[CERT-daily] Tageszusammenfassung - 02.08.2021

Mon Aug 2 18:15:39 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 30-07-2021 18:00 − Montag 02-08-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Linux eBPF bug gets root privileges on Ubuntu - Exploit released ∗∗∗
---------------------------------------------
CVE-2021-3490. A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines. ... If properly exploited, a local attacker could get kernel privileges to run arbitrary code on the machine.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/linux-ebpf-bug-gets-root-privileges-on-ubuntu-exploit-released/


∗∗∗ Remote print server gives anyone Windows admin privileges on a PC ∗∗∗
---------------------------------------------
A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/remote-print-server-gives-anyone-windows-admin-privileges-on-a-pc/


∗∗∗ New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits ∗∗∗
---------------------------------------------
A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services (IIS) servers to infiltrate their networks.
---------------------------------------------
https://thehackernews.com/2021/08/new-apt-hacking-group-targets-microsoft.html


∗∗∗ PwnedPiper threatens thousands of hospitals worldwide, patch your systems now ∗∗∗
---------------------------------------------
Nine critical vulnerabilities in a popular hospital pneumatic tube software could give attackers control of infrastructure and allow them to launch additional attacks that cripple healthcare operations. Discovered by researchers at security platform provider Armis and dubbed PwnedPiper, the vulnerabilities are in the Nexus Control Panel software used by Translogic pneumatic tube systems (PTS) built by Swisslog Healthcare. 
---------------------------------------------
https://www.techrepublic.com/article/pwnedpiper-threatens-thousands-of-hospitals-worldwide-patch-your-systems-now/


∗∗∗ Vultur: Android-Trojaner späht Login-Daten für Bankkonten und E-Wallets aus ∗∗∗
---------------------------------------------
Die fernsteuerbare Malware Vultur für Android-Smartphones nutzt Funktionen zur Bildschirmaufzeichnung, um sensible Informationen auf Handys zu stehlen.
---------------------------------------------
https://heise.de/-6152250


∗∗∗ Palo Alto Networks Discloses New Attack Surface Targeting Microsoft IIS and SQL Server at Black Hat Asia 2021 ∗∗∗
---------------------------------------------
The technique allows attackers to remotely attack IIS and SQL Server to gain SYSTEM privileges by using Microsoft Jet database engine vulnerabilities. ... In response to this research, Microsoft released a complex patch to mitigate this attack surface. However, the patch is turned off by default and most Jet vulnerabilities are still not patched. We highly recommend that our customers proactively turn on mitigation to disable remote tables access in the registry and stay cautious of these kinds of attacks.
---------------------------------------------
https://unit42.paloaltonetworks.com/iis-and-sql-server/


∗∗∗ Decryptor released for Prometheus ransomware victims ∗∗∗
---------------------------------------------
Taiwanese security firm CyCraft has released a free application that can help victims of the Prometheus ransomware recover and decrypt some of their files.
---------------------------------------------
https://therecord.media/decryptor-released-for-prometheus-ransomware-victims/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Foxit PDF Reader und Editor: Updates beseitigen zahlreiche Schwachstellen ∗∗∗
---------------------------------------------
Für Foxits PDF-Software für Windows und macOS stehen Aktualisierungen bereit, die unter anderem vor Remote Code Execution-Angriffen schützen sollen.
---------------------------------------------
https://heise.de/-6152683


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (389-ds-base, consul, containerd, geckodriver, powerdns, vivaldi, webkit2gtk, and wpewebkit), Debian (aspell, condor, libsndfile, linuxptp, and lrzip), and Fedora (bluez, buildah, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, kernel, kernel-tools, mbedtls, mingw-exiv2, mingw-python-pillow, mrxvt, python-pillow, python2-pillow, redis, and seamonkey).
---------------------------------------------
https://lwn.net/Articles/864898/


∗∗∗ MISP: Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MISP ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0823


∗∗∗ Security Bulletin: October 2020 Patch Update for Java ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-october-2020-patch-update-for-java/


∗∗∗ Security Bulletin: Apache Commons ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons/


∗∗∗ Security Bulletin: Vulnerability in ksh affects AIX (CVE-2021-29741) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ksh-affects-aix-cve-2021-29741/


∗∗∗ Security Bulletin: Potential vulnerability with Node.js lodash module ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-lodash-module-2/


∗∗∗ Security Bulletin: Potential vulnerability with FasterXML jackson-databind ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-fasterxml-jackson-databind-3/


∗∗∗ Security Bulletin: Cloud Pak for Security has several security vulnerabilities addressed in the latest version ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-has-several-security-vulnerabilities-addressed-in-the-latest-version/


∗∗∗ Security Bulletin: Potential vulnerability with Node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-3/


∗∗∗ Security Bulletin: January 2021 Patch Update for Java ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-january-2021-patch-update-for-java/


∗∗∗ Security Bulletin: Oct 2020 Patch Update for Java ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-oct-2020-patch-update-for-java/


∗∗∗ Security Bulletin: IBM API Connect is impacted by multiple OpenSSL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-openssl-vulnerabilities/


∗∗∗ Security Bulletin: Potential vulnerability with Node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-5/


∗∗∗ Security Bulletin: Potential vulnerability in Java ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-in-java-2/


∗∗∗ Security Bulletin: Potential vulnerability with Node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-4/


∗∗∗ Security Bulletin: October 2020 Patch Update for Java ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-october-2020-patch-update-for-java-2/


∗∗∗ Security Bulletin: User Behavior Analytics application add on to IBM QRadar SIEM performs improper CSRF checking for some components ( CVE-2021-29757) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-user-behavior-analytics-application-add-on-to-ibm-qradar-siem-performs-improper-csrf-checking-for-some-components-cve-2021-29757/


∗∗∗ Security Bulletin: Potential vulnerability with Node.js lodash module ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-lodash-module-3/


∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by XML External Entity Injection vulnerability in WebSphere (CVE-2020-4949) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-xml-external-entity-injection-vulnerability-in-websphere-cve-2020-4949/


∗∗∗ Security Bulletin: Potential vulnerability with Node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-6/


∗∗∗ Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager DR ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affects-ibm-vm-recovery-manager-dr/


∗∗∗ Security Bulletin: Potential vulnerability in OpenSSL ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-in-openssl/


∗∗∗ Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager HA ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affects-ibm-vm-recovery-manager-ha/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily