End-of-Day report
Timeframe: Montag 01-08-2022 18:00 - Dienstag 02-08-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
Microsoft announces new solutions for threat intelligence and attack surface management
Defenders are up against the most sophisticated threat landscape we-ve ever seen. Today, we-re proud to execute our threat intelligence vision behind that acquisition and announce several new solutions to help security teams get ahead of adversaries and catch what others miss.
https://www.microsoft.com/security/blog/2022/08/02/microsoft-announces-new-solutions-for-threat-intelligence-and-attack-surface-management/
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
In this blog, ThreatLabz will analyze Raccoon Stealer v2 in the exe format, and highlight key differences from its predecessors.
https://www.zscaler.com/blogs/security-research/raccoon-stealer-v2-latest-generation-raccoon-family
Analyzing Attack Data and Trends Targeting Log4J
The Log4j vulnerability, initially reported in November 2021, has affected millions of devices and applications around the world.
https://www.wordfence.com/blog/2022/08/analyzing-attack-data-and-trends-targeting-log4j/
Die Watchlist Internet ist jetzt auf Instagram
Wir versorgen Sie ab sofort auch auf Instagram mit Warnungen vor Internetbetrug. In den Beiträgen und Storys zeigen wir Ihnen, wie Sie sich vor Internetbetrug schützen, Fallen rasch erkennen und sicher im Internet surfen.
https://www.watchlist-internet.at/news/die-watchlist-internet-ist-jetzt-auf-instagram/
giesler-drogerie.com ist Fake
Bei giesler-drogerie.com finden Sie günstige Parfums, Styling-Produkte und Kosmetikartikel. Das vollständige Impressum sowie die angeführten Kontaktmöglichkeiten vermitteln einen seriösen Eindruck. Die Angaben sind aber gefälscht. Wenn Sie dort einkaufen, verlieren Sie Ihr Geld und erhalten keine Lieferung.
https://www.watchlist-internet.at/news/giesler-drogeriecom-ist-fake/
Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities
The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area.
http://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework.
http://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
Vulnerabilities
VMware urges admins to patch critical auth bypass bug immediately
VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges.
https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-patch-critical-auth-bypass-bug-immediately/
Security updates for Tuesday
Security updates have been issued by Debian (curl and jetty9), Fedora (dovecot), Gentoo (vault), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, and squid), SUSE (booth, dovecot22, dwarves and elfutils, firefox, gimp, java-11-openjdk, kernel, and oracleasm), and Ubuntu (linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, net-snmp, and samba).
https://lwn.net/Articles/903555/
Go-Based Apps Vulnerable to Attacks Due to URL Parsing Issue
Israeli cloud-native application security testing firm Oxeye discovered that the way URL parsing is implemented in some Go-based applications creates vulnerabilities that could allow threat actors to conduct unauthorized actions.
https://www.securityweek.com/go-based-apps-vulnerable-attacks-due-url-parsing-issue
GnuTLS patches memory mismanagement bug - update now!
https://nakedsecurity.sophos.com/2022/08/01/gnutls-patches-memory-mismanagement-bug-update-now/
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by arbitrary code executiondue to GNU cpio (CVE-2021-38185)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-certified-container-is-affected-by-arbitrary-code-executiondue-to-gnu-cpio-cve-2021-38185/
VMSA-2022-0021
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
vim: Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0880
FastStone ImageViewer: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883