[CERT-daily] Tageszusammenfassung - 21.07.2021

Daily end-of-shift report team at cert.at
Wed Jul 21 18:13:19 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 20-07-2021 18:00 − Mittwoch 21-07-2021 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Trügerische Gewinnversprechen ∗∗∗
---------------------------------------------
Der Onlinehandel mit Finanzinstrumenten wird bei Anlegern immer beliebter. Diesen Trend machen sich Betrüger zunutze. Sie versprechen hohe Gewinne mit betrügerischen Cybertrading-Plattformen.
---------------------------------------------
https://www.bmi.gv.at/news.aspx?id=4661724A4D466861696B4D3D


∗∗∗ XLoader malware steals logins from macOS and Windows systems ∗∗∗
---------------------------------------------
A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/xloader-malware-steals-logins-from-macos-and-windows-systems/


∗∗∗ NPM package steals Chrome passwords on Windows via recovery tool ∗∗∗
---------------------------------------------
New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/npm-package-steals-chrome-passwords-on-windows-via-recovery-tool/


∗∗∗ Betrügerische E-Mail im Namen der Raiffeisen Bank im Umlauf ∗∗∗
---------------------------------------------
Zahlreiche InternetnutzerInnen finden derzeit ein vermeintliches E-Mail der Raiffeisen Bank in ihrem Posteingang. Darin wird behauptet, dass aufgrund aktueller Betrugsversuche ein neues Sicherheitssystem notwendig sei.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-e-mail-im-namen-der-raiffeisen-bank-im-umlauf/


∗∗∗ CVE-2021-31969: Underflowing in the Clouds ∗∗∗
---------------------------------------------
You can now have your storage in the cloud while exploring it locally on your system. On Windows, this is done via the Cloud Sync Engine. This component exposes a native API known as the Cloud Filter API.
---------------------------------------------
https://www.thezdi.com/blog/2021/7/19/cve-2021-31969-underflowing-in-the-clouds


∗∗∗ New Attacks on Kubernetes via Misconfigured Argo Workflows ∗∗∗
---------------------------------------------
Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances.
---------------------------------------------
https://www.intezer.com/blog/container-security/new-attacks-on-kubernetes-via-misconfigured-argo-workflows/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Nasty Linux Systemd Security Bug Revealed ∗∗∗
---------------------------------------------
Qualys has discovered a new systemd security bug that enables any unprivileged user to cause a denial of service via a kernel panic.
---------------------------------------------
https://it.slashdot.org/story/21/07/20/211230/nasty-linux-systemd-security-bug-revealed


∗∗∗ Vulnerability in ON24 Plugin for macOS Shares More Than Just Your Screen ∗∗∗
---------------------------------------------
ON24 presenter mode requires you to install a plugin that is used to share your screen. For the macOS app (DesktopScreenShare.app), the plugin is started automatically once a user logs on.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vulnerability-in-on24-plugin-for-macos-shares-more-than-just-your-screen/


∗∗∗ HiveNightmare: Nutzer können die Windows-Passwort-Datenbank auslesen ∗∗∗
---------------------------------------------
Fehlerhafte Zugriffsrechte verursachen eine Sicherheitslücke in Windows 10 und 11. Einen Patch gibt es noch nicht – wir zeigen aber erste Workarounds.
---------------------------------------------
https://heise.de/-6143746


∗∗∗ Sicherheitsupdates: Adobe patcht Photoshop & Co. außer der Reihe ∗∗∗
---------------------------------------------
Angreifer könnten Computer, auf denen unter anderem Adobe After Effects oder Prelude laufen, mit Schadcode attackieren.
---------------------------------------------
https://heise.de/-6143780


∗∗∗ Root-Kernel-Lücke bedroht viele Linux-Distributionen ∗∗∗
---------------------------------------------
Sicherheitsforscher demonstrieren erfolgreiche Attacken auf Debian, Fedora und Ubuntu. Im Anschluss hatten sie Root-Rechte. Patches schaffen Abhilfe.
---------------------------------------------
https://heise.de/-6144023


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (ant, code, dino, firefox-ublock-origin, go, libuv, nextcloud-app-mail, nodejs-lts-erbium, nodejs-lts-fermium, openvswitch, putty, racket, telegram-desktop, and wireshark-cli), Debian (kernel, linux-4.19, and systemd), Fedora (kernel, kernel-headers, kernel-tools, and krb5), Gentoo (systemd), Mageia (perl-Convert-ASN1 and wireshark), openSUSE (caribou, containerd, crmsh, fossil, icinga2, kernel, nextcloud, and systemd), Red Hat (389-ds:1.4, glibc,[...]
---------------------------------------------
https://lwn.net/Articles/863861/


∗∗∗ Apple Releases Security Updates ∗∗∗
---------------------------------------------
Apple has released security updates to address vulnerabilities in Safari 14.1.2 and iOS 14.7.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/apple-releases-security-updates


∗∗∗ Malware Targeting Pulse Secure Devices ∗∗∗
---------------------------------------------
As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed 13 malware samples related to exploited Pulse Secure devices.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices


∗∗∗ VU#914124: Arcadyan-based routers and modems vulnerable to authentication bypass ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/914124


∗∗∗ Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2021070121


∗∗∗ Security Bulletin: Multiple vulnerabilities in F5 NGINX Controller affect IBM Cloud Pak for Automation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/


∗∗∗ Nvidia GPU Display Treiber: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0769


∗∗∗ PuTTY: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0790


∗∗∗ Mitsubishi Electric MELSEC-F Series ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list