[CERT-daily] Tageszusammenfassung - 27.08.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 26-08-2021 18:00 − Freitag 27-08-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Cosmos DB: Tausende Azure-Nutzer von Sicherheitslücke betroffen ∗∗∗
---------------------------------------------
Angreifer hätten an die Schlüssel zu Cosmos-Datenbanken gelangen können. Viele große Firmen wie Coca-Cola setzen auf den Azure-Datenbankdienst.
---------------------------------------------
https://www.golem.de/news/cosmos-db-tausende-azure-nutzer-von-sicherheitsluecke-betroffen-2108-159178-rss.html


∗∗∗ Ragnarok Master-Decryptor-Schlüssel veröffentlicht ∗∗∗
---------------------------------------------
Opfer der Ragnarok-Ransomware, deren Daten bei einem Angriff verschlüsselt wurden, können wieder hoffen. Nachdem die Cyber-Kriminellen gerade ihren Betrieb eingestellt hat, wurde der Master-Decryptor-Schlüssel veröffentlicht. Damit sollten sich die verschlüsselten Dateien wiederherstellen lassen.
---------------------------------------------
https://www.borncity.com/blog/2021/08/27/ragnarok-master-decryptor-schlssel-verffentlicht/


∗∗∗ Widespread credential phishing campaign abuses open redirector links ∗∗∗
---------------------------------------------
Microsoft has been actively tracking a widespread credential phishing campaign using open redirector links, which allow attackers to use a URL in a trusted domain and embed the eventual final malicious URL as a parameter.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/


∗∗∗ Big bad decryption bug in OpenSSL – but no cause for alarm ∗∗∗
---------------------------------------------
The buggy codes in there, alright. Fortunately, its hard to get OpenSSL to use it even if you want to, which mitigates the risk.
---------------------------------------------
https://nakedsecurity.sophos.com/2021/08/27/big-bad-decryption-bug-in-openssl-but-no-cause-for-alarm/


∗∗∗ How Passwords Get Hacked ∗∗∗
---------------------------------------------
Can you think of an online service that doesn’t require a password? Everything on the internet requires a password. However, constantly creating and remembering new and ever more complex passwords is no small task. In fact, 66% of people polled admitted to using the same password more than once because of how hard it is to remember passwords that are considered strong. Taking steps to make passwords easier to remember can also make them easier for hackers to guess.
---------------------------------------------
https://blog.sucuri.net/2021/08/how-passwords-get-hacked-2.html


∗∗∗ AWS ReadOnlyAccess: Not Even Once ∗∗∗
---------------------------------------------
You need to give your AWS role a set of permissions, but you still want to feel warm and safe on the inside. "Why not ReadOnlyAccess?" you ask. "I can just deny the permissions I don’t like" you proclaim. Let me show you how your faith in ReadOnly access will betray you and leave you with trust issues.
---------------------------------------------
https://posts.specterops.io/aws-readonlyaccess-not-even-once-ffbceb9fc908


∗∗∗ FBI Releases Indicators of Compromise Associated with Hive Ransomware ∗∗∗
---------------------------------------------
The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with ransomware attacks by Hive, a likely Ransomware-as-a-Service organization consisting of a number of actors using multiple mechanisms to compromise business networks, exfiltrate data and encrypt data on the networks, and attempt to collect a ransom in exchange for access to the [...]
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/08/27/fbi-releases-indicators-compromise-associated-hive-ransomware


∗∗∗ Academics bypass PINs for Mastercard and Maestro contactless payments ∗∗∗
---------------------------------------------
A team of scientists from a Swiss university has discovered a way to bypass PIN codes on contactless cards from Mastercard and Maestro.
---------------------------------------------
https://therecord.media/academics-bypass-pins-for-mastercard-and-maestro-contactless-payments/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdates: Root-Kernel-Lücke bedroht IBMs Betriebssystem AIX ∗∗∗
---------------------------------------------
Angreifer könnten Systeme mit IBM AIX attackieren und sich Root-Rechte verschaffen. Sicherheitsupdates schaffen Abhilfe.
---------------------------------------------
https://heise.de/-6176064


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (haproxy and libopenmpt), openSUSE (aws-cli, python-boto3, python-botocore,, dbus-1, and qemu), Oracle (rh-postgresql10-postgresql), Red Hat (compat-exiv2-023, compat-exiv2-026, exiv2, libsndfile, microcode_ctl, python27, rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon, rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon, and rh-python38), Scientific Linux (compat-exiv2-023 and compat-exiv2-026), SUSE (compat-openssl098), and Ubuntu (libssh, openssl, [...]
---------------------------------------------
https://lwn.net/Articles/867636/


∗∗∗ Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000 ∗∗∗
---------------------------------------------
This advisory contains mitigation for an Improper Authorization vulnerability in Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000, an enterprise access control and integrated security management system.​​​​
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-01


∗∗∗ Annke Network Video Recorder ∗∗∗
---------------------------------------------
This advisory contains mitigation for a Stack-based Buffer Overflow vulnerability in the Annke N48PBB Network Video Recorder.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02


∗∗∗ Delta Electronics DIAEnergie ∗∗∗
---------------------------------------------
This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Incorrect Authorization, Unrestricted Upload of File with Dangerous Type, SQL Injection, and Cross-site Request Forgery vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03


∗∗∗ Delta Electronics DOPSoft ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in Delta Electronics DOPSoft HMI editing software
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-04


∗∗∗ SYSS-2021-035, SySS-2021-036, SySS-2021-037, SySS-2021-038, SySS-2021-039: Mehrere Schwachstellen im MIK.starlight-Server ∗∗∗
---------------------------------------------
Mehrere Funktionen im MIK.starlight-Server deserialisieren Daten auf unsichere Weise und erlauben einem Angreifer dadurch die Übernahme des Systems.
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-035-syss-2021-036-syss-2021-037-syss-2021-038-syss-2021-039-mehrere-schwachstellen-in-mikstarlight-server


∗∗∗ libssh: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0918


∗∗∗ Authenticated RCE in BSCW Server ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/authenticated-rce-in-bscw-server/


∗∗∗ XML Tag Injection in BSCW Server ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/xml-tag-injection-in-bscw-server/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily