Tageszusammenfassung - 25.05.2022

End-of-Day report

Timeframe: Dienstag 24-05-2022 18:00 - Mittwoch 25-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer

News

Vorsicht vor unseriösen Spendenaufrufen für krebskranke Kinder

Immer wieder stoßen Watchlist Internet Leser:innen auf betrügerische Spendenaufrufe für krebskranke Kinder. Insbesondere in Werbeeinschaltungen auf YouTube werden häufig derartige Kampagnen angezeigt.

https://www.watchlist-internet.at/news/vorsicht-vor-unserioesen-spendenaufrufen-fuer-krebskranke-kinder/


Bablosoft; Lowering the Barrier of Entry for Malicious Actors

Summary Evidence suggests an increasing number of threat actor groups are making use of a free-to-use browser automation framework. The framework contains numerous features which we assess may be utilized in the enablement of malicious activities.

https://team-cymru.com/blog/2022/05/25/bablosoft-lowering-the-barrier-of-entry-for-malicious-actors/


How the Saitama backdoor uses DNS tunnelling

A walkthrough of one of the stealthy communication techniques employed in a recent attack using APT34s Saitama backdoor.

https://blog.malwarebytes.com/threat-intelligence/2022/05/how-the-saitama-backdoor-uses-dns-tunnelling/


Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service

Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service.

http://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html

Vulnerabilities

Security updates for Wednesday

Security updates have been issued by Debian (lrzip and puma), Fedora (plantuml and plib), Oracle (kernel and kernel-container), Red Hat (firefox, kernel, kpatch-patch, subversion:1.14, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (kernel-firmware, libxml2, pcre2, and postgresql13), and Ubuntu (accountsservice, postgresql-10, postgresql-12, postgresql-13, postgresql-14, and rsyslog).

https://lwn.net/Articles/896216/


CISA Adds 34 Known Exploited Vulnerabilities to Catalog

CISA has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

https://us-cert.cisa.gov/ncas/current-activity/2022/05/25/cisa-adds-34-known-exploited-vulnerabilities-catalog


Chrome 102.0.5005.61/62/63 fixen kritische Schwachstellen

Google hat zum 24. Mai 2022 die Updates des 102.0.5005.61/62/63 Google Chrome Browsers für Windows und Mac auf dem Desktop im Stable Channel freigegeben (Chrome 102 wird auch im Stable Channel für Windows und Mac aufgenommen).

https://www.borncity.com/blog/2022/05/25/chrome-102-0-5005-61-62-63-fixen-schwachstellen/


Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vulnerable-to-exposing-data-improperly-cve-2022-22497/


Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-node-js-as-used-by-ibm-security-qradar-analyst-workflow-app-for-ibm-qradar-siem-is-vulnerable-to-multiple-vulnerabilities/


Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/


Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-deployment-intelligence-app-for-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/


Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vulnerable-to-exposing-data-improperly-cve-2022-22497/


Security Bulletin: IBM Aspera Faspex is vulnerable to exposing data improperly (CVE-2022-22497)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-faspex-is-vulnerable-to-exposing-data-improperly-cve-2022-22497/


VMSA-2022-0015

https://www.vmware.com/security/advisories/VMSA-2022-0015.html


Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508

https://support.citrix.com/article/CTX457048


Rockwell Automation Logix Controllers

https://us-cert.cisa.gov/ics/advisories/icsa-22-144-01