[CERT-daily] Tageszusammenfassung - 19.08.2021

Daily end-of-shift report team at cert.at
Thu Aug 19 18:16:10 CEST 2021 

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 18-08-2021 18:00 − Donnerstag 19-08-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Cisco meldet gefährliche Remote-Angriffsmöglichkeiten auf Small Business-Router ∗∗∗
---------------------------------------------
Ein aktuelles Advisory von Cisco beschreibt eine kritische Sicherheitslücke, die mehrere Small Business-Router betrifft. Updates wird es nicht geben.
---------------------------------------------
https://heise.de/-6169343


∗∗∗ Ransomware-Attacken nehmen dramatisch zu ∗∗∗
---------------------------------------------
Mehr Ransomware-Angriffe, höhere Lösegeldforderungen und eine effizientere Verteilung - die Entwicklung der Datenerpressungsbranche ist besorgniserregend.
---------------------------------------------
https://heise.de/-6169583


∗∗∗ A Short History of Essay Spam (How We Got from Pills to Plagiarism) ∗∗∗
---------------------------------------------
>From answering beginner questions like 'What is SEO spam?' to breaking down the spammers' code and exactly how they hide their injections in compromised websites, we have written regularly about spam at Sucuri. If you’ve ever operated a WordPress website you will have certainly seen, at the very least, a litany of spam comments posted on your comments section.
---------------------------------------------
https://blog.sucuri.net/2021/08/a-short-history-of-essay-spam-how-we-got-from-pills-to-plagiarism.html


∗∗∗ Oh, Behave! Figuring Out User Behavior ∗∗∗
---------------------------------------------
I decided to embark on a journey to understand user behavior without knowing exactly how I would gather details about user activity as a research topic. A major component of this research is finding a way to gather data on user behavior without making too much noise or triggering detections in a live environment.
---------------------------------------------
https://www.trustedsec.com/blog/oh-behave-figuring-out-user-behavior/


∗∗∗ How to spot a DocuSign phish and what to do about it ∗∗∗
---------------------------------------------
Phishing scammers love well known brand names, particularly if youre expecting to hear from them.
---------------------------------------------
https://blog.malwarebytes.com/social-engineering/2021/08/how-to-spot-a-docusign-phish-and-what-to-do-about-it/


∗∗∗ Health authorities in 40 countries targeted by COVID‑19 vaccine scammers ∗∗∗
---------------------------------------------
Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns
---------------------------------------------
https://www.welivesecurity.com/2021/08/18/health-authorities-40-countries-targeted-covid19-vaccine-scammers/


∗∗∗ CISA Provides Recommendations for Protecting Information from Ransomware-Caused Data Breaches ∗∗∗
---------------------------------------------
CISA has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. These data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/08/18/cisa-provides-recommendations-protecting-information-ransomware


∗∗∗ Cisco: Security devices are vulnerable to SNIcat data exfiltration technique ∗∗∗
---------------------------------------------
Networking equipment vendor Cisco said today that some of its security products fail to detect and stop traffic to malicious servers that abuse a technique called SNIcat to covertly steal data from inside corporate networks.
---------------------------------------------
https://therecord.media/cisco-security-devices-are-vulnerable-to-snicat-data-exfiltration-technique/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Security Advisories 2021-08-18 ∗∗∗
---------------------------------------------
2 critical, 5 medium severity
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F08%2F18&firstPublishedEndDate=2021%2F08%2F18


∗∗∗ SSA-816035: Code Execution Vulnerability in SINEMA Remote Connect Client ∗∗∗
---------------------------------------------
The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-816035.txt


∗∗∗ VMSA-2021-0017 ∗∗∗
---------------------------------------------
VMware Workspace ONE UEM console patches address a denial of service vulnerability (CVE-2021-22029)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0017.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (exiv2, firefox, and thunderbird), Fedora (libsndfile, python-docx, and xscreensaver), openSUSE (haproxy), and SUSE (haproxy).
---------------------------------------------
https://lwn.net/Articles/866753/


∗∗∗ Positive Technologies helps to fix dangerous vulnerability in CODESYS ICS software ∗∗∗
---------------------------------------------
[...] This high-severity vulnerability (CVE-2021-36764) was discovered in the CODESYS V3 Runtime System software package (version 3.15.9.10). By exploiting it, an attacker can disable the PLC and disrupt the technological process. The vulnerability (NULL Pointer Dereference) was found in the CmpGateway component. An attacker with network access to the industrial controller can send a specially formed TCP packet and interrupt the operation of the PLC. Also, it has been found that this software contains another vulnerability (Local Privilege Escalation), which is currently being reviewed by the vendor.
---------------------------------------------
https://www.ptsecurity.com/ww-en/about/news/positive-technologies-helps-to-fix-dangerous-vulnerability-in-codesys-ics-software


∗∗∗ Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0892


∗∗∗ Internet Systems Consortium BIND: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0890


∗∗∗ Kritische Schwachstellen in Altus Sistemas de Automacao Produkten ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/kritische-schwachstellen-in-altus-sistemas-de-automacao-produkten/


∗∗∗ Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Golang Go ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-has-applied-security-fixes-for-its-use-of-golang-go/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2021 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-july-2021-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2021 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-july-2021-cpu-2/


∗∗∗ Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Apache HttpClient ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-has-applied-security-fixes-for-its-use-of-apache-httpclient/


∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-8/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-4/


∗∗∗ Linux kernel eBPF vulnerability CVE-2021-3490 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K43346111

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list