Tageszusammenfassung - 28.06.2022

End-of-Day report

Timeframe: Montag 27-06-2022 18:00 - Dienstag 28-06-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer

News

Over 900,000 Kubernetes instances found exposed online

Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks.

https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/


Raccoon Stealer is back with a new version to steal your passwords

The Raccoon Stealer malware is back with a second major version circulating on cybercrime forums, offering hackers elevated password-stealing functionality and upgraded operational capacity.

https://www.bleepingcomputer.com/news/security/raccoon-stealer-is-back-with-a-new-version-to-steal-your-passwords/


ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks

A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks.

https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html


Microsoft: Support-Ende von Exchange 2013 naht - jetzt Migration planen

Der Exchange-Server 2013 erreicht in neun Monaten sein absolutes Support-Ende. Daran erinnert Microsofts Exchange-Team und empfiehlt die zügige Migration.

https://heise.de/-7155579


Lockbit-Ransomware-Gruppe stellt sich professioneller auf

Die Erpresserbande hinter der Ransomware Lockbit hebt den Professionalisierungsgrad auf eine neue Stufe. Sogar ein Bug-Bounty-Programm hat sie aufgelegt.

https://heise.de/-7155742


Krypto-Lovescam: Wenn Tinder-Matches Investment-Tipps geben

Betrügerische Internetbekanntschaften zielen nicht darauf ab, Sie näher kennenzulernen. Sie bauen Vertrauen auf, um Sie später auf gefälschte Investitionsplattformen zu locken.

https://www.watchlist-internet.at/news/krypto-lovescam-wenn-tinder-matches-investment-tipps-geben/


Understanding the Function Call Stack

That thread was inspired by a series of tweets by inversecos who shared how malware authors will often use Native APIs instead of Win32 APIs as a mechanism to evade naive detections that assume every application will use the Win32 API function.

https://posts.specterops.io/understanding-the-function-call-stack-f08b5341efa4


De-anonymizing ransomware domains on the dark web

We have developed three techniques to identify ransomware operators dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups.

http://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html

Vulnerabilities

Firefox 102: Mehrere Sicherheitslücken geschlossen

Mozilla hat Version 102 von Firefox veröffentlicht. Diese Major-Version des Browsers ist die neue Basis für Firefox ESR und behebt einige Sicherheitsprobleme.

https://heise.de/-7156179


Security updates for Tuesday

Security updates have been issued by Debian (nodejs and squid), Fedora (uboot-tools), Red Hat (kernel-rt, kpatch-patch, and python), SUSE (drbd, openssl-1_0_0, oracleasm, and rubygem-rack), and Ubuntu (curl).

https://lwn.net/Articles/899239/


2022 CWE Top 25 Most Dangerous Software Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.

https://us-cert.cisa.gov/ncas/current-activity/2022/06/28/2022-cwe-top-25-most-dangerous-software-weaknesses


Security Advisory - Password Verification Vulnerability of Huawei Router

http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220628-01-2eda0853-en


Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-vulnerable-to-multiple-vulnerabilities-3/


Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-october-2021-4/


Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent(CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915).

https://www.ibm.com/blogs/psirt/security-bulletin-a-remote-attack-vulnerability-in-apache-log4j-affects-ibm-common-licensings-license-key-server-lks-administration-and-reporting-tool-art-and-its-agentcve-2021-4104cve-20/


Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21248)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-java-jdk-affect-ibm-event-streams-cve-2022-21365-cve-2022-21360-cve-2022-21349-cve-2022-21341-cve-2022-21340-cve-2022-21305-cve-2022-21294-cve-2022-21/


Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-lodash-library-affect-tivoli-netcool-omnibus-webgui-cve-2019-1010266-cve-2020-28500-cve-2018-16487-cve-2018-3721-cve-2020-8203-cve-2021-23337-cve-2019-1074/


Security Bulletin: IBM Robotic Process Automation may be affected by multiple vulnerabilities in open source components (CVE-2019-0820, CVE-2020-15522, CVE-2021-43569)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-may-be-affected-by-multiple-vulnerabilities-in-open-source-components-cve-2019-0820-cve-2020-15522-cve-2021-43569/


Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-october-2021-3/


Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-31805)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-struts-library-affect-tivoli-netcool-omnibus-webgui-cve-2021-31805/


Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability (CVE-2021-39074)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability-cve-2021-39074/


Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2021 & January 2022

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-virtualization-engine-ts7700-october-2021-january-2022/


K01311313: Linux kernel vulnerability CVE-2021-3612

https://support.f5.com/csp/article/K01311313


Long Term Support Channel Update for ChromeOS

http://chromereleases.googleblog.com/2022/06/long-term-support-channel-update-for.html