End-of-Day report
Timeframe: Montag 13-06-2022 18:00 - Dienstag 14-06-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
The many lives of BlackCat ransomware
The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.
https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware
Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter thats being purchased by cyber criminals to deliver remote access trojans (RATs) and information stealers.
https://thehackernews.com/2022/06/researchers-detail-purecrypter-loader.html
Public Travis CI Logs (Still) Expose Users to Cyber Attacks
In our latest research, we at Team Nautilus found that tens of thousands of user tokens are exposed via the Travis CI API, which allows anyone to access historical clear-text logs. More than 770 million logs of free tier users are available.
https://blog.aquasec.com/travis-ci-security
Sicherheitslücke im Apple M1 Chip: Pacman-Attacke umgeht Schutzschicht
Angriffe auf den M1-Prozessor sind durch ein Zusammenspiel von Hard- und Software möglich. Apple sieht allerdings keine unmittelbare Gefahr.
https://heise.de/-7140316
Vorsicht vor gefälschten Zahlungsaufforderungen per WhatsApp
Ihre Chefin bittet Sie, eine Rechnung zu begleichen. Sie fragen nach den Details und bekommen die Rechnung mit Zahlungsanweisungen zugesendet. Sie überweisen. Erst später bemerken Sie, dass es gar nicht Ihre Chefin war - sondern Kriminelle.
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-zahlungsaufforderungen-per-whatsapp-1/
Internet Explorer 11 erreicht am 15. Juni 2022 End-of-Life (EOL)
Noch eine kurze Information an die Blog-Leserschaft, die ggf. noch den Internet Explorer 11 von Microsoft unter Windows im Einsatz haben. Zum heutigen Patchday, 14. Juni 2022, erhält der Browser letztmalig Sicherheitsupdates für verschiedene Windows-Versionen und fällt dann (zum 15. Juni 2022) aus dem Support.
https://www.borncity.com/blog/2022/06/14/internet-explorer-11-erreicht-am-15-juni-2022-end-of-life-eol/
CHM Malware Types with Anti-Sandbox Technique and Targeting Companies
Among CHM strains that are recently being distributed in Korea, the ASEC analysis team has discovered those applied with the anti-sandbox technique and targeting companies.
https://asec.ahnlab.com/en/35268/
NPM Replicator Remote Code Execution Deserialization
NPM, the package manager for Node.js, is an open source project that serves as a critical part of the JavaScript community and helps support one of the largest developer ecosystems.
https://checkmarx.com/blog/npm-replicator-remote-code-execution-deserialization/
Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained
A threat actor recently hacked a popular PyPi repo on GitHub, setting off a supply chain attack that could have impacted millions of users.
https://orca.security/resources/blog/python-supply-chain-attack-ctx-phpass/
SynLapse - Technical Details for Critical Azure Synapse Vulnerability
Recently, the Orca Security research team discovered SynLapse, a tenant separation violation vulnerability in the Microsoft Azure Synapse environment.
https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/
Vulnerabilities
New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials
A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction.
https://thehackernews.com/2022/06/new-zimbra-email-vulnerability-could.html
Security updates for Tuesday
Security updates have been issued by Fedora (golang-github-docker-libnetwork and moby-engine), Mageia (apache, docker-containerd, kernel, kernel-linus, nats-server, and php-smarty), Slackware (php), SUSE (gimp, grub2, thunderbird, u-boot, and xen), and Ubuntu (firefox, liblouis, ncurses, and rsync).
https://lwn.net/Articles/897847/
JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php
SSA-988345 V1.0: Local Privilege Escalation Vulnerability in Xpedition Designer
https://cert-portal.siemens.com/productcert/txt/ssa-988345.txt
SSA-911567 V1.0: Missing HTTP headers in SINEMA Remote Connect Server before V3.0 SP2
https://cert-portal.siemens.com/productcert/txt/ssa-911567.txt
SSA-740594 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module
https://cert-portal.siemens.com/productcert/txt/ssa-740594.txt
SSA-712929 V1.0: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-712929.txt
SSA-693555 V1.0: Memory Corruption Vulnerability in EN100 Ethernet Module
https://cert-portal.siemens.com/productcert/txt/ssa-693555.txt
SSA-685781 V1.0: Multiple Vulnerabilities in Apache HTTP Server Affecting Siemens Products
https://cert-portal.siemens.com/productcert/txt/ssa-685781.txt
SSA-631336 V1.0: Multiple Web Server Vulnerabilities in SICAM GridEdge Software
https://cert-portal.siemens.com/productcert/txt/ssa-631336.txt
SSA-484086 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.1
https://cert-portal.siemens.com/productcert/txt/ssa-484086.txt
SSA-401167 V1.0: Cross-site scripting Vulnerability in Teamcenter Active Workspace
https://cert-portal.siemens.com/productcert/txt/ssa-401167.txt
SSA-388239 V1.0: Default Password Leakage affecting the Component Shared HIS used in Spectrum Power Systems
https://cert-portal.siemens.com/productcert/txt/ssa-388239.txt
SSA-330556 V1.0: PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034)
https://cert-portal.siemens.com/productcert/txt/ssa-330556.txt
SSA-222547 V1.0: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0
https://cert-portal.siemens.com/productcert/txt/ssa-222547.txt
SSA-220589 V1.0: Hard Coded Default Credential Vulnerability in Teamcenter
https://cert-portal.siemens.com/productcert/txt/ssa-220589.txt
SSA-145224 V1.0: Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
https://cert-portal.siemens.com/productcert/txt/ssa-145224.txt
IBM Security Bulletins 2022-06-13
https://www.ibm.com/blogs/psirt/
TYPO3 CORE: Mehrere Schwachstellen
https://typo3.org/help/security-advisories/typo3-cms
ABB Security Advisory: Link Following Local Privilege Escalation Vulnerabilities in ABB Automation Builder, Drive Composer and Mint WorkBench
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch
Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512
https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512
Meridian Cooperative Meridian
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-02
Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-03