[CERT-daily] Tageszusammenfassung - 14.06.2022
Daily end-of-shift report
team at cert.at
Tue Jun 14 18:09:58 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Montag 13-06-2022 18:00 − Dienstag 14-06-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ The many lives of BlackCat ransomware ∗∗∗
---------------------------------------------
The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.
---------------------------------------------
https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
∗∗∗ Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware ∗∗∗
---------------------------------------------
Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter thats being purchased by cyber criminals to deliver remote access trojans (RATs) and information stealers.
---------------------------------------------
https://thehackernews.com/2022/06/researchers-detail-purecrypter-loader.html
∗∗∗ Public Travis CI Logs (Still) Expose Users to Cyber Attacks ∗∗∗
---------------------------------------------
In our latest research, we at Team Nautilus found that tens of thousands of user tokens are exposed via the Travis CI API, which allows anyone to access historical clear-text logs. More than 770 million logs of free tier users are available.
---------------------------------------------
https://blog.aquasec.com/travis-ci-security
∗∗∗ Sicherheitslücke im Apple M1 Chip: Pacman-Attacke umgeht Schutzschicht ∗∗∗
---------------------------------------------
Angriffe auf den M1-Prozessor sind durch ein Zusammenspiel von Hard- und Software möglich. Apple sieht allerdings keine unmittelbare Gefahr.
---------------------------------------------
https://heise.de/-7140316
∗∗∗ Vorsicht vor gefälschten Zahlungsaufforderungen per WhatsApp ∗∗∗
---------------------------------------------
Ihre Chefin bittet Sie, eine Rechnung zu begleichen. Sie fragen nach den Details und bekommen die Rechnung mit Zahlungsanweisungen zugesendet. Sie überweisen. Erst später bemerken Sie, dass es gar nicht Ihre Chefin war – sondern Kriminelle.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-zahlungsaufforderungen-per-whatsapp-1/
∗∗∗ Internet Explorer 11 erreicht am 15. Juni 2022 End-of-Life (EOL) ∗∗∗
---------------------------------------------
Noch eine kurze Information an die Blog-Leserschaft, die ggf. noch den Internet Explorer 11 von Microsoft unter Windows im Einsatz haben. Zum heutigen Patchday, 14. Juni 2022, erhält der Browser letztmalig Sicherheitsupdates für verschiedene Windows-Versionen und fällt dann (zum 15. Juni 2022) aus dem Support.
---------------------------------------------
https://www.borncity.com/blog/2022/06/14/internet-explorer-11-erreicht-am-15-juni-2022-end-of-life-eol/
∗∗∗ CHM Malware Types with Anti-Sandbox Technique and Targeting Companies ∗∗∗
---------------------------------------------
Among CHM strains that are recently being distributed in Korea, the ASEC analysis team has discovered those applied with the anti-sandbox technique and targeting companies.
---------------------------------------------
https://asec.ahnlab.com/en/35268/
∗∗∗ NPM Replicator Remote Code Execution Deserialization ∗∗∗
---------------------------------------------
NPM, the package manager for Node.js, is an open source project that serves as a critical part of the JavaScript community and helps support one of the largest developer ecosystems.
---------------------------------------------
https://checkmarx.com/blog/npm-replicator-remote-code-execution-deserialization/
∗∗∗ Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained ∗∗∗
---------------------------------------------
A threat actor recently hacked a popular PyPi repo on GitHub, setting off a supply chain attack that could have impacted millions of users.
---------------------------------------------
https://orca.security/resources/blog/python-supply-chain-attack-ctx-phpass/
∗∗∗ SynLapse – Technical Details for Critical Azure Synapse Vulnerability ∗∗∗
---------------------------------------------
Recently, the Orca Security research team discovered SynLapse, a tenant separation violation vulnerability in the Microsoft Azure Synapse environment.
---------------------------------------------
https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/
=====================
= Vulnerabilities =
=====================
∗∗∗ New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials ∗∗∗
---------------------------------------------
A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction.
---------------------------------------------
https://thehackernews.com/2022/06/new-zimbra-email-vulnerability-could.html
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (golang-github-docker-libnetwork and moby-engine), Mageia (apache, docker-containerd, kernel, kernel-linus, nats-server, and php-smarty), Slackware (php), SUSE (gimp, grub2, thunderbird, u-boot, and xen), and Ubuntu (firefox, liblouis, ncurses, and rsync).
---------------------------------------------
https://lwn.net/Articles/897847/
∗∗∗ JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php
∗∗∗ SSA-988345 V1.0: Local Privilege Escalation Vulnerability in Xpedition Designer ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-988345.txt
∗∗∗ SSA-911567 V1.0: Missing HTTP headers in SINEMA Remote Connect Server before V3.0 SP2 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-911567.txt
∗∗∗ SSA-740594 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-740594.txt
∗∗∗ SSA-712929 V1.0: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-712929.txt
∗∗∗ SSA-693555 V1.0: Memory Corruption Vulnerability in EN100 Ethernet Module ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-693555.txt
∗∗∗ SSA-685781 V1.0: Multiple Vulnerabilities in Apache HTTP Server Affecting Siemens Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-685781.txt
∗∗∗ SSA-631336 V1.0: Multiple Web Server Vulnerabilities in SICAM GridEdge Software ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-631336.txt
∗∗∗ SSA-484086 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-484086.txt
∗∗∗ SSA-401167 V1.0: Cross-site scripting Vulnerability in Teamcenter Active Workspace ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-401167.txt
∗∗∗ SSA-388239 V1.0: Default Password Leakage affecting the Component Shared HIS used in Spectrum Power Systems ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-388239.txt
∗∗∗ SSA-330556 V1.0: PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034) ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-330556.txt
∗∗∗ SSA-222547 V1.0: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-222547.txt
∗∗∗ SSA-220589 V1.0: Hard Coded Default Credential Vulnerability in Teamcenter ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-220589.txt
∗∗∗ SSA-145224 V1.0: Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-145224.txt
∗∗∗ IBM Security Bulletins 2022-06-13 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ TYPO3 CORE: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://typo3.org/help/security-advisories/typo3-cms
∗∗∗ ABB Security Advisory: Link Following Local Privilege Escalation Vulnerabilities in ABB Automation Builder, Drive Composer and Mint WorkBench ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch
∗∗∗ Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512
∗∗∗ Meridian Cooperative Meridian ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-02
∗∗∗ Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-03
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list