Tageszusammenfassung - 20.07.2022

End-of-Day report

Timeframe: Dienstag 19-07-2022 18:00 - Mittwoch 20-07-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Stephan Richter

News

Sicherheitslücken in GPS-Tracker von MiCODUS können Menschenleben gefährden

Sicherheitsforscher warnen davor, dass Angreifer unter anderem PKWs der Regierung aus der Ferne stoppen könnten. Sicherheitspatches gibt es bislang nicht.

https://heise.de/-7184324


Phishing-Mail zu -unbefugten Aktivitäten- ignorieren!

Aktuell kursiert eine Phishing Nachricht im Namen der Raiffeisen Bank, die nach einer Authentifizierung verlangt. Angeblich wurde eine Zahlung in Höhe von 1259,00 EUR vorgenommen, die blockiert wurde. Achtung: Es handelt sich lediglich um einen erfundenen Grund, mit dem Kriminelle Sie zum Klick auf eine Phishing-Seite bewegen wollen. Löschen Sie die Nachricht einfach!

https://www.watchlist-internet.at/news/phishing-mail-zu-unbefugten-aktivitaeten-ignorieren/


Breaking down CISs new software supply chain security guidance

Securing the software supply chain continues to be one of the most discussed topics currently among IT and cybersecurity leaders. A study by In-Q-Tel researchers shows a rapid rise in software supply chain attacks starting around 2016, going from almost none in 2015 to about 1,500 in 2020. The Cloud Native Computing Foundation-s (CNCF-s) catalog of software supply chain attacks also supports a rise in this attack vector.

https://www.csoonline.com/article/3666742/breaking-down-ciss-new-software-supply-chain-security-guidance.html


Luna and Black Basta - new ransomware for Windows, Linux and ESXi

This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.

https://securelist.com/luna-black-basta-ransomware/106950/


PrestaShop Skimmer Concealed in One Page Checkout Module

PrestaShop is a popular freemium open source e-commerce platform used by hundreds of thousands of webmasters to sell products and services to website visitors. While PrestaShop-s CMS market share is only 0.8%, it should still come as no surprise that attackers have been crafting malware to specifically target environments who use this software.

https://blog.sucuri.net/2022/07/prestashop-skimmer-concealed-in-one-page-checkout-module.html


LockBit: Ransomware Puts Servers in the Crosshairs

LockBit affiliates using servers to spread ransomware throughout networks.

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockbit-targets-servers


Analysis of a trojanized jQuery script: GootLoader unleashed

In this blog post, we will perform a deep analysis into GootLoader, malware which is known to deliver several types of payloads, such as Kronos trojan, REvil, IcedID, GootKit payloads and in this case Cobalt Strike.

https://blog.nviso.eu/2022/07/20/analysis-of-a-trojanized-jquery-script-gootloader-unleashed/


4 Strategies for Achieving Greater Visibility in the Cloud

Here are four ways to put visibility at the center of your cloud security approach and better understand whats going on in your environment.

https://www.rapid7.com/blog/post/2022/07/20/4-strategies-for-achieving-greater-visibility-in-the-cloud/

Vulnerabilities

Jetzt patchen! Oracle sichert seine Produkte mit 349 Updates ab

Wichtige Sicherheitspatches schließen unter anderem kritische Lücken in Oracle-Anwendungen.

https://heise.de/-7184179


Sicherheitsupdates: Root-Lücke bedroht Zyxel-Firewalls

Mehrere Firewall-Modelle von Zyxel sind über Sicherheitslücken attackierbar.

https://heise.de/-7184526


Security updates for Wednesday

Security updates have been issued by Fedora (golang-github-gosexy-gettext, golang-github-hub, oci-seccomp-bpf-hook, and popub), Oracle (kernel and kernel-container), SUSE (python2-numpy), and Ubuntu (check-mk and pyjwt).

https://lwn.net/Articles/901879/


Chrome 103 Update Patches High-Severity Vulnerabilities

Google this week announced a Chrome update that resolves a total of 11 vulnerabilities in the browser, including six reported by external researchers. Of these, five are use-after-free issues, including four that are considered -high severity.-

https://www.securityweek.com/chrome-103-update-patches-high-severity-vulnerabilities


HCL BigFix: Mehrere Schwachstellen

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder Informationen offenzulegen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0733


OpenJDK: Mehrere Schwachstellen ermöglichen Codeausführung

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenJDK ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder Dateien zu manipulieren.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0746


Arista EOS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Arista EOS ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0761


Red Hat OpenShift (Logging Subsystem): Schwachstelle ermöglicht Denial of Service

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift (Logging Subsystem) ausnutzen, um einen Denial of Service Angriff durchzuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0707


Security Bulletin: IBM Resilient Platform could allow formula injection in Excel (CVE-2020-4633)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-platform-could-allow-formula-injection-in-excel-cve-2020-4633-3/


Security Bulletin: IBM InfoSphere Information Analyzer is affected by a cross-site scripting vulnerability in jQuery-UI(CVE-2021-41184)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-analyzer-is-affected-by-a-cross-site-scripting-vulnerability-in-jquery-uicve-2021-41184/


Security Bulletin: Multiple cross-site scripting vulnerabilities in JQuery affect IBM InfoSphere Information Server

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-cross-site-scripting-vulnerabilities-in-jquery-affect-ibm-infosphere-information-server/


Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15)

https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-security-vulnerability-as-it-relates-to-ibm-maximo-scheduler-optimization-apache-log4j-cve-2021-45105-affecting-v2-16-and-cve-2021-45046-affecting-v2-15/


Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Expact library.

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-in-expact-library/


Security Bulletin: IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-is-vulnerable-to-cross-site-scripting-cve-2022-22477-2/


Security Bulletin: IBM QRadar SIEM is vulnerable to improper certificate validation (CVE-2021-29755)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-improper-certificate-validation-cve-2021-29755/


Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities.

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-3/


Security Bulletin: IBM QRadar SIEM is vulnerable to infomation disclosured due to incorrect file permissions (CVE-2022-22424)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-infomation-disclosured-due-to-incorrect-file-permissions-cve-2022-22424/


Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-ibm-qradar-siem/


Security Bulletin: IBM QRadar SIEM is vulnerable to infomarion discosure (CVE-2021-38936)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-infomarion-discosure-cve-2021-38936/


Security Bulletin: Vulnerability in Java SE related to the JSSE component affects DB2 Recovery Expert for Linux, Unix and Windows

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-java-se-related-to-the-jsse-component-affects-db2-recovery-expert-for-linux-unix-and-windows/


Security Bulletin: A security vulnerability in Node.js nconf affects IBM Cloud Pak for Multicloud Management Managed Services

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-nconf-affects-ibm-cloud-pak-for-multicloud-management-managed-services/


Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-2773)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-java-se-cve-2020-2773-3/