[CERT-daily] Tageszusammenfassung - 12.07.2021

Mon Jul 12 18:08:08 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 09-07-2021 18:00 − Montag 12-07-2021 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Conti Unpacked | Understanding Ransomware Development As a Response to Detection ∗∗∗
---------------------------------------------
Not yet two years old and already in its seventh iteration, Ransomware as a Service variant Conti has proven to be an agile and adept malware threat, capable of both autonomous and guided operation and with unparalleled encryption speed. [...] In this report, we describe in unprecedented detail the rapid evolution of this ransomware and how it has adapted quickly to defenders’ attempts to detect and analyze it.
---------------------------------------------
https://labs.sentinelone.com/conti-unpacked-understanding-ransomware-development-as-a-response-to-detection/


∗∗∗ Ransomware tracker: the latest figures ∗∗∗
---------------------------------------------
Ransomware attacks have been dominating the headlines, thanks to high-profile incidents against organizations including Colonial Pipeline, JBS, and Kaseya. But an analysis of attacks against certain sectors shows that not all industries are impacted to the same degree...
---------------------------------------------
https://therecord.media/ransomware-tracker-the-latest-figures/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Serv-U Remote Memory Escape Vulnerability CVE-2021-35211 ∗∗∗
---------------------------------------------
UPDATE July 10, 2021: NOTE: This security vulnerability only affects Serv-U Managed File Transfer and Serv-U Secure FTP and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products. SolarWinds was recently notified by Microsoft of a security vulnerability related to Serv-U Managed File Transfer Server and Serv-U Secured FTP and have developed a hotfix to resolve this vulnerability.
---------------------------------------------
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211


∗∗∗ Jetzt patchen! Sicherheitspatch schließt REvil-Lücke in Kaseya VSA ∗∗∗
---------------------------------------------
Admins sollten die IT-Management-Software VSA von Kaseya zügig aktualisieren. Angreifer nutzen derzeit mehrere Sicherheitslücken aus.
---------------------------------------------
https://heise.de/-6134473


∗∗∗ SECURITY BULLETIN: Trend Micro Worry-Free Business Security Incorrect Permission Assignment Denial-of-Service Vulnerability ∗∗∗
---------------------------------------------
Trend Micro has released new patches for Trend Micro Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services that resolve an incorrect permission assignment denial-of-service vulnerability.
---------------------------------------------
https://success.trendmicro.com/solution/000286856


∗∗∗ Security updates for Saturday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (gitlab, nodejs, openexr, php, php7, rabbitmq, ruby-addressable, and spice), Fedora (suricata), Gentoo (binutils, docker, runc, and tor), Mageia (avahi, botan2, connman, gstreamer1.0-plugins, htmldoc, jhead, libcroco, libebml, libosinfo, openexr, php, php-smarty, pjproject, and python), openSUSE (apache2, bind, bouncycastle, ceph, containerd, docker, runc, cryptctl, curl, dovecot23, firefox, graphviz, gstreamer-plugins-bad, java-1_8_0-openj9, java-1_8_0-openjdk, libass, libjpeg-turbo, libopenmpt, libqt5-qtwebengine, libu2f-host, libwebp, libX11, lua53, lz4, nginx, ovmf, postgresql10, postgresql12, python-urllib3, qemu, roundcubemail, solo, thunderbird, ucode-intel, wireshark, and xterm), and SUSE (permissions).
---------------------------------------------
https://lwn.net/Articles/862487/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (djvulibre), Gentoo (connman, gnuchess, openexr, and xen), openSUSE (arpwatch, avahi, dbus-1, dhcp, djvulibre, freeradius-server, fribidi, gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, gupnp, hivex, icinga2, jdom2, jetty-minimal, kernel, kubevirt, libgcrypt, libnettle, libxml2, openexr, openscad, pam_radius, polkit, postgresql13, python-httplib2, python-py, python-rsa, qemu, redis, rubygem-actionpack-5_1, salt, snakeyaml, squid, tpm2.0-tools, and xstream), Red Hat (xstream), and SUSE (bluez, csync2, dbus-1, jdom2, postgresql13, redis, slurm_20_11, and xstream).
---------------------------------------------
https://lwn.net/Articles/862673/


∗∗∗ Security Bulletin: Vulnerability in IBM Guardium Data Encryption (GDE) (CVE-2021-20414) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-guardium-data-encryption-gde-cve-2021-20414/


∗∗∗ Security Bulletin: IBM App Connect Enterprise v11 is affected by vulnerabilities in Node.js (CVE-2021-23358) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-v11-is-affected-by-vulnerabilities-in-node-js-cve-2021-23358/


∗∗∗ Security Bulletin: IBM MQ Appliance affected by a cross-site request forgery vulnerability (CVE-2020-4938) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-a-cross-site-request-forgery-vulnerability-cve-2020-4938/


∗∗∗ Security Bulletin: Apache CXF Vulnerability Affects IBM Global Mailbox (CVE-2021-22696) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-vulnerability-affects-ibm-global-mailbox-cve-2021-22696/


∗∗∗ Security Bulletin: glibc vulnerability affects IBM Elastic Storage System (CVE-2020-27618) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-glibc-vulnerability-affects-ibm-elastic-storage-system-cve-2020-27618/


∗∗∗ Security Bulletin: Event Streams documentation for generating .p12 files incorrectly adds the CA key into the file (CVE-2021-29792) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-event-streams-documentation-for-generating-p12-files-incorrectly-adds-the-ca-key-into-the-file-cve-2021-29792/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Tivoli Netcool/OMNIbus WebGUI (CVE-2021-29803, CVE-2021-29804, CVE-2021-29805, CVE-2021-29822) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-tivoli-netcool-omnibus-webgui-cve-2021-29803-cve-2021-29804-cve-2021-29805-cve-2021-29822/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by Mozilla Network Security Services (NSS) vulnerability (CVE-2020-25648) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-mozilla-network-security-services-nss-vulnerability-cve-2020-25648/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by multiple AngularJS vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-angularjs-vulnerabilities/


∗∗∗ Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-5/


∗∗∗ Critical ForgeRock Access Management Vulnerability ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/07/12/critical-forgerock-access-management-vulnerability

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily