End-of-Day report
Timeframe: Dienstag 07-06-2022 18:00 - Mittwoch 08-06-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Linux version of Black Basta ransomware targets VMware ESXi servers
Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers.
https://www.bleepingcomputer.com/news/security/linux-version-of-black-basta-ransomware-targets-vmware-esxi-servers/
Poisoned CCleaner search results spread information-stealing malware
Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program.
https://www.bleepingcomputer.com/news/security/poisoned-ccleaner-search-results-spread-information-stealing-malware/
Cuba ransomware returns to extorting victims with updated encryptor
The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks.
https://www.bleepingcomputer.com/news/security/cuba-ransomware-returns-to-extorting-victims-with-updated-encryptor/
Targeted phishing past defender
Signature based detections has shortcomings that matter in real scenarios. Depending only on prevention through an EDR like Defender is not enough in a modern attack scenario.
https://www.derant.com/network%20monitoring/2022/06/07/Targetted-phishing-past-defender.html
New Technique Used by Attackers in NPM to Avoid Detection
Checkmarx SCS team recently detected several malicious NPM packages using a new evasion technique, enhancing dependency confusion attacks to help malicious packages avoid detection.
https://checkmarx.com/blog/new-technique-used-by-attackers-in-npm-to-avoid-detection/
Vulnerabilities
Researchers Warn of Unpatched "DogWalk" Microsoft Windows Vulnerability
An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild.
https://thehackernews.com/2022/06/researchers-warn-of-unpatched-dogwalk.html
Zero-Day-Lücke: Cybergangs missbrauchen MSDT-Leck für Qakbot-Infektionen
Die Cybergang hinter der Malware Quakbot missbraucht in Phishing-Kampagnen die MSDT-Zero-Day-Lücke. Infizierte Rechner verkauft sie meist an Ransomware-Banden.
https://heise.de/-7134949
Fehler in Linux-Kernel ermöglicht Rechteausweitung
Ein Fehler im Firewall-Code des Linux-Kernels ermöglicht es Nutzern, Befehle als Root auszuführen. Administratoren können einen Workaround anwenden.
https://heise.de/-7134791
Kritische Schadcode-Lücke bedroht Universal Boot Loader U-Boot
Die Entwickler von U-Boot haben zwei gefährliche Sicherheitslücken geschlossen.
https://heise.de/-7134785
Security updates for Wednesday
Security updates have been issued by Debian (avahi), Fedora (firefox), Oracle (grub2, python-twisted-web, shim, shim-signed, and thunderbird), Red Hat (kernel and python-twisted-web), SUSE (gcc48, go1.17, go1.18, and mariadb), and Ubuntu (e2fsprogs, linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-intel-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, [...]
https://lwn.net/Articles/897297/
Technical Details Released for Recently Patched Zyxel Firewall Vulnerabilities
Security researchers with HN Security have published technical details on two vulnerabilities affecting many Zyxel products.
https://www.securityweek.com/technical-details-released-recently-patched-zyxel-firewall-vulnerabilities
Owl Labs Patches Severe Vulnerability in Video Conferencing Devices
Video conferencing company Owl Labs has released patches for a severe vulnerability affecting its Meeting Owl Pro and Whiteboard Owl devices.
https://www.securityweek.com/owl-labs-patches-severe-vulnerability-video-conferencing-devices
Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer
Symantec has observed threat actors exploiting remote code execution flaw to drop AsyncRAT and information stealer.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/follina-msdt-exploit-malware
Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832-6/
Security Bulletin: IBM Cognos Command Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-command-center-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-is-vulnerable-to-spoofing-cve-2022-22365-2/
Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44228)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44228-5/
Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-4104-10/
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-web-services-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
Security Bulletin: Vulnerabilities have been identified in Spring Framework, OpenSSL and Apache HTTP Server shipped with the DS8000 Hardware Management Console (HMC)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-spring-framework-openssl-and-apache-http-server-shipped-with-the-ds8000-hardware-management-console-hmc/
Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-45046-cve-2021-45105-5/
Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-command-center-is-affected-by-multiple-vulnerabilities/
FESTO: CECC-X-M1 - command injection vulnerabilities
https://cert.vde.com/de/advisories/VDE-2022-020/
Apache HTTP Server: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K22-0692
Mehrere Schwachstellen in "sicheren" mobilen Festplatten und Crypto-USB-Sticks von Verbatim (SYSS-2022-001/-017)
https://www.syss.de/pentest-blog/mehrere-schwachstellen-in-sicheren-mobilen-festplatten-und-crypto-usb-sticks-von-verbatim-syss-2022-001/-017