End-of-Day report
Timeframe: Freitag 01-07-2022 18:00 - Montag 04-07-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Raspberry Robin: Microsoft warnt vor mysteriösem Wurm
Die Schadsoftware verbreitet sich über USB-Sticks. Unklar bleibt, wer die Urheber*innen sind und welches Ziel damit verfolgt wird.
https://futurezone.at/digital-life/raspberry-robin-wurm-windows-microsoft-warnt-usb/402061579
Warnung vor Hackerangriffen auf Politiker
Das BSI und der Verfassungsschutz warnen vor Hackern, die durch einen einfachen Trick den Zugang zu Chats von hochrangigen Politikern erlangen könnten.
https://www.tagesschau.de/investigativ/ndr-wdr/hacker-angriffe-verfassungsschutz-bsi-101.html
Gefälschtes ÖBB-Gewinnspiel auf WhatsApp
Viele WhatsApp-Nutzer:innen verbreiten unter ihren Kontakten unwissentlich ein Fake-ÖBB-Gewinnspiel. Die Nachricht lautet -ÖBB 100 Jahre Staatliche Verkehrsförderung! Jeder Bürger kann sich über--. Darunter ist ein Link. Der Link führt zu einem gefälschten Gewinnspiel. Klicken Sie nicht auf den Link, Sie werden abgezockt. Ignorieren Sie die Nachricht und melden Sie sie an WhatsApp.
https://www.watchlist-internet.at/news/gefaelschtes-oebb-gewinnspiel-auf-whatsapp/
CISA fordert US-Einrichtungen zum Patchen von CVE-2022-26925 in AD-Umgebungen auf
Zum 1. Juli 2022 hat die US Cybersecurity & Infrastructur Security Agency (CISA) erneut den Patch für die Schwachstelle CVE-2022-26925 (Active Directory) in die Liste der zu schließenden Schwachstellen aufgenommen (soll bis 22. 7. 2022 geschlossen werden).
https://www.borncity.com/blog/2022/07/04/cisa-fordert-us-einrichtungen-zum-patchen-von-cve-2022-26925-in-ad-umgebungen-auf/
Cloud OSINT. Finding Interesting Resources
Locating sensitive information, personally identifiable information (PII) and questionable assets in the cloud. TL; DR I had a curiosity driven excursion into the public clouds of AWS and Azure to [...]
https://www.pentestpartners.com/security-blog/cloud-osint-finding-interesting-resources/
Vulnerabilities
Django fixes SQL Injection vulnerability in new releases
Django, an open source Python-based web framework has patched a high severity vulnerability in its latest releases. Tracked as CVE-2022-34265, the potential SQL Injection vulnerability impacts Djangos main branch, and versions 4.1 (currently in beta), 4.0, and 3.2, with patches and new releases issued fixing the vulnerability.
https://www.bleepingcomputer.com/news/security/django-fixes-sql-injection-vulnerability-in-new-releases/
Security updates for Monday
Security updates have been issued by Debian (gnupg2 and kernel), Fedora (golang-github-apache-beam-2, golang-github-etcd-io-gofail, golang-github-intel-goresctrl, golang-github-spf13-cobra, golang-k8s-pod-security-admission, and vim), Oracle (.NET 6.0, compat-openssl10, compat-openssl11, cups, curl, expat, firefox, go-toolset:ol8, grub2,, gzip, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libarchive, libgcrypt, libinput, libxml2, pcre2, postgresql, python, rsync, rsyslog, [...]
https://lwn.net/Articles/899963/
libTIFF: Mehrere Schwachstellen ermöglichen Denial of Service
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0544
xpdf: Schwachstelle ermöglicht Denial of Service
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0543
HPE FlexNetwork und FlexFabric Switches: Schwachstelle ermöglicht Cross-Site Scripting
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0542
Kyocera Drucker: Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0551
Trend Micro Maximum Security: Schwachstelle ermöglicht Privilegieneskalation
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0550
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-cast-iron-solution-app-connect-professional-5/
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2022
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-cloud-pak-for-business-automation-ifixes-for-june-2022/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-cast-iron-solution-app-connect-professional-4/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-cast-iron-solution-app-connect-professional-3/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-cast-iron-solution-app-connect-professional-2/
Security Bulletin: Remote code execution vulnerability affect IBM Business Automation Workflow - CVE-2021-43138
https://www.ibm.com/blogs/psirt/security-bulletin-remote-code-execution-vulnerability-affect-ibm-business-automation-workflow-cve-2021-43138/
Security Bulletin: junrar Denial of Service (DoS) security vulnerability in IBM FileNet Content Manager Content Search Services (CSS)
https://www.ibm.com/blogs/psirt/security-bulletin-junrar-denial-of-service-dos-security-vulnerability-in-ibm-filenet-content-manager-content-search-services-css/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-functional-tester-8/
Security Bulletin: junrar v7.4.0 and prior Denial of Service (DoS) security vulnerability in IBM FileNet Content Manager Content Search Services (CSS)
https://www.ibm.com/blogs/psirt/security-bulletin-junrar-v7-4-0-and-prior-denial-of-service-dos-security-vulnerability-in-ibm-filenet-content-manager-content-search-services-css/