[CERT-daily] Tageszusammenfassung - 28.06.2022

Daily end-of-shift report team at cert.at
Tue Jun 28 18:29:41 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 27-06-2022 18:00 − Dienstag 28-06-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Over 900,000 Kubernetes instances found exposed online ∗∗∗
---------------------------------------------
Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/


∗∗∗ Raccoon Stealer is back with a new version to steal your passwords ∗∗∗
---------------------------------------------
The Raccoon Stealer malware is back with a second major version circulating on cybercrime forums, offering hackers elevated password-stealing functionality and upgraded operational capacity.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/raccoon-stealer-is-back-with-a-new-version-to-steal-your-passwords/


∗∗∗ ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks ∗∗∗
---------------------------------------------
A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks.
---------------------------------------------
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html


∗∗∗ Microsoft: Support-Ende von Exchange 2013 naht - jetzt Migration planen ∗∗∗
---------------------------------------------
Der Exchange-Server 2013 erreicht in neun Monaten sein absolutes Support-Ende. Daran erinnert Microsofts Exchange-Team und empfiehlt die zügige Migration.
---------------------------------------------
https://heise.de/-7155579


∗∗∗ Lockbit-Ransomware-Gruppe stellt sich professioneller auf ∗∗∗
---------------------------------------------
Die Erpresserbande hinter der Ransomware Lockbit hebt den Professionalisierungsgrad auf eine neue Stufe. Sogar ein Bug-Bounty-Programm hat sie aufgelegt.
---------------------------------------------
https://heise.de/-7155742


∗∗∗ Krypto-Lovescam: Wenn Tinder-Matches Investment-Tipps geben ∗∗∗
---------------------------------------------
Betrügerische Internetbekanntschaften zielen nicht darauf ab, Sie näher kennenzulernen. Sie bauen Vertrauen auf, um Sie später auf gefälschte Investitionsplattformen zu locken.
---------------------------------------------
https://www.watchlist-internet.at/news/krypto-lovescam-wenn-tinder-matches-investment-tipps-geben/


∗∗∗ Understanding the Function Call Stack ∗∗∗
---------------------------------------------
That thread was inspired by a series of tweets by inversecos who shared how malware authors will often use Native APIs instead of Win32 APIs as a mechanism to evade naive detections that assume every application will use the Win32 API function.
---------------------------------------------
https://posts.specterops.io/understanding-the-function-call-stack-f08b5341efa4


∗∗∗ De-anonymizing ransomware domains on the dark web ∗∗∗
---------------------------------------------
We have developed three techniques to identify ransomware operators dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups.
---------------------------------------------
http://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Firefox 102: Mehrere Sicherheitslücken geschlossen ∗∗∗
---------------------------------------------
Mozilla hat Version 102 von Firefox veröffentlicht. Diese Major-Version des Browsers ist die neue Basis für Firefox ESR und behebt einige Sicherheitsprobleme.
---------------------------------------------
https://heise.de/-7156179


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (nodejs and squid), Fedora (uboot-tools), Red Hat (kernel-rt, kpatch-patch, and python), SUSE (drbd, openssl-1_0_0, oracleasm, and rubygem-rack), and Ubuntu (curl).
---------------------------------------------
https://lwn.net/Articles/899239/


∗∗∗ 2022 CWE Top 25 Most Dangerous Software Weaknesses ∗∗∗
---------------------------------------------
The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/06/28/2022-cwe-top-25-most-dangerous-software-weaknesses


∗∗∗ Security Advisory - Password Verification Vulnerability of Huawei Router ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220628-01-2eda0853-en


∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-vulnerable-to-multiple-vulnerabilities-3/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-october-2021-4/


∗∗∗ Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent(CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-remote-attack-vulnerability-in-apache-log4j-affects-ibm-common-licensings-license-key-server-lks-administration-and-reporting-tool-art-and-its-agentcve-2021-4104cve-20/


∗∗∗ Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21248) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-java-jdk-affect-ibm-event-streams-cve-2022-21365-cve-2022-21360-cve-2022-21349-cve-2022-21341-cve-2022-21340-cve-2022-21305-cve-2022-21294-cve-2022-21/


∗∗∗ Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-lodash-library-affect-tivoli-netcool-omnibus-webgui-cve-2019-1010266-cve-2020-28500-cve-2018-16487-cve-2018-3721-cve-2020-8203-cve-2021-23337-cve-2019-1074/


∗∗∗ Security Bulletin: IBM Robotic Process Automation may be affected by multiple vulnerabilities in open source components (CVE-2019-0820, CVE-2020-15522, CVE-2021-43569) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-may-be-affected-by-multiple-vulnerabilities-in-open-source-components-cve-2019-0820-cve-2020-15522-cve-2021-43569/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-october-2021-3/


∗∗∗ Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-31805) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-struts-library-affect-tivoli-netcool-omnibus-webgui-cve-2021-31805/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability (CVE-2021-39074) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability-cve-2021-39074/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 – October 2021 & January 2022 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-virtualization-engine-ts7700-october-2021-january-2022/


∗∗∗ K01311313: Linux kernel vulnerability CVE-2021-3612 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01311313


∗∗∗ Long Term Support Channel Update for ChromeOS ∗∗∗
---------------------------------------------
http://chromereleases.googleblog.com/2022/06/long-term-support-channel-update-for.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list