Tageszusammenfassung - 14.06.2022

End-of-Day report

Timeframe: Montag 13-06-2022 18:00 - Dienstag 14-06-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer


The many lives of BlackCat ransomware

The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.


Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware

Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter thats being purchased by cyber criminals to deliver remote access trojans (RATs) and information stealers.


Public Travis CI Logs (Still) Expose Users to Cyber Attacks

In our latest research, we at Team Nautilus found that tens of thousands of user tokens are exposed via the Travis CI API, which allows anyone to access historical clear-text logs. More than 770 million logs of free tier users are available.


Sicherheitslücke im Apple M1 Chip: Pacman-Attacke umgeht Schutzschicht

Angriffe auf den M1-Prozessor sind durch ein Zusammenspiel von Hard- und Software möglich. Apple sieht allerdings keine unmittelbare Gefahr.


Vorsicht vor gefälschten Zahlungsaufforderungen per WhatsApp

Ihre Chefin bittet Sie, eine Rechnung zu begleichen. Sie fragen nach den Details und bekommen die Rechnung mit Zahlungsanweisungen zugesendet. Sie überweisen. Erst später bemerken Sie, dass es gar nicht Ihre Chefin war - sondern Kriminelle.


Internet Explorer 11 erreicht am 15. Juni 2022 End-of-Life (EOL)

Noch eine kurze Information an die Blog-Leserschaft, die ggf. noch den Internet Explorer 11 von Microsoft unter Windows im Einsatz haben. Zum heutigen Patchday, 14. Juni 2022, erhält der Browser letztmalig Sicherheitsupdates für verschiedene Windows-Versionen und fällt dann (zum 15. Juni 2022) aus dem Support.


CHM Malware Types with Anti-Sandbox Technique and Targeting Companies

Among CHM strains that are recently being distributed in Korea, the ASEC analysis team has discovered those applied with the anti-sandbox technique and targeting companies.


NPM Replicator Remote Code Execution Deserialization

NPM, the package manager for Node.js, is an open source project that serves as a critical part of the JavaScript community and helps support one of the largest developer ecosystems.


Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained

A threat actor recently hacked a popular PyPi repo on GitHub, setting off a supply chain attack that could have impacted millions of users.


SynLapse - Technical Details for Critical Azure Synapse Vulnerability

Recently, the Orca Security research team discovered SynLapse, a tenant separation violation vulnerability in the Microsoft Azure Synapse environment.



New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials

A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction.


Security updates for Tuesday

Security updates have been issued by Fedora (golang-github-docker-libnetwork and moby-engine), Mageia (apache, docker-containerd, kernel, kernel-linus, nats-server, and php-smarty), Slackware (php), SUSE (gimp, grub2, thunderbird, u-boot, and xen), and Ubuntu (firefox, liblouis, ncurses, and rsync).


JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities


SSA-988345 V1.0: Local Privilege Escalation Vulnerability in Xpedition Designer


SSA-911567 V1.0: Missing HTTP headers in SINEMA Remote Connect Server before V3.0 SP2


SSA-740594 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module


SSA-712929 V1.0: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products


SSA-693555 V1.0: Memory Corruption Vulnerability in EN100 Ethernet Module


SSA-685781 V1.0: Multiple Vulnerabilities in Apache HTTP Server Affecting Siemens Products


SSA-631336 V1.0: Multiple Web Server Vulnerabilities in SICAM GridEdge Software


SSA-484086 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.1


SSA-401167 V1.0: Cross-site scripting Vulnerability in Teamcenter Active Workspace


SSA-388239 V1.0: Default Password Leakage affecting the Component Shared HIS used in Spectrum Power Systems


SSA-330556 V1.0: PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034)


SSA-222547 V1.0: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0


SSA-220589 V1.0: Hard Coded Default Credential Vulnerability in Teamcenter


SSA-145224 V1.0: Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices


IBM Security Bulletins 2022-06-13


TYPO3 CORE: Mehrere Schwachstellen


ABB Security Advisory: Link Following Local Privilege Escalation Vulnerabilities in ABB Automation Builder, Drive Composer and Mint WorkBench


Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512


Meridian Cooperative Meridian


Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R