End-of-Day report
Timeframe: Freitag 17-06-2022 18:00 - Montag 20-06-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Kritische CVE-2022-20825 in Cisco Small-Business-Routern wird nicht gefixt
In den Small-Business-Routern RV110W, RV130, RV130W und RV215W gibt es eine kritische Schwachstelle CVE-2022-20825, die mit dem CVE-Wert von 9.8 bewertet wurde. Auf Grund einer fehlenden Authentifizierung ermöglicht die Schwachstelle sowohl eine Remote Command Execution als auch Denial of Service-Angriffe.
https://www.borncity.com/blog/2022/06/20/kritische-cve-2022-20825-in-cisco-small-business-routern-wird-nicht-gefixt/
New phishing attack infects devices with Cobalt Strike
Security researchers have noticed a new malicious spam campaign that delivers the Matanbuchus malware to drop Cobalt Strike beacons on compromised machines.
https://www.bleepingcomputer.com/news/security/new-phishing-attack-infects-devices-with-cobalt-strike/
Android-wiping BRATA malware is evolving into a persistent threat
The threat actors operating the BRATA banking trojan have evolved their tactics and incorporated new information-stealing features into their malware.
https://www.bleepingcomputer.com/news/security/android-wiping-brata-malware-is-evolving-into-a-persistent-threat/
Decoding Obfuscated BASE64 Statistically
In diary entry "Houdini is Back Delivered Through a JavaScript Dropper", Xavier mentions that he had to deal with an obfuscated BASE64 string.
https://isc.sans.edu/diary/rss/28758
The Importance of White-Box Testing: A Dive into CVE-2022-21662
When CVE-2022-21662 came out there wasn-t a much-published material regarding this vulnerability. I want to take some time to explain the importance of using a white-box approach when testing applications for vulnerabilities.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-importance-of-white-box-testing-a-dive-into-cve-2022-21662/
Cerber2021 Ransomware Back in Action
In December 2021, researchers identified a new version of Cerber ransomware targeting both Linux and Windows users. In this infection, Cerber2021 was delivered by targeting the vulnerabilities in the Confluence and Gitlab servers. These vulnerabilities are tracked as CVE-2021-26084 and CVE-2021-22205, respectively.
https://blog.cyble.com/2022/06/17/cerber2021-ransomware-back-in-action/
Europol-Masche: Neue Welle betrügerischer Anrufe
Die Telefonbetrugsmasche, bei der sich die Kriminellen als Ermittlungsbehörde ausgeben, ist nicht neu. Dennoch rollt aktuell wieder eine Welle solcher Anrufe.
https://heise.de/-7146013
Erpressung per E-Mail: Hacker fordert die Überweisung von Bitcoins
Sie haben ein E-Mail von einem Hacker bekommen? Er schreibt, dass er Ihren Computer gehackt hat und Sie beim Masturbieren gefilmt hat? Er droht damit das Video zu verbreiten, wenn Sie keine Bitcoins überweisen? Im E-Mail wird sogar eines Ihrer Passwörter genannt? Machen Sie sich keine Sorgen! Dieses E-Mail ist Fake. Lassen Sie sich nicht erpressen und überweisen Sie keinesfalls Bitcoins. Ändern Sie aber umgehend Ihr Passwort!
https://www.watchlist-internet.at/news/erpressung-per-e-mail-hacker-fordert-die-ueberweisung-von-bitcoins/
Azure Attack Paths: Common Findings and Fixes (Part 1)
This post will walk through various services within the Azure catalogue and look at potential attack paths.
https://blog.zsec.uk/azure-fundamentals-pt1/
Vulnerabilities
AWS: Amazon-Hotpatch für log4j-Lücke ermöglicht Rechteausweitung
In einem Skript zum Absichern vor der log4j-Lücke von Amazon findet sich eine Sicherheitslücke. Angreifer könnten ihre Rechte damit ausweiten.
