[CERT-daily] Tageszusammenfassung - 26.08.2021

Daily end-of-shift report team at cert.at
Thu Aug 26 18:11:41 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 25-08-2021 18:00 − Donnerstag 26-08-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ Microsoft: ProxyShell bugs “might be exploited,” patch servers now! ∗∗∗
---------------------------------------------
Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-proxyshell-bugs-might-be-exploited-patch-servers-now/


∗∗∗ Valuable Datasets to Analyze Network Infrastructure | Part 3 ∗∗∗
---------------------------------------------
In the final installment of this series, learn about Passive DNS and how it works, explore valuable artifacts for investigations, and study our handy cheat sheet.
---------------------------------------------
https://www.domaintools.com/resources/blog/valuable-datasets-to-analyze-network-infrastructure-part-3


∗∗∗ Plug and Play: Adminrechte bekommt man auch mit Steelseries-Mäusen ∗∗∗
---------------------------------------------
Eine Maus einstecken und den dazugehörigen Installer für erweiterte Rechte ausnutzen: Das funktioniert bei Razer und auch bei Steelseries.
---------------------------------------------
https://www.golem.de/news/plug-and-play-adminrechte-bekommt-man-auch-mit-steelseries-maeusen-2108-159140.html


∗∗∗ Secure PLC Coding Practices ∗∗∗
---------------------------------------------
In the world of operational technology, programmable logic controllers (PLCs) control physical elements such as a municipal water supply system, the room temperature in offices or a chocolate bar packaging machine.
---------------------------------------------
https://securityblog.switch.ch/2021/08/26/secure-plc-coding-practices/


∗∗∗ Engineering Workstations Are Concerning Initial Access Vector in OT Attacks ∗∗∗
---------------------------------------------
Organizations that use industrial control systems (ICS) and other operational technology (OT) are increasingly concerned about cyber threats, and while they have taken steps to address risks, many don’t know if they have suffered a breach, according to a survey conducted by the SANS Institute on behalf of industrial cybersecurity firm Nozomi Networks.
---------------------------------------------
https://www.securityweek.com/engineering-workstations-are-concerning-initial-access-vector-ot-attacks


∗∗∗ Admin password re-use. Don’t do it ∗∗∗
---------------------------------------------
As a pentester, one of the most disappointing sights is see on a test is extensive local admin password reuse. I know others get excited as it means easy pwnage [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/admin-password-re-use-dont-do-it/


∗∗∗ Betrug mit angeblichen Nachrichten des Mobilfunkbetreibers ∗∗∗
---------------------------------------------
Erneut werden massenhaft betrügerische SMS ausgeschickt. Es soll sich um eine „Neue Nachricht des Mobilfunkbetreibers“ handeln. Für mehr Infos soll man einem Link folgen. Achtung: Der Link führt auf eine betrügerische Website mit Schadsoftware! Die Nachricht kommt nicht vom Netzbetreiber.
---------------------------------------------
https://www.watchlist-internet.at/news/betrug-mit-angeblichen-nachrichten-des-mobilfunkbetreibers/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Atlassian: Kritische Sicherheitslücke in Confluence ∗∗∗
---------------------------------------------
Nutzer, die die Wiki-Software Confluence von Atlassian selbst hosten, sind zum Update aufgefordert
---------------------------------------------
https://www.golem.de/news/atlassian-kritische-sicherheitsluecke-in-confluence-2108-159161.html


∗∗∗ ZDI-21-1026: (0Day) D-Link DIR-2055 HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2055 routers. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1026/


∗∗∗ ZDI-21-1025: (0Day) D-Link DIR-2055 HNAP Incorrect Comparison Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2055 routers. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1025/


∗∗∗ Ethereum-Client Geth: Dringendes Update wegen schwerer Lücke ∗∗∗
---------------------------------------------
Eine schwerwiegende Lücke im verbreiteten Ethereum-Client Geth könnte damit betriebene Blockchain-Knoten lahmlegen. Eine gepatchte Version steht aber bereit.
---------------------------------------------
https://heise.de/-6174832


∗∗∗ Updates verfügbar: Cisco fixt unter anderem kritische Lücke in APIC & Cloud APIC ∗∗∗
---------------------------------------------
Für die Verwaltungskomponente von Ciscos Application Centric Infrastructure (ACI) und viele weitere Produkte stehen wichtige Aktualisierungen bereit.
---------------------------------------------
https://heise.de/-6174789


∗∗∗ Drupal: Updates sichern zwei Module gegen Angriffe ab ∗∗∗
---------------------------------------------
Die Module "Webform" und "Admin Toolbar" für das Content Management System Drupal waren unter bestimmten Voraussetzungen via Cross-Site-Scripting angreifbar.
---------------------------------------------
https://heise.de/-6175086


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (community-mysql, containerd, dotnet3.1, dotnet5.0, perl-Encode, and tor), Mageia (gpsd), openSUSE (cacti, cacti-spine, go1.16, jetty-minimal, libmspack, mariadb, openexr, and tor), SUSE (aspell, jetty-minimal, libesmtp, mariadb, and unrar), and Ubuntu (firefox and mongodb).
---------------------------------------------
https://lwn.net/Articles/867492/


∗∗∗ Synology-SA-21:24 OpenSSL ∗∗∗
---------------------------------------------
Multiple vulnerabilities allow remote attackers to conduct denial-of-service attack or execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), VPN Plus Server or VPN Server.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_21_24


∗∗∗ Kaseya Unitrends update ∗∗∗
---------------------------------------------
Mid July 2021 we opened case DIVD-2021-00014 tracking multiple vulnerabilities in Kaseya Unitrends. These vulnerabilities consited of: An authenticated remote code execution vulnerability on the server, a privilege escaltion vulnerability from read-only user to admin on the server and a (yet) undisclosed vulnerability on the client [...]
---------------------------------------------
https://csirt.divd.nl/2021/08/26/Kaseya-Unitrends-update/


∗∗∗ Teamviewer: August Updates - Security Patches ∗∗∗
---------------------------------------------
https://community.teamviewer.com/English/discussion/117794/august-updates-security-patches/p1


∗∗∗ Security Bulletin: CVE-2020-2773 (deferred from Oracle Apr 2020 CPU) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2773-deferred-from-oracle-apr-2020-cpu-3/


∗∗∗ VMSA-2021-0019 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0019.html


∗∗∗ PHOENIX CONTACT : Security Advisory for FL SWITCH SMCS series (UPDATE A) ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2021-023


∗∗∗ HP OfficeJet: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0909

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list