End-of-Day report
Timeframe: Dienstag 21-06-2022 18:00 - Mittwoch 22-06-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign
A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021.
https://thehackernews.com/2022/06/newly-discovered-magecart.html
Du kommst hier nicht rein: Adobes PDF-Tools blockieren Antivirenschutz
Adobe Acrobat und Reader legen einen Registry-Eintrag an. Dieser hält über Chromiums libcef.dll Sicherheitsprogramm-DLLs aus den PDF-Programmen fern.
https://heise.de/-7147804
Sharehoster Mega: Sicherheitsforscher entschlüsseln eigentlich geschützte Daten
Eine problematische Kryptografie-Implementierung kann verschlüsselte Dateien für den Betreiber oder Angreifer lesbar machen.
https://heise.de/-7148227
Machen Sie mit bei unserer Studie zum Fake-Shop-Detector!
Fake-Shops stellen Konsument:innen vor große Herausforderungen: Sie werden immer zahlreicher und sind gleichzeitig schwieriger zu erkennen. Um das Einkaufen im Internet sicherer zu machen, haben wir den Fake-Shop Detector entwickelt.
https://www.watchlist-internet.at/news/machen-sie-mit-bei-unserer-studie-zum-fake-shop-detector/
Keeping PowerShell: Measures to Use and Embrace
Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks.
https://us-cert.cisa.gov/ncas/current-activity/2022/06/22/keeping-powershell-measures-use-and-embrace
Vulnerabilities
Webbrowser: Google schließt 14 Sicherheitslücken in Chrome
Mit dem Sprung auf das 103er-Release dichtet Google im Webbrowser Chrome 14 Schwachstellen ab. Auch für Android und iOS steht die neue Version bereit.
https://heise.de/-7147522
Security updates for Wednesday
Security updates have been issued by Debian (exo and ntfs-3g), Fedora (collectd, golang-github-cli-gh, grub2, qemu, and xen), Red Hat (httpd:2.4, kernel, and postgresql), SUSE (drbd, fwupdate, neomutt, and trivy), and Ubuntu (apache2, openssl, openssl1.0, and qemu).
https://lwn.net/Articles/898605/
JTEKT TOYOPUC
This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in the JTEKT TOYOPUC programmable logic controller.
https://us-cert.cisa.gov/ics/advisories/icsa-22-172-02
VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations
https://kb.cert.org/vuls/id/142546
Security Bulletin: June 2022 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway
https://www.ibm.com/blogs/psirt/security-bulletin-june-2022-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/
Security Bulletin: A vulnerability (CVE-2021-35550) in IBM Java Runtime affects CICS Transaction Gateway
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-cve-2021-35550-in-ibm-java-runtime-affects-cics-transaction-gateway/
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-browser-user-interface-is-vulnerable-to-multiple-vulnerabilities-due-to-jetty/
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35603)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-file-agent-is-vulnerable-to-an-unspecified-vulnerability-due-to-ibm-java-runtime-cve-2021-35603/
Security Bulletin: Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM) OpenSSL vulnerability CVE-2021-4044
https://www.ibm.com/blogs/psirt/security-bulletin-rational-team-concert-rtc-and-ibm-engineering-workflow-management-ewm-openssl-vulnerability-cve-2021-4044/
Security Bulletin: Security vulnerability has been identified in IBM DB2 used by IBM Security Verify Governance, Identity Manager virtual appliance component
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-ibm-db2-used-by-ibm-security-verify-governance-identity-manager-virtual-appliance-component/
Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer (CVE-2022-22475, CVE-2021-39038)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-application-server-and-websphere-application-server-liberty-affect-ibm-watson-explorer-cve-2022-22475-cve-2021-39038/
Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to unauthorized sensitive information access due to IBM Java vulnerability (CVE-2021-35603)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-ftp-is-vulnerable-to-unauthorized-sensitive-information-access-due-to-ibm-java-vulnerability-cve-2021-35603/
Security Bulletin: Vulnerability in Spring Framework affects IBM Watson Explorer (CVE-2022-22971, CVE-2022-22968, CVE-2022-22970)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-spring-framework-affects-ibm-watson-explorer-cve-2022-22971-cve-2022-22968-cve-2022-22970/
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35550)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-file-agent-is-vulnerable-to-an-unspecified-vulnerability-due-to-ibm-java-runtime-cve-2021-35550/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server January 2022 CPU that is bundled with IBM WebSphere Application Server Patterns
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-application-server-january-2022-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/
Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to unauthorized data access due to IBM Java (CVE-2021-35550)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-ftp-is-vulnerable-to-unauthorized-data-access-due-to-ibm-java-cve-2021-35550/
Security Bulletin: Vulnerability in OpenSSL affects IBM Watson Explorer (CVE-2022-0778)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-watson-explorer-cve-2022-0778/
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface has multiple vulnerabilities due to IBM Java
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-browser-user-interface-has-multiple-vulnerabilities-due-to-ibm-java/
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2022 - Includes Oracle® January 2022 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2022-includes-oracle-january-2022-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response/
K53252134: Intel BIOS vulnerability CVE-2021-0155
https://support.f5.com/csp/article/K53252134
K16162257: Intel BIOS vulnerability CVE-2021-0154
https://support.f5.com/csp/article/K16162257
K14454359: Intel BIOS vulnerability CVE-2021-0153
https://support.f5.com/csp/article/K14454359
K04303225: Intel BIOS vulnerability CVE-2021-0190
https://support.f5.com/csp/article/K04303225
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
https://psirt.bosch.com/security-advisories/bosch-sa-247052-bt.html
PHP Vulnerability
https://www.qnap.com/en-us/security-advisory/QSA-22-20