Tageszusammenfassung - 07.06.2022

End-of-Day report

Timeframe: Freitag 03-06-2022 18:00 - Dienstag 07-06-2022 18:15 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

WatchDog hacking group launches new Docker cryptojacking campaign

-The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software.

https://www.bleepingcomputer.com/news/security/watchdog-hacking-group-launches-new-docker-cryptojacking-campaign/

QBot now pushes Black Basta ransomware in bot-powered attacks

The Black Basta ransomware gang has partnered with the QBot malware operation to gain spread laterally through hacked corporate environments.

https://www.bleepingcomputer.com/news/security/qbot-now-pushes-black-basta-ransomware-in-bot-powered-attacks/

Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware

A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady.

https://thehackernews.com/2022/06/researchers-warn-of-spam-campaign.html

Neues Phishing-E-Mail der Erste Bank und Sparkasse

Aktuell kursiert ein neues Phishing-E-Mail im Namen der Erste Bank und Sparkasse. Im Schreiben werden Sie über eine angebliche Abbuchung von 1 259 Euro informiert.

https://www.watchlist-internet.at/news/neues-phishing-e-mail-der-erste-bank-und-sparkasse/

Vulnerabilities

Fortiguard June 2022 Vulnerability Advisories

FortiAP-U, FortiDDoS, FortiOS, FortiAnalyzer, FortiManager, FortiSandbox, FortiTokenMobile, FortiAuthenticator, Apache Airflow and FortiClient.

https://www.fortiguard.com/psirt-monthly-advisory/june-2022-vulnerability-advisories

Jetzt patchen! Lage um Attacken auf Atlassian Confluence spitzt sich zu

Aufgrund von öffentlich verfügbarem Exploit-Code steigen die Attacken auf Confluence-Instanzen. Patches sind jetzt verfügbar.

https://heise.de/-7132633

Patchday: Google schließt Kernel- und Software-Lücken in Android

Besitzer von Android-Hardware sollte ihre Geräte aus Sicherheitsgründen auf den aktuellen Stand bringen.

https://heise.de/-7133294

Security updates for Monday

Security updates have been issued by Debian (clamav, firefox-esr, pidgin, and thunderbird), Fedora (dotnet3.1, firefox, kernel, vim, and webkit2gtk3), Mageia (firefox/nss/nspr, gimp, logrotate, mariadb, thunderbird, trojita, webkit2, and webmin), Oracle (thunderbird), Red Hat (compat-openssl11, postgresql:10, postgresql:12, and thunderbird), Slackware (pidgin), and SUSE (openvpn).

https://lwn.net/Articles/897163/

Security updates for Tuesday

Security updates have been issued by Debian (glib2.0, librecad, and php-horde-mime-viewer), Fedora (vim), and Ubuntu (freerdp2, ruby2.3, ruby2.5, ruby2.7, ruby3.0, and vim).

https://lwn.net/Articles/897226/

Critical U-Boot Vulnerability Allows Rooting of Embedded Systems

A critical vulnerability in the U-Boot boot loader could be exploited to write arbitrary data, which can allow an attacker to root Linux-based embedded systems, according to NCC Group.

https://www.securityweek.com/critical-u-boot-vulnerability-allows-rooting-embedded-systems

Security Advisory -Input Verification Vulnerabilities Involved in Huawei Printer Product

http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220608-01-1a91f8a4-en

Security Bulletin: IBM Cognos Controller is affected but not vulnerable to arbitrary code execution and SQL injection due to Apache Log4j v1 vulnerabilities (CVE-2022-23305, CVE-2022-23302, CVE-2021-4104)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-is-affected-but-not-vulnerable-to-arbitrary-code-execution-and-sql-injection-due-to-apache-log4j-v1-vulnerabilities-cve-2022-23305-cve-2022-23302-cve-2021-4/

Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-18/

Security Bulletin: Public disclosed vulnerability from OpenSSL affects IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerability-from-openssl-affects-ibm-netezza-host-management-3/

Security Bulletin: IBM DataPower Gateway affected by prototype pollution in DOJO (CVE-2021-23450)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-affected-by-prototype-pollution-in-dojo-cve-2021-23450/

Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL Injection (CVE-2022-31768)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-sql-injection-cve-2022-31768/

Security Bulletin: Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-36090, CVE-2021-35517)

https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-as-used-by-ibm-qradar-siem-is-vulnerable-to-denial-of-service-cve-2021-35515-cve-2021-35516-cve-2021-36090-cve-2021-35517/

Security Bulletin: CP4D Match 360 is vulnerable to remote attacker executing arbitrary code within IBM WebSphere Application Server Liberty (CVE-2021-23450)

https://www.ibm.com/blogs/psirt/security-bulletin-cp4d-match-360-is-vulnerable-to-remote-attacker-executing-arbitrary-code-within-ibm-websphere-application-server-liberty-cve-2021-23450/

Security Bulletin: Vulnerabilities have been identified in Apache Log4j and the application code shipped with the DS8000 Hardware Management Console (HMC)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-apache-log4j-and-the-application-code-shipped-with-the-ds8000-hardware-management-console-hmc-3/

Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector-system-is-affected-by-multiple-apache-http-server-vulnerabilities/

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-data-system-1-0-is-vulnerable-to-denial-of-service-due-to-apache-log4j-cve-2021-45105/

Security Bulletin: Multiple vulnerabilities in multiple dependencies affect IBM MessageGateway/ MessageSight

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-multiple-dependencies-affect-ibm-messagegateway-messagesight/

Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway uses Eclipse Jetty with multiple known vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maas360-mobile-enterprise-gateway-uses-eclipse-jetty-with-multiple-known-vulnerabilities/

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maas360-cloud-extender-agent-mobile-enterprise-gateway-and-vpn-module-have-multiple-vulnerabilities-cve-2021-22060-cve-2022-22950-cve-2022-0547-cve-2022-0778-cve-2022-2296/

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in NumPy. (CVE-2021-33430).

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-numpy-cve-2021-33430/