End-of-Day report
Timeframe: Dienstag 24-05-2022 18:00 - Mittwoch 25-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Vorsicht vor unseriösen Spendenaufrufen für krebskranke Kinder
Immer wieder stoßen Watchlist Internet Leser:innen auf betrügerische Spendenaufrufe für krebskranke Kinder. Insbesondere in Werbeeinschaltungen auf YouTube werden häufig derartige Kampagnen angezeigt.
https://www.watchlist-internet.at/news/vorsicht-vor-unserioesen-spendenaufrufen-fuer-krebskranke-kinder/
Bablosoft; Lowering the Barrier of Entry for Malicious Actors
Summary Evidence suggests an increasing number of threat actor groups are making use of a free-to-use browser automation framework. The framework contains numerous features which we assess may be utilized in the enablement of malicious activities.
https://team-cymru.com/blog/2022/05/25/bablosoft-lowering-the-barrier-of-entry-for-malicious-actors/
How the Saitama backdoor uses DNS tunnelling
A walkthrough of one of the stealthy communication techniques employed in a recent attack using APT34s Saitama backdoor.
https://blog.malwarebytes.com/threat-intelligence/2022/05/how-the-saitama-backdoor-uses-dns-tunnelling/
Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service
Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service.
http://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Debian (lrzip and puma), Fedora (plantuml and plib), Oracle (kernel and kernel-container), Red Hat (firefox, kernel, kpatch-patch, subversion:1.14, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (kernel-firmware, libxml2, pcre2, and postgresql13), and Ubuntu (accountsservice, postgresql-10, postgresql-12, postgresql-13, postgresql-14, and rsyslog).
https://lwn.net/Articles/896216/
CISA Adds 34 Known Exploited Vulnerabilities to Catalog
CISA has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
https://us-cert.cisa.gov/ncas/current-activity/2022/05/25/cisa-adds-34-known-exploited-vulnerabilities-catalog
Chrome 102.0.5005.61/62/63 fixen kritische Schwachstellen
Google hat zum 24. Mai 2022 die Updates des 102.0.5005.61/62/63 Google Chrome Browsers für Windows und Mac auf dem Desktop im Stable Channel freigegeben (Chrome 102 wird auch im Stable Channel für Windows und Mac aufgenommen).
https://www.borncity.com/blog/2022/05/25/chrome-102-0-5005-61-62-63-fixen-schwachstellen/
Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vulnerable-to-exposing-data-improperly-cve-2022-22497/
Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-node-js-as-used-by-ibm-security-qradar-analyst-workflow-app-for-ibm-qradar-siem-is-vulnerable-to-multiple-vulnerabilities/
Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-deployment-intelligence-app-for-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vulnerable-to-exposing-data-improperly-cve-2022-22497/
Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vulnerable-to-exposing-data-improperly-cve-2022-22497/
VMSA-2022-0015
https://www.vmware.com/security/advisories/VMSA-2022-0015.html
Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508
https://support.citrix.com/article/CTX457048
Rockwell Automation Logix Controllers
https://us-cert.cisa.gov/ics/advisories/icsa-22-144-01