[CERT-daily] Tageszusammenfassung - 22.06.2022

Daily end-of-shift report team at cert.at
Wed Jun 22 18:06:02 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 21-06-2022 18:00 − Mittwoch 22-06-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign ∗∗∗
---------------------------------------------
A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021.
---------------------------------------------
https://thehackernews.com/2022/06/newly-discovered-magecart.html


∗∗∗ Du kommst hier nicht rein: Adobes PDF-Tools blockieren Antivirenschutz ∗∗∗
---------------------------------------------
Adobe Acrobat und Reader legen einen Registry-Eintrag an. Dieser hält über Chromiums libcef.dll Sicherheitsprogramm-DLLs aus den PDF-Programmen fern.
---------------------------------------------
https://heise.de/-7147804


∗∗∗ Sharehoster Mega: Sicherheitsforscher entschlüsseln eigentlich geschützte Daten ∗∗∗
---------------------------------------------
Eine problematische Kryptografie-Implementierung kann verschlüsselte Dateien für den Betreiber oder Angreifer lesbar machen.
---------------------------------------------
https://heise.de/-7148227


∗∗∗ Machen Sie mit bei unserer Studie zum Fake-Shop-Detector! ∗∗∗
---------------------------------------------
Fake-Shops stellen Konsument:innen vor große Herausforderungen: Sie werden immer zahlreicher und sind gleichzeitig schwieriger zu erkennen. Um das Einkaufen im Internet sicherer zu machen, haben wir den Fake-Shop Detector entwickelt.
---------------------------------------------
https://www.watchlist-internet.at/news/machen-sie-mit-bei-unserer-studie-zum-fake-shop-detector/


∗∗∗ Keeping PowerShell: Measures to Use and Embrace ∗∗∗
---------------------------------------------
Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/06/22/keeping-powershell-measures-use-and-embrace



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Webbrowser: Google schließt 14 Sicherheitslücken in Chrome ∗∗∗
---------------------------------------------
Mit dem Sprung auf das 103er-Release dichtet Google im Webbrowser Chrome 14 Schwachstellen ab. Auch für Android und iOS steht die neue Version bereit.
---------------------------------------------
https://heise.de/-7147522


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (exo and ntfs-3g), Fedora (collectd, golang-github-cli-gh, grub2, qemu, and xen), Red Hat (httpd:2.4, kernel, and postgresql), SUSE (drbd, fwupdate, neomutt, and trivy), and Ubuntu (apache2, openssl, openssl1.0, and qemu).
---------------------------------------------
https://lwn.net/Articles/898605/


∗∗∗ JTEKT TOYOPUC ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in the JTEKT TOYOPUC programmable logic controller.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-172-02


∗∗∗ VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/142546


∗∗∗ Security Bulletin: June 2022 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-june-2022-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/


∗∗∗ Security Bulletin: A vulnerability (CVE-2021-35550) in IBM Java Runtime affects CICS Transaction Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-cve-2021-35550-in-ibm-java-runtime-affects-cics-transaction-gateway/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-browser-user-interface-is-vulnerable-to-multiple-vulnerabilities-due-to-jetty/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35603) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-file-agent-is-vulnerable-to-an-unspecified-vulnerability-due-to-ibm-java-runtime-cve-2021-35603/


∗∗∗ Security Bulletin: Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM) OpenSSL vulnerability CVE-2021-4044 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-team-concert-rtc-and-ibm-engineering-workflow-management-ewm-openssl-vulnerability-cve-2021-4044/


∗∗∗ Security Bulletin: Security vulnerability has been identified in IBM DB2 used by IBM Security Verify Governance, Identity Manager virtual appliance component ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-ibm-db2-used-by-ibm-security-verify-governance-identity-manager-virtual-appliance-component/


∗∗∗ Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer (CVE-2022-22475, CVE-2021-39038) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-application-server-and-websphere-application-server-liberty-affect-ibm-watson-explorer-cve-2022-22475-cve-2021-39038/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to unauthorized sensitive information access due to IBM Java vulnerability (CVE-2021-35603) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-ftp-is-vulnerable-to-unauthorized-sensitive-information-access-due-to-ibm-java-vulnerability-cve-2021-35603/


∗∗∗ Security Bulletin: Vulnerability in Spring Framework affects IBM Watson Explorer (CVE-2022-22971, CVE-2022-22968, CVE-2022-22970) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-spring-framework-affects-ibm-watson-explorer-cve-2022-22971-cve-2022-22968-cve-2022-22970/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35550) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-file-agent-is-vulnerable-to-an-unspecified-vulnerability-due-to-ibm-java-runtime-cve-2021-35550/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server January 2022 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-application-server-january-2022-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to unauthorized data access due to IBM Java (CVE-2021-35550) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-ftp-is-vulnerable-to-unauthorized-data-access-due-to-ibm-java-cve-2021-35550/


∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Watson Explorer (CVE-2022-0778) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-watson-explorer-cve-2022-0778/


∗∗∗ Security Bulletin: IBM Sterling Connect:Direct Browser User Interface has multiple vulnerabilities due to IBM Java ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-browser-user-interface-has-multiple-vulnerabilities-due-to-ibm-java/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2022 – Includes Oracle® January 2022 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2022-includes-oracle-january-2022-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response/


∗∗∗ K53252134: Intel BIOS vulnerability CVE-2021-0155 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K53252134


∗∗∗ K16162257: Intel BIOS vulnerability CVE-2021-0154 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K16162257


∗∗∗ K14454359: Intel BIOS vulnerability CVE-2021-0153 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K14454359


∗∗∗ K04303225: Intel BIOS vulnerability CVE-2021-0190 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K04303225


∗∗∗ Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-247052-bt.html


∗∗∗ PHP Vulnerability ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-22-20

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list