End-of-Day report
Timeframe: Donnerstag 04-08-2022 18:00 - Freitag 05-08-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
ENISA Threat Landscape for Ransomware Attacks
This report aims to bring new insights into the reality of ransomware incidents through mapping and studying ransomware incidents from May 2021 to June 2022.
https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-ransomware-attacks
Kopieren mit rsync anfällig für Angriffe
Die angekündigte neue rsync-Version soll verhindern, dass ein Server gezielt Dateien auf dem Client überschreibt und diesen damit kompromittiert.
https://heise.de/-7202888
VMware-Updates: Schnelles Handeln "extrem wichtig"
Admin-Zugang ohne Passwort - und das ist nur eine der zehn Lücken, für die VMware dringliche Updates bringt.
https://heise.de/-7204524
Achtung vor falschen Polizeianrufen!
Werden Sie von einer unauffälligen Nummer angerufen, wo Ihnen angeblich die Polizei verwirft, ein Verbrechen begangen zu haben? Bekommen Sie viele Anrufe, Nachrichten oder Sprachboxnachrichten von fremden Personen, die auf ein Telefongespräch hinweisen, welches Sie nicht führten? Das ist alles Teil einer Betrugsmasche.
https://www.watchlist-internet.at/news/achtung-vor-falschen-polizeianrufen/
New Linux malware brute-forces SSH servers to breach networks
A new botnet called RapperBot has emerged in the wild since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers and then establishing persistence.
https://www.bleepingcomputer.com/news/security/new-linux-malware-brute-forces-ssh-servers-to-breach-networks/
Facebook finds new Android malware used by APT hackers
Meta (Facebook) has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as Bitter APT and APT36 (aka Transparent Tribe) using new Android malware.
https://www.bleepingcomputer.com/news/security/facebook-finds-new-android-malware-used-by-apt-hackers/
Finding hooks with windbg
In this blogpost we are going to look into hooks, how to find them, and how to restore the original functions.
https://blog.nviso.eu/2022/08/05/finding-hooks-with-windbg/
Vulnerabilities
Kritische Lücken in Ciscos SMB-Routern
Das Web-Interface der Cisco-Router der RV-Serie ermöglicht diverse unauthentifizierte Aktionen - Updates stellen das ab.
https://heise.de/-7203891
VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal
Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device.
https://kb.cert.org/vuls/id/495801
IBM Security Bulletins 2022-08-04
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data, IBM Security Identity Manager Virtual Appliance, IBM Robotic Process Automation, IBM Spectrum Scale Data Access Services, IBM Sterling Connect:Direct for UNIX Certified Container
https://www.ibm.com/blogs/psirt/
Security update available in Foxit Reader for Linux 2.4.5
Addressed a potential issue where the application could be exposed to Use-After-Free vulnerability. This occurs as the application executes the destructor under png_safe_execute. (CVE-2019-7317)
https://www.foxit.com/support/security-bulletins.html
Security updates for Friday
Security updates have been issued by CentOS (firefox, thunderbird, and xorg-x11-server), Debian (xorg-server), Gentoo (Babel, go, icingaweb2, lib3mf, and libmcpp), Oracle (389-ds:1.4, go-toolset:ol8, httpd, mariadb:10.5, microcode_ctl, and ruby:2.5), Red Hat (xorg-x11-server), Scientific Linux (xorg-x11-server), SUSE (buildah, go1.17, go1.18, harfbuzz, python-ujson, qpdf, u-boot, and wavpack), and Ubuntu (gnutls28, libxml2, mod-wsgi, openjdk-8, openjdk-8, openjdk-lts, openjdk-17, openjdk-18, [...]
https://lwn.net/Articles/903997/
Regarding vulnerability measure against buffer overflow for Laser Printers and Small Office Multifunction Printers - 04 August 2022
Multiple cases of buffer overflow vulnerabilities have been identified with Canon Laser Printers and Small Office Multifunctional Printers. Related CVEs are: CVE-2022-24672, CVE-2022-24673 and CVE-2022-24674. A list of affected models is given below.
https://www.canon-europe.com/support/product-security-latest-news/
ZDI-22-1064: OPC Foundation UA .NET Standard BrowseRequest Missing Authentication Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-22-1064/
F-Secure Linux Security und Internet GateKeeper: Schwachstelle ermöglicht Denial of Service
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0928
vim: Schwachstelle ermöglicht Codeausführung
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0926