Tageszusammenfassung - 09.06.2022

End-of-Day report

Timeframe: Mittwoch 08-06-2022 18:00 - Donnerstag 09-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

New Emotet Variant Stealing Users Credit Card Information from Google Chrome

The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser.

https://thehackernews.com/2022/06/new-emotet-variant-stealing-users.html

MakeMoney malvertising campaign adds fake update template

We catch up with some old acquaintances that just arent ready to hang up the towel just yet. The post MakeMoney malvertising campaign adds fake update template appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/threat-intelligence/2022/06/makemoney-malvertising-campaign-adds-fake-update-template/

ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat

A review of whats changed in malware in 2022, and what hasnt, based on Adam Kujawas talk at RSAC 2022. The post ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/threat-analysis/2022/06/asyncrat-surpasses-dridex-trickbot-and-emotet-to-become-dominant-email-threat/

Nebenjob als Betrugshelfer:in - Vorsicht vor europost-eu.biz

Ein vielversprechender Nebenjob als Paketempfänger:in lockt mit Home-Office und guten Arbeitsbedingungen. Für 25 - pro Stunde müssen Sie Pakete empfangen und weiterversenden. Was nicht erwähnt wird: Nehmen Sie den Job an, beteiligen Sie sich möglicherweise an Bestellbetrug und machen sich strafbar!

https://www.watchlist-internet.at/news/nebenjob-als-betrugshelferin-vorsicht-vor-europost-eubiz/

LockBit 2.0: How This RaaS Operates and How to Protect Against It

LockBit 2.0 has so far been this years most active ransomware gang on double-extortion leak sites. Learn about their tactics.

https://unit42.paloaltonetworks.com/lockbit-2-ransomware/

How to audit Node.js modules

Node.js is one of the best and most widely used Javascript runtimes used for building APIs. But, this popularity status has led to many hackers distributing insecure modules that exploit the Node.js application or provide a weak point for exploitation.

https://mattermost.com/blog/how-to-audit-nodejs-modules/

Follina-Schwachstelle (CVE-2022-30190): Neue Erkenntnisse, neue Risiken (9.6.2022)

Die seit Ende Mai 2022 bekannt gewordene Schwachstelle CVE-2022-30190 (Follina) in Windows entwickelt sich langsam zum Problembär. Die von Microsoft und hier im Blog beschriebenen Gegenmaßnahmen erscheinen nicht ausreichend.

https://www.borncity.com/blog/2022/06/09/follina-schwachstelle-cve-2022-30190-neue-erkenntnisse-neue-risiken/

Vulnerabilities

Sicherheitslücken in veralteten Zyxel-Firewalls: Neukauf als Fix

Der Netzwerkausrüster Zyxel warnt vor Sicherheitslücken in älteren Firewalls, deren Support ausgelaufen ist. Abhilfe schaffe der Austausch mit neueren Geräten.

https://heise.de/-7135405

Security updates for Thursday

Security updates have been issued by Debian (mailman and python-bottle), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, subversion:1.14, and xz), Scientific Linux (python-twisted-web), Slackware (httpd), and Ubuntu (ca-certificates, ffmpeg, ghostscript, and varnish).

https://lwn.net/Articles/897372/

Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat

Symbiote is a new Linux malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on machines.

https://www.intezer.com/blog/research/new-linux-threat-symbiote/

Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vulnerable-to-directory-traversal-due-to-moment-js-cve-2022-24785-2/

Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104-2/

Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting due to Angular (220414)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vulnerable-to-cross-site-scripting-due-to-angular-220414-2/

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2022) affects IBM InfoSphere Information Server

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-january-2022-affects-ibm-infosphere-information-server/

Security Bulletin: IBM Rational Software Architect RealTime Edition (RSA RT) is vulnerable to Apache Log4j2 - CVE-2021-44832

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-software-architect-realtime-edition-rsa-rt-is-vulnerable-to-apache-log4j2-cve-2021-44832/

Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vulnerable-to-denial-of-service-due-to-gson-217225-3/

Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to exposure of sensitive information (CVE-2021-35603)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-exposure-of-sensitive-information-cve-2021-35603-2/

Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-databind-affects-ibm-process-mining-multiple-cves/

Case opened: DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution

https://csirt.divd.nl/cases/DIVD-2021-00037/