[CERT-daily] Tageszusammenfassung - 23.06.2021

Wed Jun 23 18:11:04 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 22-06-2021 18:00 − Mittwoch 23-06-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ A week after arrests, Cl0p ransomware group dumps new tranche of stolen data ∗∗∗
---------------------------------------------
Leak shows that, like the rest of the ransomware scourge, Cl0p isnt going away.
---------------------------------------------
https://arstechnica.com/?p=1775362


∗∗∗ SonicWall bug affecting 800K firewalls was only partially fixed ∗∗∗
---------------------------------------------
New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sonicwall-bug-affecting-800k-firewalls-was-only-partially-fixed/


∗∗∗ PYSA ransomware backdoors education orgs using ChaChi malware ∗∗∗
---------------------------------------------
The PYSA ransomware gang has been using a remote access Trojan (RAT) dubbed ChaChi to backdoor the systems of healthcare and education organizations and steal data that later gets leveraged in double extortion ransom schemes.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/pysa-ransomware-backdoors-education-orgs-using-chachi-malware/


∗∗∗ Sure looks like someones pirating the REvil ransomware, tweaking the binary in a hex editor for their own crimes ∗∗∗
---------------------------------------------
Its a crook-eat-crook world out there It appears someone is pirating the infamous REvil ransomware by tweaking its files for their own purposes.
---------------------------------------------
https://www.theregister.com/2021/06/23/revil_ransomware_lv/


∗∗∗ Ferienwohnungen nicht auf luxfewo.de buchen ∗∗∗
---------------------------------------------
Ferienwohnungen und Unterkünfte werden heute überwiegend im Internet gebucht. Doch Vorsicht: Unter den zahlreichen Plattformen und Buchungswebseiten verstecken sich auch betrügerische Angebote. Wer beispielsweise auf luxfewo.de bucht und eine Anzahlung leistet, verliert viel Geld und hat am Ende keine Unterkunft.
---------------------------------------------
https://www.watchlist-internet.at/news/ferienwohnungen-nicht-auf-luxfewode-buchen/


∗∗∗ MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework ∗∗∗
---------------------------------------------
The MITRE Corporation, one of the most respected organizations in the cybersecurity field, has released today D3FEND, a complementary framework to its industry-recognized ATT&CK matrix.
---------------------------------------------
https://therecord.media/mitre-releases-d3fend-defensive-measures-complimentary-to-its-attck-framework/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE ∗∗∗
---------------------------------------------
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts -- with no patches in sight.
---------------------------------------------
https://threatpost.com/unpatched-linux-marketplace-bugs-rce/167155/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel and linux-4.19), Fedora (tor), Oracle (rh-postgresql10-postgresql), Red Hat (kernel), SUSE (ansible, apache2, dovecot23, OpenEXR, ovmf, and wireshark), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-5.8, linux-azure,[...]
---------------------------------------------
https://lwn.net/Articles/860652/


∗∗∗ WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN63066062/


∗∗∗ VDE-CERT Advisories 2021-06-23: Multiple Vulnerabilities in Phoenix Contact Products and Weidmueller Industrial WLAN devices ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-infosphere-master-data-management-3/


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-infosphere-master-data-management-2/


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by InfoSphere Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-infosphere-master-data-management/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-13/


∗∗∗ Security Bulletin: IBM Security Verify Password Synchronization Plug-in for Windows AD affected by multiple vulnerabilities (CVE-2021-20488, CVE-2021-20494, CVE-2021-20572, CVE-2021-20573, CVE-2021-20574) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-password-synchronization-plug-in-for-windows-ad-affected-by-multiple-vulnerabilities-cve-2021-20488-cve-2021-20494-cve-2021-20572-cve-2021-20573-cve-2021-20/


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-infosphere-master-data-management/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerability-4/


∗∗∗ Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-node-js-vulnerability-5/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Information Exposure vulnerability (CVE-2020-4189) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-exposure-vulnerability-cve-2020-4189-4/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-21/


∗∗∗ VMSA-2021-0013 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0013.html


∗∗∗ Python Flask vulnerability CVE-2018-1000656 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K63597327


∗∗∗ Palo Alto Networks Patches Critical Vulnerability in Cortex XSOAR ∗∗∗
---------------------------------------------
https://www.securityweek.com/palo-alto-networks-patches-critical-vulnerability-cortex-xsoar


∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX316325


∗∗∗ Advantech WebAccess HMI Designer ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01


∗∗∗ CODESYS V2 web server ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-02


∗∗∗ CODESYS Control V2 communication ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-03


∗∗∗ CODESYS Control V2 Linux SysFile library ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-04

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily