End-of-Day report
Timeframe: Donnerstag 23-06-2022 18:00 - Freitag 24-06-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
2FA: Wie sicher sind TOTP, Fido, SMS und Push-Apps?
Zwei- oder Multi-Faktor-Authentifizierung soll uns sicherer machen. Wir erklären, wie TOTP, Fido & Co. funktionieren und wovor sie schützen.
https://www.golem.de/news/2fa-wie-sicher-sind-totp-fido-sms-und-push-apps-2206-166287-rss.html
Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys
Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint.
https://thehackernews.com/2022/06/multiple-backdoored-python-libraries.html
Black Basta Ransomware Becomes Major Threat in Two Months
Black Basta ransomware has become a major new threat in just a couple months. Evidence suggests it was still in development in February 2022, and only became operational in April 2022.
https://www.securityweek.com/black-basta-ransomware-becomes-major-threat-two-months
There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families
Learn about the unique implementations of API Hammering malware samples and how to mitigate them.
https://unit42.paloaltonetworks.com/api-hammering-malware-families/
Vulnerabilities
Angreifer nutzen kontinuierlich Log4Shell-Lücke in VMware Horizon aus
Die Cybersecurity & Infrastructure Security Agency warnt vor Attacken auf die Virtualisierungslösung VMware Horizon. Admins sollten zügig handeln.
https://heise.de/-7152258
Security updates for Friday
Security updates have been issued by Fedora (ntfs-3g and ntfs-3g-system-compression), SUSE (389-ds, chafa, containerd, mariadb, php74, python3, salt, and xen), and Ubuntu (apache2).
https://lwn.net/Articles/898925/
Codesys Patches 11 Flaws Likely Affecting Controllers From Several ICS Vendors
Codesys this week announced patches for nearly a dozen vulnerabilities discovered in the company-s products by researchers at Chinese cybersecurity firm NSFocus.
https://www.securityweek.com/codesys-patches-11-flaws-likely-affecting-controllers-several-ics-vendors
ZDI-22-872: DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-872/
Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2022-22389)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-cve-2022-22389/
Security Bulletin: One or more security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics (CVE-2020-4230,CVE-2020-4135,CVE-2020-4204,CVE-2020-4200)
https://www.ibm.com/blogs/psirt/security-bulletin-one-or-more-security-vulnerabilities-has-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics-cve-2020-4230cve-2020-4135cve-2020-4204/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2019-10086, CVE-2021-41617)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2019-10086-cve-2021-41617/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-22/
Security Bulletin: IBM Robotic Process Automation is vulnerable to configuration credentials unencrypted in system memory (CVE-2022-22414)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-configuration-credentials-unencrypted-in-system-memory-cve-2022-22414-2/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-21/
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities due to the consumed Expat library
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-affected-by-multiple-vulnerabilities-due-to-the-consumed-expat-library/
Security Bulletin: CVE-2021-35603 may affect IBM® SDK, Java- Technology Edition for IBM Content Collector for SAP Applications
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35603-may-affect-ibm-sdk-java-technology-edition-for-ibm-content-collector-for-sap-applications/
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. (CVE-2022-22390)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-caused-by-improper-privilege-management-when-table-function-is-used-cve-2022-22390/
Security Bulletin: Multiple vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-has-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/
Security Bulletin: IBM Security Guardium is affected by an information leak vulnerability within Kafka (CVE-2021-38153)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-leak-vulnerability-within-kafka-cve-2021-38153/
Security Bulletin: A vulnerability in zlib affects IBM Common Inventory Technology (CIT).
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-zlib-affects-ibm-common-inventory-technology-cit/
Security Bulletin: CVE-2020-35550 may affect IBM® SDK, Java- Technology Edition for IBM Content Collector for SAP Applications
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-35550-may-affect-ibm-sdk-java-technology-edition-for-ibm-content-collector-for-sap-applications/
K26314875: Apache vulnerability CVE-2022-26377
https://support.f5.com/csp/article/K26314875
Citrix Hypervisor Security Update
https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update
OFFIS DCMTK
https://us-cert.cisa.gov/ics/advisories/icsma-22-174-01
Yokogawa STARDOM
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-01
Yokogawa CAMS for HIS
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-02
Secheron SEPCOS Control and Protection Relay
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-03
Pyramid Solutions EtherNet/IP Adapter Development Kit
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-04
Elcomplus SmartICS
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-05