[CERT-daily] Tageszusammenfassung - 10.08.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 09-08-2021 18:00 − Dienstag 10-08-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ eCh0raix ransomware now targets both QNAP and Synology NAS devices ∗∗∗
---------------------------------------------
A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ech0raix-ransomware-now-targets-both-qnap-and-synology-nas-devices/


∗∗∗ Team Cymru’s Threat Hunting Maturity Model Explained ∗∗∗
---------------------------------------------
In this four part series we’ll be looking at Team Cymru’s Threat Hunting Maturity Model.
---------------------------------------------
https://team-cymru.com/blog/2021/08/09/team-cymrus-threat-hunting-maturity-model-explained/


∗∗∗ Chaos Malware Walks Line Between Ransomware and Wiper ∗∗∗
---------------------------------------------
The dangerous malware has been rapidly developed since June and could be released into the wild soon.
---------------------------------------------
https://threatpost.com/chaos-malware-ransomware-wiper/168520/


∗∗∗ Vulnerability Management Resources ∗∗∗
---------------------------------------------
SANS Vulnerability Management Resources collected in one place for easy access.
---------------------------------------------
https://www.sans.org/blog/vulnerability-management-resources


∗∗∗ XLSM Malware with MacroSheets ∗∗∗
---------------------------------------------
Excel-based malware has been around for decades and has been in the limelight in recent years.
---------------------------------------------
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/xlsm-malware-with-macrosheets/


∗∗∗ Gefälschtes E-Mail der Post im Umlauf ∗∗∗
---------------------------------------------
Sie warten auf ein Paket? Dann nehmen Sie sich vor gefälschten Benachrichtigungen der Post in Acht. BetrügerInnen behaupten in einer E-Mail, dass Ihr Paket nicht zugestellt werden konnte und Sie über einen Link einen weiteren Zustellversuch anfordern müssen.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschtes-e-mail-der-post-im-umlauf/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Root-Lücke in VPN-Lösung Pulse Connect Secure als Schadcode-Schlupfloch ∗∗∗
---------------------------------------------
Ein wichtiges Sicherheitsupdates schließt Schwachstellen in der Fernzugriff-Software Pulse Connect Secure.
---------------------------------------------
https://heise.de/-6159492


∗∗∗ Firefox und Firefox ESR gegen verschiedene Attacken abgesichert ∗∗∗
---------------------------------------------
Mozilla hat mehrere Sicherheitslücken in seinem Webbrowser Firefox geschlossen.
---------------------------------------------
https://heise.de/-6160037


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (flatpak and microcode_ctl), Debian (c-ares, lynx, openjdk-8, and tomcat9), Fedora (kernel), openSUSE (apache-commons-compress, aria2, djvulibre, fastjar, kernel, libvirt, linuxptp, mysql-connector-java, nodejs8, virtualbox, webkit2gtk3, and wireshark), Oracle (kernel, kernel-container, and microcode_ctl), Red Hat (glib2, kernel, kernel-rt, kpatch-patch, and rust-toolset-1.52 and rust-toolset-1.52-rust), Scientific Linux (microcode_ctl), [...]
---------------------------------------------
https://lwn.net/Articles/865872/


∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
Adobe has released security updates to address vulnerabilities in multiple Adobe products.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/adobe-releases-security-updates-multiple-products


∗∗∗ WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN65388002/


∗∗∗ SSA-938030: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-938030.txt


∗∗∗ SSA-865327: Incorrect Authorization Vulnerability in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-865327.txt


∗∗∗ SSA-830194: Missing Authentication Vulnerability in S7-1200 Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-830194.txt


∗∗∗ SSA-818688: Multiple Vulnerabilities in Solid Edge before SE2021MP7 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-818688.txt


∗∗∗ SSA-756744: OS Command Injection Vulnerability in SINEC NMS ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-756744.txt


∗∗∗ SSA-679335: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-679335.txt


∗∗∗ SSA-553445: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-553445.txt


∗∗∗ SSA-365397: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-365397.txt


∗∗∗ SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021) ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-309571.txt


∗∗∗ SSA-158827: Denial-of-Service Vulnerability in Automation License Manager ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-158827.txt


∗∗∗ Security Bulletin: A vulnerability in glibc impacts IBM Watson™ Speech Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-glibc-impacts-ibm-watson-speech-services/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-cve-2020-25705-cve-2020-28374-2/


∗∗∗ Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct File Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-file-agent-4/


∗∗∗ Security Bulletin: IBM Planning Analytics Spreadsheet Services is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-spreadsheet-services-is-affected-by-security-vulnerabilities/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-spring-framework-vulnerability-3/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Oracle MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-oracle-mysql-vulnerabilities-2/


∗∗∗ Security Bulletin: Vulnerability in self-service console affects IBM Cloud Pak System (CVE-2021-20478) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-self-service-console-affects-ibm-cloud-pak-system-cve-2021-20478-2/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-6/


∗∗∗ XSA-357 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-357.html


∗∗∗ TYPO3 Core: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0842


∗∗∗ SAP Patchday August 2021: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0847


∗∗∗ Citrix ShareFile storage zones controller security update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX322787


∗∗∗ XML External Entity Expansion in MobileTogether Server ∗∗∗
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-002/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily