End-of-Day report
Timeframe: Donnerstag 30-06-2022 18:00 - Freitag 01-07-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Microsoft-Analyse: Linux-Malware-Kampagne erhält bemerkenswertes Update
Ein Sicherheitsteam von Microsoft hat beobachtet, dass die Malware-Gruppe "8220 Gang" ihre Kampagne signifikant aktualisiert hat. Im Visier: Linux-Systeme.
https://heise.de/-7159495
FBI and CISA warn: This ransomware is using RDP flaws to break into networks
US exposes MedusaLocker, one of the ransomware gangs that ramped up activity as the pandemic gripped the world.
https://www.zdnet.com/article/fbi-and-cisa-warn-this-ransomware-is-using-rdp-flaws-to-break-into-networks/
RanSim: a ransomware simulation script written in PowerShell
You can use RanSim to test your defenses and backups against real ransomware-like activity in a controlled setting. The same script can be used to decrypt the files if needed.
https://github.com/lawndoc/RanSim
Vulnerabilities
Sicherheitsupdates: Viele Jenkins-Plug-ins als Schlupflöcher für Angreifer
Software-Entwickler aufgepasst: Lücken in Plug-ins für den Automation-Server Jenkins geschlossen. Etliche Patches lassen aber noch auf sich warten.
https://heise.de/-7160083
Security updates for Friday
Security updates have been issued by Debian (firefox-esr, isync, kernel, and systemd), Fedora (chromium, curl, firefox, golang-github-vultr-govultr-2, and xen), Mageia (openssl, python-bottle, and python-pyjwt), Red Hat (compat-openssl10, curl, expat, firefox, go-toolset-1.17 and go-toolset-1.17-golang, go-toolset:rhel8, kernel, kpatch-patch, libarchive, libgcrypt, libinput, libxml2, pcre2, php:7.4, php:8.0, qemu-kvm, ruby:2.6, thunderbird, and vim), and Ubuntu (curl, libjpeg6b, and vim).
https://lwn.net/Articles/899701/
GitLab: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um Informationen offenzulegen, Sicherheitseinstellungen zu umgehen, einen Denial of Service zu verursachen, Daten zu manipulieren und Code zur Ausführung zu bringen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0531
Microsoft Edge 103.0.1264.44 fixt CVE-2022-33680 (30. Juni 2022)
Microsoft hat zum 30. Juni 2022 den Edge-Browser im Stable Channel auf die Version 103.0.1264.44 aktualisiert. Es ist ein Wartungsupdate, welches die als kritisch eingestufte Elevation of Privilege-Schwachstelle CVE-2022-33680 (Ausbruch aus der Sandbox) beseitigt.
https://www.borncity.com/blog/2022/07/01/microsoft-edge-103-0-1264-44-fixt-cve-2022-33680-30-juni-2022/
ZDI-22-948: Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-948/
Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5709.php
Security Bulletin: IBM UrbanCode Deploy (UCD) could disclose sensitive database information to a local user in plain text. (CVE-2022-22367)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-could-disclose-sensitive-database-information-to-a-local-user-in-plain-text-cve-2022-22367/
Security Bulletin: IBM Urbancode Deploy (UCD) vulnerable to information disclosure which can be read by a local user. (CVE-2022-22366)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-vulnerable-to-information-disclosure-which-can-be-read-by-a-local-user-cve-2022-22366/
Security Bulletin: Vulnerabilities in Samba, OpenSSL, Python, and XStream affect IBM Spectrum Protect Plus (CVE-2021-20254, CVE-2021-3712, CVE-2021-43859, CVE-2022-0778, CVE-2020-25717, CVE-2021-23192, CVE-2021-3733)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-samba-openssl-python-and-xstream-affect-ibm-spectrum-protect-plus-cve-2021-20254-cve-2021-3712-cve-2021-43859-cve-2022-0778-cve-2020-25717-cve-2021-2319/
Security Bulletin: IBM InfoSphere Information Server Pack for SAP Apps and BW Packs is affected by an improper validation vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-pack-for-sap-apps-and-bw-packs-is-affected-by-an-improper-validation-vulnerability/
Security Bulletin: UrbanCode Deploy is vulnerable to denial of service due to Jackson-databind (CVE-2020-36518)
https://www.ibm.com/blogs/psirt/security-bulletin-urbancode-deploy-is-vulnerable-to-denial-of-service-due-to-jackson-databind-cve-2020-36518/
Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Protect Plus
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-postgresql-may-affect-ibm-spectrum-protect-plus/
Kibana: Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0527
npm: Schwachstelle ermöglicht Cross-Site Scripting
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0524
Exemys RME1
https://us-cert.cisa.gov/ics/advisories/icsa-22-181-01
Yokogawa Wide Area Communication Router
https://us-cert.cisa.gov/ics/advisories/icsa-22-181-02
Emerson DeltaV Distributed Control System
https://us-cert.cisa.gov/ics/advisories/icsa-22-181-03
Distributed Data Systems WebHMI
https://us-cert.cisa.gov/ics/advisories/icsa-22-181-04
2022-09 FragAttacks ProSoft RadioLinx RLX2
https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=14521&mediaformatid=50063&destinationid=10016
Unauthorized RCE CVE-2022-28219 in Zoho ManageEngine ADAudit Plus
https://www.borncity.com/blog/2022/07/01/unauthorized-rce-cve-2022-28219-in-zoho-manageengine-adaudit-plus/