https://heise.de/-7145383
Security updates for Monday
Security updates have been issued by Debian (cyrus-imapd, exo, sleuthkit, slurm-wlm, vim, and vlc), Fedora (golang-github-docker-libnetwork, kernel, moby-engine, ntfs-3g-system-compression, python-cookiecutter, python2.7, python3.6, python3.7, python3.8, python3.9, rubygem-mechanize, and webkit2gtk3), Mageia (bluez, dnsmasq, exempi, halibut, and php), Oracle (.NET 6.0, .NET Core 3.1, and xz), SUSE (chafa, firejail, kernel, python-Twisted, and tensorflow2), and Ubuntu (intel-microcode).
https://lwn.net/Articles/898413/
Security Advisory - Input Verification Vulnerability Involving Huawei Printer Products
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220620-01-6e028b61-en
Security Bulletin: An Unspecified Vulnerability in Java runtime affects IBM SPSS (CVE-2021-35550)
https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-runtime-affects-ibm-spss-cve-2021-35550/
Security Bulletin: StoredIQ Is Vulnerable To Arbitrary Code Execution Due to Apache Log4j (CVE-2021-44228).
https://www.ibm.com/blogs/psirt/security-bulletin-storediq-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44228/
Security Bulletin: StoredIQ Is Vulnerable To Arbitrary Code Execution Due To Apache Log4j (CVE-2021-4104).
https://www.ibm.com/blogs/psirt/security-bulletin-storediq-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/
Security Bulletin: Potential module resolution error in DataPower Operator
https://www.ibm.com/blogs/psirt/security-bulletin-potential-module-resolution-error-in-datapower-operator/
Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in jackson-databind (217968)
https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-may-be-affected-by-denial-of-service-vulnerability-in-jackson-databind-217968/
Security Bulletin: StoredIQ is vulnerable to denial of service and remote code execution in Apache Log4j (CVE-2021-44228, CVE-2021-45046).
https://www.ibm.com/blogs/psirt/security-bulletin-storediq-is-vulnerable-to-denial-of-service-and-remote-code-execution-in-apache-log4j-cve-2021-44228-cve-2021-45046/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-apache-thrift-4/
Security Bulletin: IBM Robotic Process Automation is vulnerable to configuration credentials unencrypted in system memory (CVE-2022-22414)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-configuration-credentials-unencrypted-in-system-memory-cve-2022-22414/
Security Bulletin: IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-wincollect-is-vulnerable-to-using-components-with-known-vulnerabilities/
Security Bulletin: Potential Denial of Service in IBM DataPower Gateway (CVE-2022-23806)
https://www.ibm.com/blogs/psirt/security-bulletin-potential-denial-of-service-in-ibm-datapower-gateway-cve-2022-23806/
Security Bulletin: IBM Integration Bus is vulnerable to arbitrary code execution due to json-schema (CVE-2021-3918)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-is-vulnerable-to-arbitrary-code-execution-due-to-json-schema-cve-2021-3918/
Security Bulletin: IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics for Communications Service Providers and Datasets Impacted by Log4j Vulnerabilities ( CVE-2021-44832)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-analytic-accelerator-framework-for-communication-service-providers-ibm-customer-and-network-analytics-for-communications-service-providers-and-datasets-impacted-by-log4j-v-2/
Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in JDOM (CVE-2021-33813)
https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-may-be-affected-by-denial-of-service-vulnerability-in-jdom-cve-2021-33813/
Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-22444)
https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-denial-of-service-due-to-lpd-cve-2022-22444-2/
Security Bulletin: Vulnerabilities with Kernel, Eclipse Jetty, and OpenJDK affect IBM Cloud Object Storage Systems (June 2022)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-eclipse-jetty-and-openjdk-affect-ibm-cloud-object-storage-systems-june-2022/
Security Bulletin: Cúram Social Program Management is affected by session timeout issues (CVE-2022-22318, CVE-2022-22317)
https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-is-affected-by-session-timeout-issues-cve-2022-22318-cve-2022-22317/
Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)
https://spring.io/blog/2022/06/20/spring-data-mongodb-spel-expression-injection-vulnerability-cve-2022-22980