End-of-Day report
Timeframe: Mittwoch 22-06-2022 18:00 - Donnerstag 23-06-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
Conti ransomware hacking spree breaches over 40 orgs in a month
The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month.
https://www.bleepingcomputer.com/news/security/conti-ransomware-hacking-spree-breaches-over-40-orgs-in-a-month/
Malicious Windows LNK attacks made easy with new Quantum builder
Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack.
https://www.bleepingcomputer.com/news/security/malicious-windows-lnk-attacks-made-easy-with-new-quantum-builder/
The hateful eight: Kaspersky-s guide to modern ransomware groups- TTPs
We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.
https://securelist.com/modern-ransomware-groups-ttps/106824/
Understanding the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190
Initially, I began this research to generate weaponized RTF files delivering the CVE-2022-30190(Follina) exploit.
https://cymulate.com/blog/cve-2022-30190-2/
Miracle - One Vulnerability To Rule Them All
As mentioned in Jang blog, We (me and Jang) found a mega 0-day. After April Critical Patch, finally the vulnerability was patched properly. If you never known about this vulnerability, please patch your system ASAP!
https://peterjson.medium.com/miracle-one-vulnerability-to-rule-them-all-c3aed9edeea2
Vorsicht vor betrügerischen -Remote Jobs- auf LinkedIn
-Work from Home Jobs No Experience Required- - von zuhause aus arbeiten, dabei bis zu 2.000- pro Woche verdienen und das alles ohne Berufserfahrung? Laut der massenhaft geschaltenen Stellenanzeigen von KADANSE ist das möglich. Was nicht erwähnt wird: Für diesen scheinbar lukrativen Job müssen Sie erst Geld bezahlen, der Job existiert so nicht.
https://www.watchlist-internet.at/news/vorsicht-vor-betruegerischen-remote-jobs-auf-linkedin/
Schwachstellen in Programmierschnittstellen
Weltweit sind 4,1 bis 7,5 Prozent der Cybersecurity-Vorfälle und -schäden auf Schwachstellen in Programmierschnittstellen (Application Programming Interfaces, APIs) zurückzuführen und verursachen Kosten in Milliardenhöhe.
https://www.zdnet.de/88402008/schwachstellen-in-programmierschnittstellen/
Vulnerabilities
IBM Security Bulletins 2022-06-22
IBM App Connect Enterprise, IBM Engineering Lifecycle Management, WebSphere Liberty, CICS Transaction Gateway, Watson Knowledge Catalog for IBM Cloud Pak for Data, IBM Robotic Process Automation, IBM Tivoli Business Service Manager, IBM MQ Internet Pass-Thru, IBM Cognos Analytics, IBM Sterling Global Mailbox.
https://www.ibm.com/blogs/psirt/
Synology: Aktualisierte Firmware dichtet Sicherheitslecks in Routern ab
In Firmware von Synology-Geräten hat der Hersteller Sicherheitslücken gefunden. Angreifer könnten unter anderem unberechtigt auf Dateien zugreifen.
https://heise.de/-7151202
Security updates for Thursday
Security updates have been issued by Debian (chromium, firejail, and request-tracker4), Fedora (ghex, golang-github-emicklei-restful, and openssl1.1), Oracle (postgresql), Scientific Linux (postgresql), Slackware (openssl), SUSE (salt and tor), and Ubuntu (apache2 and squid, squid3).
https://lwn.net/Articles/898720/
Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-asdm-sig-NPKvwDjm
Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asasfr-cmd-inject-PE4GfdG
K55051330: Intel BIOS vulnerability CVE-2021-33123
https://support.f5.com/csp/article/K55051330
K87351324: Intel BIOS vulnerability CVE-2021-33124
https://support.f5.com/csp/article/K87351324