[CERT-daily] Tageszusammenfassung - 08.06.2022
Daily end-of-shift report
team at cert.at
Wed Jun 8 18:17:03 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 07-06-2022 18:00 − Mittwoch 08-06-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Linux version of Black Basta ransomware targets VMware ESXi servers ∗∗∗
---------------------------------------------
Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/linux-version-of-black-basta-ransomware-targets-vmware-esxi-servers/
∗∗∗ Poisoned CCleaner search results spread information-stealing malware ∗∗∗
---------------------------------------------
Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/poisoned-ccleaner-search-results-spread-information-stealing-malware/
∗∗∗ Cuba ransomware returns to extorting victims with updated encryptor ∗∗∗
---------------------------------------------
The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cuba-ransomware-returns-to-extorting-victims-with-updated-encryptor/
∗∗∗ Targeted phishing past defender ∗∗∗
---------------------------------------------
Signature based detections has shortcomings that matter in real scenarios. Depending only on prevention through an EDR like Defender is not enough in a modern attack scenario.
---------------------------------------------
https://www.derant.com/network%20monitoring/2022/06/07/Targetted-phishing-past-defender.html
∗∗∗ New Technique Used by Attackers in NPM to Avoid Detection ∗∗∗
---------------------------------------------
Checkmarx SCS team recently detected several malicious NPM packages using a new evasion technique, enhancing dependency confusion attacks to help malicious packages avoid detection.
---------------------------------------------
https://checkmarx.com/blog/new-technique-used-by-attackers-in-npm-to-avoid-detection/
=====================
= Vulnerabilities =
=====================
∗∗∗ Researchers Warn of Unpatched "DogWalk" Microsoft Windows Vulnerability ∗∗∗
---------------------------------------------
An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild.
---------------------------------------------
https://thehackernews.com/2022/06/researchers-warn-of-unpatched-dogwalk.html
∗∗∗ Zero-Day-Lücke: Cybergangs missbrauchen MSDT-Leck für Qakbot-Infektionen ∗∗∗
---------------------------------------------
Die Cybergang hinter der Malware Quakbot missbraucht in Phishing-Kampagnen die MSDT-Zero-Day-Lücke. Infizierte Rechner verkauft sie meist an Ransomware-Banden.
---------------------------------------------
https://heise.de/-7134949
∗∗∗ Fehler in Linux-Kernel ermöglicht Rechteausweitung ∗∗∗
---------------------------------------------
Ein Fehler im Firewall-Code des Linux-Kernels ermöglicht es Nutzern, Befehle als Root auszuführen. Administratoren können einen Workaround anwenden.
---------------------------------------------
https://heise.de/-7134791
∗∗∗ Kritische Schadcode-Lücke bedroht Universal Boot Loader U-Boot ∗∗∗
---------------------------------------------
Die Entwickler von U-Boot haben zwei gefährliche Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-7134785
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (avahi), Fedora (firefox), Oracle (grub2, python-twisted-web, shim, shim-signed, and thunderbird), Red Hat (kernel and python-twisted-web), SUSE (gcc48, go1.17, go1.18, and mariadb), and Ubuntu (e2fsprogs, linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-intel-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, [...]
---------------------------------------------
https://lwn.net/Articles/897297/
∗∗∗ Technical Details Released for Recently Patched Zyxel Firewall Vulnerabilities ∗∗∗
---------------------------------------------
Security researchers with HN Security have published technical details on two vulnerabilities affecting many Zyxel products.
---------------------------------------------
https://www.securityweek.com/technical-details-released-recently-patched-zyxel-firewall-vulnerabilities
∗∗∗ Owl Labs Patches Severe Vulnerability in Video Conferencing Devices ∗∗∗
---------------------------------------------
Video conferencing company Owl Labs has released patches for a severe vulnerability affecting its Meeting Owl Pro and Whiteboard Owl devices.
---------------------------------------------
https://www.securityweek.com/owl-labs-patches-severe-vulnerability-video-conferencing-devices
∗∗∗ Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer ∗∗∗
---------------------------------------------
Symantec has observed threat actors exploiting remote code execution flaw to drop AsyncRAT and information stealer.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/follina-msdt-exploit-malware
∗∗∗ Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832-6/
∗∗∗ Security Bulletin: IBM Cognos Command Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-command-center-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
∗∗∗ Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-is-vulnerable-to-spoofing-cve-2022-22365-2/
∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44228-5/
∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-4104-10/
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
∗∗∗ Security Bulletin: Vulnerabilities have been identified in Spring Framework, OpenSSL and Apache HTTP Server shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-spring-framework-openssl-and-apache-http-server-shipped-with-the-ds8000-hardware-management-console-hmc/
∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-45046-cve-2021-45105-5/
∗∗∗ Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-command-center-is-affected-by-multiple-vulnerabilities/
∗∗∗ FESTO: CECC-X-M1 - command injection vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-020/
∗∗∗ Apache HTTP Server: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0692
∗∗∗ Mehrere Schwachstellen in "sicheren" mobilen Festplatten und Crypto-USB-Sticks von Verbatim (SYSS-2022-001/-017) ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/mehrere-schwachstellen-in-sicheren-mobilen-festplatten-und-crypto-usb-sticks-von-verbatim-syss-2022-001/-017
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list