Tageszusammenfassung - 02.06.2022

End-of-Day report

Timeframe: Mittwoch 01-06-2022 18:00 - Donnerstag 02-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

Conti ransomware targeted Intel firmware for stealthy attacks

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks.

https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/

Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks

As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns.

https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.html

Europol: FluBot-Infrastruktur unter Kontrolle von Strafverfolgern

Internationale Strafverfolger konnten die SMS-basierte Android-Spyware FluBot einbremsen. Dies gelang durch die Übernahme der FluBot-Infrastruktur.

https://heise.de/-7130270

Warnung vor Spoofing mit BSI-Rufnummer

Das BSI erhält derzeit Meldungen, dass vermehrte Anrufe mit der Rufnummer des BSI und einer zweistelligen Durchwahl erfolgen. Es handelt sich nicht um Anrufe des BSI.

https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Spoofing_220602.html

Vorsicht Telefon-Betrug: Tonbandstimme lockt in die Falle!

Zahlreiche Meldungen berichten von Anrufen einer Tonbandstimme, die dazu auffordert auf die Taste 1 zu drücken. Folgen Sie den Anweisungen nicht!

https://www.watchlist-internet.at/news/vorsicht-telefon-betrug-tonbandstimme-lockt-in-die-falle/

Vulnerabilities

SearchNightmare: Windows 10 search-ms: URI Handler 0-day Exploit mit Office 2019

Nach der Entdeckung des Missbrauchs der Follina-Schwachstelle (CVE-2022-30190) über das Windows ms-msdt-Protokolls wird diese Bastion "sturmreif" geschossen. Ein Hacker hat sich den search-ms: URI Handler in Windows 10 angesehen und einen ähnlichen Exploit wie Follina entwickelt.

https://www.borncity.com/blog/2022/06/02/searchnightmare-windows-10-search-ms-uri-handler-0-day-exploit-mit-office-2019/

Security updates for Thursday

Security updates have been issued by Debian (firefox-esr), Fedora (thunderbird and vim), Red Hat (firefox, postgresql:10, postgresql:12, and postgresql:13), Scientific Linux (firefox and rsyslog), SUSE (hdf5, hdf5, suse-hpc, postgresql14, rubygem-yajl-ruby, and udisks2), and Ubuntu (imagemagick and influxdb).

https://lwn.net/Articles/896896/

Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks

Millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability discovered recently by researchers at cybersecurity firm Check Point.

https://www.securityweek.com/millions-budget-smartphones-unisoc-chips-vulnerable-remote-dos-attacks

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2022-0391)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-using-a-component-with-known-vulnerabilities-cve-2022-0391/

Security Bulletin: Multiple Vulnerabilities in Node.js affects IBM Netcool Agile Service Manager

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-node-js-affects-ibm-netcool-agile-service-manager/

Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability CVE-2021-35550

https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-management-system-monitor-is-affected-by-a-vulnerability-cve-2021-35550/

Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vulnerable-to-directory-traversal-due-to-moment-js-cve-2022-24785/

Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-common-licensing-is-vulnerable-by-a-remote-code-attack-in-spring-framework-cve-2021-22096cve-2021-22060cve-2022-22950cve-2022-22968/

Security Bulletin: Multiple vulnerabilities in Java SE that could allow an unauthenticated attacker to obtain sensitive information affect IBM® Db2®. (CVE-2021-35603, CVE-2021-35550, CVE-2021-2341)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-java-se-that-could-allow-an-unauthenticated-attacker-to-obtain-sensitive-information-affect-ibm-db2-cve-2021-35603-cve-2021-35550-cve-202/

Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-openssl-denial-of-service-vulnerabilities-cve-2021-23840-cve-2021-23841-3/

Security Bulletin: Vulnerability in Nginx affects IBM Cloud Private and could allow a remote attacker to obtain sensitive information (177988)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nginx-affects-ibm-cloud-private-and-could-allow-a-remote-attacker-to-obtain-sensitive-information-177988/

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-service-is-vulnerable-to-multiple-vulnerabilities-due-to-ibm-java/

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-multiple-vulnerabilities-due-to-eclipse-jetty/

Security Bulletin: Watson Machine Learning Accelerator is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

https://www.ibm.com/blogs/psirt/security-bulletin-watson-machine-learning-accelerator-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/

Security Bulletin: CVE-2022-21299 may affect IBM® SDK, Java- Technology Edition

https://www.ibm.com/blogs/psirt/security-bulletin-cve-2022-21299-may-affect-ibm-sdk-java-technology-edition/

Security Bulletin: HMC is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

https://www.ibm.com/blogs/psirt/security-bulletin-hmc-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/

Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting due to Angular (220414)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vulnerable-to-cross-site-scripting-due-to-angular-220414/

Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java- Technology Edition

https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-management-system-monitor-is-affected-by-a-vulnerability-in-ibm-sdk-java-technology-edition-6/

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-vulnerable-to-denial-of-service-due-to-fasterxml-jackson-databind/

Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vulnerable-to-denial-of-service-due-to-gson-217225-2/

Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities - IBM JDK 8.0.7.0

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-using-a-component-with-multiple-known-vulnerabilities-ibm-jdk-8-0-7-0/

Security Bulletin: IBM Robotic Process Automation is vulnerable to cross tenant information exposure (CVE-2022-22506)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-cross-tenant-information-exposure-cve-2022-22506/

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java- Technology Edition

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-13/

Autodesk AutoCAD: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten

http://www.cert-bund.de/advisoryshort/CB-K22-0677

Illumina Local Run Manager

https://us-cert.cisa.gov/ics/advisories/icsa-22-153-02