[CERT-daily] Tageszusammenfassung - 04.08.2021

Wed Aug 4 18:13:49 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 03-08-2021 18:00 − Mittwoch 04-08-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New Cobalt Strike bugs allow takedown of attackers’ servers ∗∗∗
---------------------------------------------
Security researchers have discovered Cobalt Strike denial of service (DoS) vulnerabilities that allow blocking beacon command-and-control (C2) communication channels and new deployments.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-cobalt-strike-bugs-allow-takedown-of-attackers-servers/


∗∗∗ Phishing Campaign Dangles SharePoint File-Shares ∗∗∗
---------------------------------------------
Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.
---------------------------------------------
https://threatpost.com/phishing-sharepoint-file-shares/168356/


∗∗∗ Three Problems with Two Factor Authentication, (Tue, Aug 3rd) ∗∗∗
---------------------------------------------
Usability remains a challenge for two-factor authentication. I recently came across a review of a healthcare-related mobile app, and a one-star review complained about how unusable the application is due to its two-factor requirement.
---------------------------------------------
https://isc.sans.edu/diary/rss/27704


∗∗∗ Pivoting and Hunting for Shenanigans from a Reported Phishing Domain, (Wed, Aug 4th) ∗∗∗
---------------------------------------------
I was alerted to a web page masquerading as a local financial institution earlier in the day. The phishing web page was constructed well, looked extremely similar to the financial institutions actual page and had input fields for victims to input their credentials.
---------------------------------------------
https://isc.sans.edu/diary/rss/27710


∗∗∗ SAML is insecure by design ∗∗∗
---------------------------------------------
SAML uses signatures based on computed values. The practice is inherently insecure and thus SAML as a design is insecure.
---------------------------------------------
https://joonas.fi/2021/08/saml-is-insecure-by-design/


∗∗∗ Vulnerability Spotlight: Use-after-free vulnerability in tinyobjloader ∗∗∗
---------------------------------------------
Cisco Talos recently discovered a use-after-free vulnerability in a specific function of tinyobjloader.
---------------------------------------------
https://blog.talosintelligence.com/2021/08/vuln-spotlight-.html


∗∗∗ Value of PLC Key Switch Monitoring to Keep Critical Systems More Secure ∗∗∗
---------------------------------------------
Programmable Logic Controllers (PLC) and Safety Instrumented Systems (SIS) Controllers have historically included an external switch, generally in the form of a key, to perform maintenance and troubleshooting. 
---------------------------------------------
https://www.dragos.com/blog/industry-news/value-of-plc-key-switch-monitoring/


∗∗∗ OpSec Leaky Images ∗∗∗
---------------------------------------------
Hackers love your marketing department. Fact! Your marketing department love telling the world what happens in your company, then they attach images to the posts, often of staff at work.
---------------------------------------------
https://www.pentestpartners.com/security-blog/opsec-leaky-images/


∗∗∗ Achtung Scheckbetrug: Restaurant-BesitzerInnen erhalten betrügerische Reservierungsanfragen! ∗∗∗
---------------------------------------------
BetrügerInnen versuchen mit vermeintlichen Reservierungen an das Geld von Restaurant-BesitzerInnen zu kommen: Wenn ein vermeintlicher Gast aus dem Ausland für eine größere Gruppe reservieren und das Geld vorab per Scheck bezahlen will, gilt es vorsichtig zu sein.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-scheckbetrug-restaurant-besitzerinnen-erhalten-betruegerische-reservierungsanfragen/


∗∗∗ IntelMQ 3.0 - Configuration, Domain based workflow, IEPs ∗∗∗
---------------------------------------------
We are happy to announce the completion of the IntelMQ 3.0 milestone.
---------------------------------------------
https://cert.at/en/blog/2021/8/intelmq-30-domain-based-workflow-ieps


∗∗∗ Shodan Verified Vulns 2021-08-01 ∗∗∗
---------------------------------------------
Schwachstellen machen leider keine Pause im Sommer und entsprechend haben wir auch diesen Monat wieder einen Blick auf jene geworfen, die Shodan in Österreich sieht.
---------------------------------------------
https://cert.at/de/aktuelles/2021/8/shodan-verified-vulns-2021-08-01


=====================
=  Vulnerabilities  =
=====================

∗∗∗ INFRA:HALT: Neue Schwachstellen im TCP/IP-Stack von Industriegeräten entdeckt ∗∗∗
---------------------------------------------
Das Forscherteam um "Amnesia:33", "Number:Jack" und Co. hat weitere Schwachstellen gefunden – diesmal im "NicheStack" für den Bereich Operational Technology.
---------------------------------------------
https://heise.de/-6154631


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (asterisk, libpam-tacplus, and wordpress), Fedora (buildah and podman), openSUSE (thunderbird and webkit2gtk3), Oracle (kernel and varnish:6), SUSE (kernel, kvm, and webkit2gtk3), and Ubuntu (libdbi-perl and php-pear).
---------------------------------------------
https://lwn.net/Articles/865192/


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container could allow a remote attacker to execute arbitrary code due to CVE-2021-33195 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-could-allow-a-remote-attacker-to-execute-arbitrary-code-due-to-cve-2021-33195/


∗∗∗ Security Bulletin: Vulnerability in Apache Commons IO may affect Cúram Social Program Management (CVE-2021-29425) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-io-may-affect-cram-social-program-management-cve-2021-29425/


∗∗∗ Security Bulletin: Vulnerability in Dojo may affect Cúram Social Program Management (CVE-2020-5258) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dojo-may-affect-cram-social-program-management-cve-2020-5258/


∗∗∗ Security Bulletin: IBM API Connect is impacted by reflected cross site scripting (CVE-2020-4707) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-reflected-cross-site-scripting-cve-2020-4707/


∗∗∗ PHOENIX CONTACT : Products utilizing WIBU SYSTEMS CodeMeter components in versions prior to V7.21a ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2021-036


∗∗∗ PHOENIX CONTACT : DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2021-029


∗∗∗ Dell integrated Dell Remote Access Controller: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0830


∗∗∗ Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html


∗∗∗ SYSS-2021-042: Tiny Java Web Server and Servlet Container (TJWS) – Reflected Cross-Site Scripting ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-042-tiny-java-web-server-and-servlet-container-tjws-reflected-cross-site-scripting

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily