[CERT-daily] Tageszusammenfassung - 23.06.2022

Daily end-of-shift report team at cert.at
Thu Jun 23 18:37:54 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 22-06-2022 18:00 − Donnerstag 23-06-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Conti ransomware hacking spree breaches over 40 orgs in a month ∗∗∗
---------------------------------------------
The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/conti-ransomware-hacking-spree-breaches-over-40-orgs-in-a-month/


∗∗∗ Malicious Windows LNK attacks made easy with new Quantum builder ∗∗∗
---------------------------------------------
Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malicious-windows-lnk-attacks-made-easy-with-new-quantum-builder/


∗∗∗ The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs ∗∗∗
---------------------------------------------
We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.
---------------------------------------------
https://securelist.com/modern-ransomware-groups-ttps/106824/


∗∗∗ Understanding the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190 ∗∗∗
---------------------------------------------
Initially, I began this research to generate weaponized RTF files delivering the CVE-2022-30190(Follina) exploit.
---------------------------------------------
https://cymulate.com/blog/cve-2022-30190-2/


∗∗∗ Miracle - One Vulnerability To Rule Them All ∗∗∗
---------------------------------------------
As mentioned in Jang blog, We (me and Jang) found a mega 0-day. After April Critical Patch, finally the vulnerability was patched properly. If you never known about this vulnerability, please patch your system ASAP!
---------------------------------------------
https://peterjson.medium.com/miracle-one-vulnerability-to-rule-them-all-c3aed9edeea2


∗∗∗ Vorsicht vor betrügerischen „Remote Jobs“ auf LinkedIn ∗∗∗
---------------------------------------------
“Work from Home Jobs No Experience Required” – von zuhause aus arbeiten, dabei bis zu 2.000€ pro Woche verdienen und das alles ohne Berufserfahrung? Laut der massenhaft geschaltenen Stellenanzeigen von KADANSE ist das möglich. Was nicht erwähnt wird: Für diesen scheinbar lukrativen Job müssen Sie erst Geld bezahlen, der Job existiert so nicht.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischen-remote-jobs-auf-linkedin/


∗∗∗ Schwachstellen in Programmierschnittstellen ∗∗∗
---------------------------------------------
Weltweit sind 4,1 bis 7,5 Prozent der Cybersecurity-Vorfälle und -schäden auf Schwachstellen in Programmierschnittstellen (Application Programming Interfaces, APIs) zurückzuführen und verursachen Kosten in Milliardenhöhe.
---------------------------------------------
https://www.zdnet.de/88402008/schwachstellen-in-programmierschnittstellen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins 2022-06-22 ∗∗∗
---------------------------------------------
IBM App Connect Enterprise, IBM Engineering Lifecycle Management, WebSphere Liberty, CICS Transaction Gateway, Watson Knowledge Catalog for IBM Cloud Pak for Data, IBM Robotic Process Automation, IBM Tivoli Business Service Manager, IBM MQ Internet Pass-Thru, IBM Cognos Analytics, IBM Sterling Global Mailbox.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Synology: Aktualisierte Firmware dichtet Sicherheitslecks in Routern ab ∗∗∗
---------------------------------------------
In Firmware von Synology-Geräten hat der Hersteller Sicherheitslücken gefunden. Angreifer könnten unter anderem unberechtigt auf Dateien zugreifen.
---------------------------------------------
https://heise.de/-7151202


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, firejail, and request-tracker4), Fedora (ghex, golang-github-emicklei-restful, and openssl1.1), Oracle (postgresql), Scientific Linux (postgresql), Slackware (openssl), SUSE (salt and tor), and Ubuntu (apache2 and squid, squid3).
---------------------------------------------
https://lwn.net/Articles/898720/


∗∗∗ Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-asdm-sig-NPKvwDjm


∗∗∗ Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG


∗∗∗ K55051330: Intel BIOS vulnerability CVE-2021-33123 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K55051330


∗∗∗ K87351324: Intel BIOS vulnerability CVE-2021-33124 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K87351324

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list