[CERT-daily] Tageszusammenfassung - 25.05.2022
Daily end-of-shift report
team at cert.at
Wed May 25 18:19:10 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 24-05-2022 18:00 − Mittwoch 25-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Vorsicht vor unseriösen Spendenaufrufen für krebskranke Kinder ∗∗∗
---------------------------------------------
Immer wieder stoßen Watchlist Internet Leser:innen auf betrügerische Spendenaufrufe für krebskranke Kinder. Insbesondere in Werbeeinschaltungen auf YouTube werden häufig derartige Kampagnen angezeigt.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-unserioesen-spendenaufrufen-fuer-krebskranke-kinder/
∗∗∗ Bablosoft; Lowering the Barrier of Entry for Malicious Actors ∗∗∗
---------------------------------------------
Summary Evidence suggests an increasing number of threat actor groups are making use of a free-to-use browser automation framework. The framework contains numerous features which we assess may be utilized in the enablement of malicious activities.
---------------------------------------------
https://team-cymru.com/blog/2022/05/25/bablosoft-lowering-the-barrier-of-entry-for-malicious-actors/
∗∗∗ How the Saitama backdoor uses DNS tunnelling ∗∗∗
---------------------------------------------
A walkthrough of one of the stealthy communication techniques employed in a recent attack using APT34s Saitama backdoor.
---------------------------------------------
https://blog.malwarebytes.com/threat-intelligence/2022/05/how-the-saitama-backdoor-uses-dns-tunnelling/
∗∗∗ Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service ∗∗∗
---------------------------------------------
Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service.
---------------------------------------------
http://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (lrzip and puma), Fedora (plantuml and plib), Oracle (kernel and kernel-container), Red Hat (firefox, kernel, kpatch-patch, subversion:1.14, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (kernel-firmware, libxml2, pcre2, and postgresql13), and Ubuntu (accountsservice, postgresql-10, postgresql-12, postgresql-13, postgresql-14, and rsyslog).
---------------------------------------------
https://lwn.net/Articles/896216/
∗∗∗ CISA Adds 34 Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CISA has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/05/25/cisa-adds-34-known-exploited-vulnerabilities-catalog
∗∗∗ Chrome 102.0.5005.61/62/63 fixen kritische Schwachstellen ∗∗∗
---------------------------------------------
Google hat zum 24. Mai 2022 die Updates des 102.0.5005.61/62/63 Google Chrome Browsers für Windows und Mac auf dem Desktop im Stable Channel freigegeben (Chrome 102 wird auch im Stable Channel für Windows und Mac aufgenommen).
---------------------------------------------
https://www.borncity.com/blog/2022/05/25/chrome-102-0-5005-61-62-63-fixen-schwachstellen/
∗∗∗ Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vulnerable-to-exposing-data-improperly-cve-2022-22497/
∗∗∗ Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-node-js-as-used-by-ibm-security-qradar-analyst-workflow-app-for-ibm-qradar-siem-is-vulnerable-to-multiple-vulnerabilities/
∗∗∗ Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
∗∗∗ Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-deployment-intelligence-app-for-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
∗∗∗ Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vulnerable-to-exposing-data-improperly-cve-2022-22497/
∗∗∗ Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vulnerable-to-exposing-data-improperly-cve-2022-22497/
∗∗∗ VMSA-2022-0015 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0015.html
∗∗∗ Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX457048
∗∗∗ Rockwell Automation Logix Controllers ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-144-01
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list