[CERT-daily] Tageszusammenfassung - 16.06.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 15-06-2021 18:00 − Mittwoch 16-06-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Avaddon ransomwares exit sheds light on victim landscape ∗∗∗
---------------------------------------------
A new report analyzes the recently released Avaddon ransomware decryption keys to shed light on the types of victims targeted by the threat actors and potential revenue they generated throughout their operation.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/avaddon-ransomwares-exit-sheds-light-on-victim-landscape/


∗∗∗ Protecting Against Ransomware – From the Human Perspective ∗∗∗
---------------------------------------------
SANS blog post on what ransomware is, how it works, and most importantly, how to empower your workforce to protect against it.
---------------------------------------------
https://www.sans.org/blog/protecting-against-ransomware-from-the-human-perspective


∗∗∗ Nokia Deepfield global analysis shows most DDoS attacks originate from fewer than 50 hosting companies ∗∗∗
---------------------------------------------
In-depth analysis across large sample of networks globally fingerprints and traces origins of most DDoS attacks (by frequency and traffic volume)[...]
---------------------------------------------
https://www.nokia.com/about-us/news/releases/2021/06/14/nokia-deepfield-global-analysis-shows-most-ddos-attacks-originate-from-fewer-than-50-hosting-companies/


∗∗∗ The First Step: Initial Access Leads to Ransomware ∗∗∗
---------------------------------------------
Ransomware attacks still use email -- but not in the way you might think. Ransomware operators often buy access from independent cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains.
---------------------------------------------
https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware


∗∗∗ Achtung: Amazon-Bestellungen nicht außerhalb der Plattform abwickeln! ∗∗∗
---------------------------------------------
Über Amazon zu bestellen ist für viele ein einfacher Weg, um verschiedenste Produkte an einem Ort zu kaufen. Doch auch auf Amazon stößt man auf betrügerische Angebote! Wenn Amazon-HändlerInnen die Bestellung über E-Mail abwickeln wollen, sollten Sie vorsichtig sein.
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-amazon-bestellungen-nicht-ausserhalb-der-plattform-abwickeln/


∗∗∗ On the Security of RFID-based TOTP Hardware Tokens ∗∗∗
---------------------------------------------
Matthias Deeg und Gerhard Klostermeier untersuchten zwei unterschiedliche RFID-basierte TOTP Hardware-Token, das OTCP-P2 und das Protectimus SLIM NFC.
---------------------------------------------
https://www.syss.de/pentest-blog/on-the-security-of-rfid-based-totp-hardware-tokens


∗∗∗ Ukrainian police arrest Clop ransomware members, seize server infrastructure ∗∗∗
---------------------------------------------
Multiple suspects believed to be linked to the Clop ransomware cartel have been detained in Ukraine this week after a joint operation from law enforcement agencies from Ukraine, South Korea, and the US.
---------------------------------------------
https://therecord.media/ukrainian-police-arrest-clop-ransomware-members-seize-server-infrastructure/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Qnap: Updates für NAS beseitigen aus der Ferne ausnutzbare Schwachstelle ∗∗∗
---------------------------------------------
Betriebssystem-Updates für Qnaps Netzwerkspeicher (NAS) schließen zwei mit "Medium" bewertete Schwachstellen, von denen eine übers Internet attackierbar ist.
---------------------------------------------
https://heise.de/-6072554


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (prosody, python-urllib3, and xen), Fedora (dino, dotnet3.1, dotnet5.0, and vmaf), Oracle (gupnp, kernel, and kernel-container), Red Hat (gupnp), Scientific Linux (kernel), SUSE (java-1_8_0-openjdk, kernel, snakeyaml, and xorg-x11-libX11), and Ubuntu (bluez).
---------------------------------------------
https://lwn.net/Articles/860004/


∗∗∗ ZDI-21-502: An Information Disclosure Bug in ISC BIND server ∗∗∗
---------------------------------------------
You should verify you have a patched version of BIND as many OS distributions provide BIND packages that differ from the official ISC release versions.
---------------------------------------------
https://www.thezdi.com/blog/2021/6/15/zdi-21-502-an-information-disclosure-bug-in-isc-bind-server


∗∗∗ Security Advisory - Out-Of-Bounds Read Vulnerability On Several Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210616-01-cgp-en


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-http-server-used-by-websphere-application-server-2/


∗∗∗ Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2021-20492) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-liberty-for-java-for-ibm-cloud-is-vulnerable-to-an-xml-external-entity-injection-xxe-attack-cve-2021-20492/


∗∗∗ Security Bulletin: Stack-based Buffer Overflow vulnerabilities in IBM Spectrum Protect Back-up Archive Client and IBM Spectrum Protect for Space Management (CVE-2021-29672, CVE-2021-20546) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-stack-based-buffer-overflow-vulnerabilities-in-ibm-spectrum-protect-back-up-archive-client-and-ibm-spectrum-protect-for-space-management-cve-2021-29672-cve-2021-20546-2/


∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK affecting IBM Application Discovery and Delivery Intelligence V5.1.0.8, V5.1.0.9 and V6.0.0.0 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affecting-ibm-application-discovery-and-delivery-intelligence-v5-1-0-8-v5-1-0-9-and-v6-0-0-0/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMware (CVE-2020-27221, CVE-2020-14782) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2020-27221-cve-2020-14782/


∗∗∗ Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-14781) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-java-se-cve-2020-14781/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server terminates abnormally when executing a specifically crafted select statement. (CVE-2021-29702) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-as-the-server-terminates-abnormally-when-executing-a-specifically-crafted-select-statement-cve-2021-29702/


∗∗∗ Security Bulletin: IBM Security Identity Manager Password Synchronization Plug-in for Windows AD affected by multiple vulnerabilities (CVE-2021-20483, CVE-2021-20488) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-password-synchronization-plug-in-for-windows-ad-affected-by-multiple-vulnerabilities-cve-2021-20483-cve-2021-20488/


∗∗∗ Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2020-1968) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-an-openssl-vulnerability-cve-2020-1968/


∗∗∗ Security Bulletin: Resilient App Host secrets are not encrypted (CVE-2021-20567) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-resilient-app-host-secrets-are-not-encrypted-cve-2021-20567/


∗∗∗ Cross-Site Request Forgery Patched in WP Fluent Forms ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2021/06/cross-site-request-forgery-patched-in-wp-fluent-forms/


∗∗∗ Synology-SA-21:21 Audio Station ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_21_21


∗∗∗ Trend Micro InterScan Web Security Virtual Appliance: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0660


∗∗∗ ThroughTek P2P SDK ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-166-01


∗∗∗ Automation Direct CLICK PLC CPU Modules ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-166-02


∗∗∗ SYSS-2021-022, SYSS-2021-023, SYSS-2021-025, SYSS-2021-026: Mehrere Schwachstellen in HR-Software LOGA3 ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-022-syss-2021-023-syss-2021-025-syss-2021-026-mehrere-schwachstellen-in-hr-software-loga3


∗∗∗ SYSS-2021-007: Protectimus SLIM NFC – External Control of System or Configuration Setting (CWE-15) (CVE-2021-32033) ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-007-protectimus-slim-nfc-external-control-of-system-or-configuration-setting-cwe-15-cve-2021-32033

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily