and reuse tokens for accounts that connect to a machine you have administrative rights on. I’ll go over the motivation for this approach, the technical background of why it’s possible and what changed in 2016, and briefly show what Koh can do.
---------------------------------------------
https://posts.specterops.io/koh-the-token-stealer-41ca07a40ed6
∗∗∗ New HavanaCrypt Ransomware Distributed as Fake Google Software Update ∗∗∗
---------------------------------------------
Security researchers at Trend Micro have identified a new ransomware family that is being delivered as a fake Google Software Update application.
---------------------------------------------
https://www.securityweek.com/new-havanacrypt-ransomware-distributed-fake-google-software-update
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins 2022-07-07 ∗∗∗
---------------------------------------------
IBM QRadar Network Security, IBM Engineering Lifecycle Management, IBM Rational Build Forge, IBM Tivoli Netcool/Omnibus, IBM Tivoli Network Manager, IBM Engineering Lifecycle Management, IBM CICS TX Standard, IBM CICS TX Advanced, IBM WebSphere Application Server Liberty, IBM Security Verify Information Queue, IBM Event Streams.
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Sicherheitsupdates: Root-Lücke in Dell-EMC-Software geschlossen ∗∗∗
---------------------------------------------
Angreifer könnten Systeme mit Dell PowerProtect Cyber Recovery oder Cloud Mobility for Dell EMC Storage attackieren. Hiergegen gibt es jetzt ein Update.
---------------------------------------------
https://heise.de/-7166118
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (direnv, golang-github-mattn-colorable, matrix-synapse, pypy3.7, pypy3.8, and pypy3.9), Oracle (squid), SUSE (curl, openssl-1_1, pcre, python-ipython, resource-agents, and rsyslog), and Ubuntu (nss, php7.2, and vim).
---------------------------------------------
https://lwn.net/Articles/900443/
∗∗∗ NetApp ActiveIQ Unified Manager: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in NetApp ActiveIQ Unified Manager ausnutzen, um Informationen offenzulegen, Daten zu manipulieren oder zu verändern und einen Denial of Service Zustand auszulösen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0608
∗∗∗ Red Hat FUSE: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat FUSE ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuführen, einen Denial of Service Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0607
∗∗∗ July 7th 2022 Security Releases ∗∗∗
---------------------------------------------
Updates are now available for the v18.x, v16.x, and v14.x Node.js release [...]
---------------------------------------------
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
∗∗∗ Exploitation of Mitel MiVoice Connect SA CVE-2022-29499 ∗∗∗
---------------------------------------------
Mitel MiVoice Connect customers who use vulnerable versions of the Service Appliance in their deployments should update to a fixed version of the appliance immediately. Mitel released patches for CVE-2022-29499 in early June 2022; organizations that have not updated the firmware on their appliances since before that timeframe should apply fixes as soon as possible. Appliances should not be exposed to the open internet.
---------------------------------------------
https://www.rapid7.com/blog/post/2022/07/07/exploitation-of-mitel-mivoice-connect-sa-cve-2022-29499/
∗∗∗ ZDI-22-955: Sante PACS Server SQL Injection Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-955/
∗∗∗ K06524534: Linux kernel vulnerability CVE-2021-22555 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K06524534
∗∗∗ K49622415: Apache Tomcat vulnerability CVE-2022-25762 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K49622415
∗∗∗ 10 Vulnerabilities Found in Widely Used Robustel Industrial Routers ∗∗∗
---------------------------------------------
https://www.securityweek.com/10-vulnerabilities-found-widely-used-robustel-industrial-routers
∗∗∗ Eclipse Jetty: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0614
∗∗∗ Foxit PDF Editor: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0613
∗∗∗ tribe29 checkmk: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0622
∗∗∗ Rockwell Automation MicroLogix ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-188-01
∗∗∗ Bently Nevada ADAPT 3701/4X Series and 60M100 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-188-02
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list