[CERT-daily] Tageszusammenfassung - 10.06.2021

Thu Jun 10 18:12:08 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 09-06-2021 18:00 − Donnerstag 10-06-2021 18:00
Handler:     Robert Waldner
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ Cloud Atlas Navigates Us Into New Waters ∗∗∗
---------------------------------------------
Learn how to interpret nameserver activity to enumerate infrastructure in the context of a recent Cloud Atlas example investigated by Senior Security Researcher, Chad Anderson.
---------------------------------------------
https://www.domaintools.com/resources/blog/cloud-atlas-navigates-us-into-new-waters


∗∗∗ BloodHound – Sniffing Out the Path Through Windows Domains ∗∗∗
---------------------------------------------
BloodHound is as a tool allowing for the analysis of AD rights and relations, focusing on the ones that an attacker may abuse.
---------------------------------------------
https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/


∗∗∗ Quarterly Report: Incident Response trends from Spring 2021 ∗∗∗
---------------------------------------------
While the security community made a great effort to warn users of the exploitation of several Microsoft Exchange Server zero-day vulnerabilities, it was still the biggest threat Cisco Talos Incident Response (CTIR) saw this past quarter. 
---------------------------------------------
https://blog.talosintelligence.com/2021/06/quarterly-report-incident-response.html


∗∗∗ CISA Addresses the Rise in Ransomware Targeting Operational Technology Assets ∗∗∗
---------------------------------------------
CISA has published the Rising Ransomware Threat to OT Assets fact sheet in response to the recent increase in ransomware attacks targeting operational technology (OT) assets and control systems.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/06/09/cisa-addresses-rise-ransomware-targeting-operational-technology


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Jetzt patchen! Attacken auf Googles Webbrowser Chrome könnten bevorstehen ∗∗∗
---------------------------------------------
Es ist eine gegen verschiedene Attacken abgesicherte Version des Webbrowsers Chrome erschienen.
---------------------------------------------
https://heise.de/-6067353


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (htmldoc, lasso, and rails), Fedora (exiv2, firefox, and microcode_ctl), openSUSE (python-HyperKitty), Oracle (389-ds-base, qemu-kvm, qt5-qtimageformats, and samba), Red Hat (container-tools:3.0, container-tools:rhel8, postgresql:12, and postgresql:13), Scientific Linux (389-ds-base, hivex, libwebp, qemu-kvm, qt5-qtimageformats, samba, and thunderbird), SUSE (caribou, djvulibre, firefox, gstreamer-plugins-bad, kernel, libopenmpt, libxml2,
---------------------------------------------
https://lwn.net/Articles/859008/


∗∗∗ ZOLL Defibrillator Dashboard ∗∗∗
---------------------------------------------
This advisory contains mitigations for Unrestricted Upload of File with Dangerous Type, Use of Hard-coded Cryptographic Key, Cleartext Storage of Sensitive Information, Cross-site Scripting, Storing Passwords in a Recoverable Format, and Improper Privilege Management vulnerabilities in the ZOLL Defibrillator Dashboard software.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01


∗∗∗ Rockwell Automation FactoryTalk Services Platform ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Protection Mechanism Failure vulnerability in Rockwell Automations Factory Talk Services Platform software.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-161-01


∗∗∗ AGG Software Web Server Plugin ∗∗∗
---------------------------------------------
This advisory contains mitigations for Path Traversal, and Cross-site Scripting vulnerabilities in AGG Softwares Server Plugin.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-161-02


∗∗∗ Security Advisory - Resource Management Error Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210609-01-resource-en


∗∗∗ Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-2773) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-java-se-cve-2020-2773/


∗∗∗ Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Eclipse Jetty (CVE-2021-28163, CVE-2021-28164, CVE-2021-28165) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-eclipse-jetty-cve-2021-28163-cve-2021-28164-cve-2021-28165/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Db2 affect IBM Spectrum Protect Server (CVE-2020-5024, CVE-2020-5025, CVE-2020-4976) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-affect-ibm-spectrum-protect-server-cve-2020-5024-cve-2020-5025-cve-2020-4976/


∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX316324

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily