[CERT-daily] Tageszusammenfassung - 24.06.2022
Daily end-of-shift report
team at cert.at
Fri Jun 24 18:07:40 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 23-06-2022 18:00 − Freitag 24-06-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ 2FA: Wie sicher sind TOTP, Fido, SMS und Push-Apps? ∗∗∗
---------------------------------------------
Zwei- oder Multi-Faktor-Authentifizierung soll uns sicherer machen. Wir erklären, wie TOTP, Fido & Co. funktionieren und wovor sie schützen.
---------------------------------------------
https://www.golem.de/news/2fa-wie-sicher-sind-totp-fido-sms-und-push-apps-2206-166287-rss.html
∗∗∗ Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys ∗∗∗
---------------------------------------------
Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint.
---------------------------------------------
https://thehackernews.com/2022/06/multiple-backdoored-python-libraries.html
∗∗∗ Black Basta Ransomware Becomes Major Threat in Two Months ∗∗∗
---------------------------------------------
Black Basta ransomware has become a major new threat in just a couple months. Evidence suggests it was still in development in February 2022, and only became operational in April 2022.
---------------------------------------------
https://www.securityweek.com/black-basta-ransomware-becomes-major-threat-two-months
∗∗∗ There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families ∗∗∗
---------------------------------------------
Learn about the unique implementations of API Hammering malware samples and how to mitigate them.
---------------------------------------------
https://unit42.paloaltonetworks.com/api-hammering-malware-families/
=====================
= Vulnerabilities =
=====================
∗∗∗ Angreifer nutzen kontinuierlich Log4Shell-Lücke in VMware Horizon aus ∗∗∗
---------------------------------------------
Die Cybersecurity & Infrastructure Security Agency warnt vor Attacken auf die Virtualisierungslösung VMware Horizon. Admins sollten zügig handeln.
---------------------------------------------
https://heise.de/-7152258
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (ntfs-3g and ntfs-3g-system-compression), SUSE (389-ds, chafa, containerd, mariadb, php74, python3, salt, and xen), and Ubuntu (apache2).
---------------------------------------------
https://lwn.net/Articles/898925/
∗∗∗ Codesys Patches 11 Flaws Likely Affecting Controllers From Several ICS Vendors ∗∗∗
---------------------------------------------
Codesys this week announced patches for nearly a dozen vulnerabilities discovered in the company’s products by researchers at Chinese cybersecurity firm NSFocus.
---------------------------------------------
https://www.securityweek.com/codesys-patches-11-flaws-likely-affecting-controllers-several-ics-vendors
∗∗∗ ZDI-22-872: DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-872/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2022-22389) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-cve-2022-22389/
∗∗∗ Security Bulletin: One or more security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics (CVE-2020-4230,CVE-2020-4135,CVE-2020-4204,CVE-2020-4200) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-one-or-more-security-vulnerabilities-has-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics-cve-2020-4230cve-2020-4135cve-2020-4204/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2019-10086, CVE-2021-41617) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2019-10086-cve-2021-41617/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-22/
∗∗∗ Security Bulletin: IBM Robotic Process Automation is vulnerable to configuration credentials unencrypted in system memory (CVE-2022-22414) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-configuration-credentials-unencrypted-in-system-memory-cve-2022-22414-2/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-21/
∗∗∗ Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities due to the consumed Expat library ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-affected-by-multiple-vulnerabilities-due-to-the-consumed-expat-library/
∗∗∗ Security Bulletin: CVE-2021-35603 may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35603-may-affect-ibm-sdk-java-technology-edition-for-ibm-content-collector-for-sap-applications/
∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. (CVE-2022-22390) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-caused-by-improper-privilege-management-when-table-function-is-used-cve-2022-22390/
∗∗∗ Security Bulletin: Multiple vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-has-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by an information leak vulnerability within Kafka (CVE-2021-38153) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-leak-vulnerability-within-kafka-cve-2021-38153/
∗∗∗ Security Bulletin: A vulnerability in zlib affects IBM Common Inventory Technology (CIT). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-zlib-affects-ibm-common-inventory-technology-cit/
∗∗∗ Security Bulletin: CVE-2020-35550 may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-35550-may-affect-ibm-sdk-java-technology-edition-for-ibm-content-collector-for-sap-applications/
∗∗∗ K26314875: Apache vulnerability CVE-2022-26377 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K26314875
∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update
∗∗∗ OFFIS DCMTK ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-22-174-01
∗∗∗ Yokogawa STARDOM ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-01
∗∗∗ Yokogawa CAMS for HIS ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-02
∗∗∗ Secheron SEPCOS Control and Protection Relay ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-03
∗∗∗ Pyramid Solutions EtherNet/IP Adapter Development Kit ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-04
∗∗∗ Elcomplus SmartICS ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-05
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list