End-of-Day report
Timeframe: Montag 27-06-2022 18:00 - Dienstag 28-06-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Over 900,000 Kubernetes instances found exposed online
Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks.
https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/
Raccoon Stealer is back with a new version to steal your passwords
The Raccoon Stealer malware is back with a second major version circulating on cybercrime forums, offering hackers elevated password-stealing functionality and upgraded operational capacity.
https://www.bleepingcomputer.com/news/security/raccoon-stealer-is-back-with-a-new-version-to-steal-your-passwords/
ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks
A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks.
https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Microsoft: Support-Ende von Exchange 2013 naht - jetzt Migration planen
Der Exchange-Server 2013 erreicht in neun Monaten sein absolutes Support-Ende. Daran erinnert Microsofts Exchange-Team und empfiehlt die zügige Migration.
https://heise.de/-7155579
Lockbit-Ransomware-Gruppe stellt sich professioneller auf
Die Erpresserbande hinter der Ransomware Lockbit hebt den Professionalisierungsgrad auf eine neue Stufe. Sogar ein Bug-Bounty-Programm hat sie aufgelegt.
https://heise.de/-7155742
Krypto-Lovescam: Wenn Tinder-Matches Investment-Tipps geben
Betrügerische Internetbekanntschaften zielen nicht darauf ab, Sie näher kennenzulernen. Sie bauen Vertrauen auf, um Sie später auf gefälschte Investitionsplattformen zu locken.
https://www.watchlist-internet.at/news/krypto-lovescam-wenn-tinder-matches-investment-tipps-geben/
Understanding the Function Call Stack
That thread was inspired by a series of tweets by inversecos who shared how malware authors will often use Native APIs instead of Win32 APIs as a mechanism to evade naive detections that assume every application will use the Win32 API function.
https://posts.specterops.io/understanding-the-function-call-stack-f08b5341efa4
De-anonymizing ransomware domains on the dark web
We have developed three techniques to identify ransomware operators dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups.
http://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html
Vulnerabilities
Firefox 102: Mehrere Sicherheitslücken geschlossen
Mozilla hat Version 102 von Firefox veröffentlicht. Diese Major-Version des Browsers ist die neue Basis für Firefox ESR und behebt einige Sicherheitsprobleme.
https://heise.de/-7156179
Security updates for Tuesday
Security updates have been issued by Debian (nodejs and squid), Fedora (uboot-tools), Red Hat (kernel-rt, kpatch-patch, and python), SUSE (drbd, openssl-1_0_0, oracleasm, and rubygem-rack), and Ubuntu (curl).
https://lwn.net/Articles/899239/
2022 CWE Top 25 Most Dangerous Software Weaknesses
The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.
https://us-cert.cisa.gov/ncas/current-activity/2022/06/28/2022-cwe-top-25-most-dangerous-software-weaknesses
Security Advisory - Password Verification Vulnerability of Huawei Router
http://www.huawei.com/en/psirt/security-advisories/2022/huawei-sa-20220628-01-2eda0853-en
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-vulnerable-to-multiple-vulnerabilities-3/
Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-october-2021-4/
Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent(CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915).
https://www.ibm.com/blogs/psirt/security-bulletin-a-remote-attack-vulnerability-in-apache-log4j-affects-ibm-common-licensings-license-key-server-lks-administration-and-reporting-tool-art-and-its-agentcve-2021-4104cve-20/
Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21248)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-java-jdk-affect-ibm-event-streams-cve-2022-21365-cve-2022-21360-cve-2022-21349-cve-2022-21341-cve-2022-21340-cve-2022-21305-cve-2022-21294-cve-2022-21/
Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-lodash-library-affect-tivoli-netcool-omnibus-webgui-cve-2019-1010266-cve-2020-28500-cve-2018-16487-cve-2018-3721-cve-2020-8203-cve-2021-23337-cve-2019-1074/
Security Bulletin: IBM Robotic Process Automation may be affected by multiple vulnerabilities in open source components (CVE-2019-0820, CVE-2020-15522, CVE-2021-43569)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-may-be-affected-by-multiple-vulnerabilities-in-open-source-components-cve-2019-0820-cve-2020-15522-cve-2021-43569/
Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-security-update-october-2021-3/
Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-31805)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-struts-library-affect-tivoli-netcool-omnibus-webgui-cve-2021-31805/
Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting vulnerability (CVE-2021-39074)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability-cve-2021-39074/
Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2021 & January 2022
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-virtualization-engine-ts7700-october-2021-january-2022/
K01311313: Linux kernel vulnerability CVE-2021-3612
https://support.f5.com/csp/article/K01311313
Long Term Support Channel Update for ChromeOS
http://chromereleases.googleblog.com/2022/06/long-term-support-channel-update-for.html