[CERT-daily] Tageszusammenfassung - 25.06.2021

Fri Jun 25 18:06:50 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 24-06-2021 18:00 − Freitag 25-06-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ Binance exchange helped track down Clop ransomware money launderers ∗∗∗
---------------------------------------------
Cryptocurrency exchange service Binance played an important part in the recent arrests of Clop ransomware group members, helping law enforcement in their effort to identify, and ultimately detain the suspects.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/binance-exchange-helped-track-down-clop-ransomware-money-launderers/


∗∗∗ Microsoft signed a malicious Netfilter rootkit ∗∗∗
---------------------------------------------
What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?
---------------------------------------------
https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit


∗∗∗ SKS: Das Ende der alten PGP-Keyserver ∗∗∗
---------------------------------------------
Der Serverpool für die PGP-Keyserver mit der Software SKS wurde abgeschaltet. Grund sind Beschwerden wegen der Datenschutz-Grundverordnung.
---------------------------------------------
https://www.golem.de/news/sks-das-ende-der-alten-pgp-keyserver-2106-157613.html


∗∗∗ ‘What are the odds someone will find and exploit this?’ Nice one — you just released an insecure app ∗∗∗
---------------------------------------------
Who’s to blame: devs or management? And how do we cure application vulnerability epidemic Feature According to a recently published Osterman Research white paper, 81 per cent of developers admit to knowingly releasing vulnerable apps
---------------------------------------------
https://www.theregister.com/2021/06/25/application_vulnerability_epidemic/


∗∗∗ We explored the dangers of pirated sport streams so you don’t have to ∗∗∗
---------------------------------------------
The COVID pandemic has led to a surge in content consumption as people stayed home and turned to Netflix, Youtube and other streaming services for entertainment. Not everyone agrees with paying for the latest episode or album, however, and this rise has ran parallel with a rise in  digital piracy.
---------------------------------------------
https://www.webroot.com/blog/2021/05/12/we-explored-the-dangers-of-pirated-sport-streams-so-you-dont-have-to/


∗∗∗ Western Digital My Book Live: Trennen Sie Ihre Festplatten vom Internet ∗∗∗
---------------------------------------------
Daten auf Festplatten der WD-Baureihe My Book Live werden von extern gelöscht und durch fremde Passwörter unzugänglich gemacht.
---------------------------------------------
https://heise.de/-6119250


∗∗∗ Crackonosh malware abuses Windows Safe mode to quietly mine for cryptocurrency ∗∗∗
---------------------------------------------
The malware is thought to have generated millions of dollars in just a few short years.
---------------------------------------------
https://www.zdnet.com/article/crackonosh-malware-abuses-windows-safe-mode-to-quietly-mine-for-cryptocurrency/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, dovecot, exiv2, helm, keycloak, libslirp, matrix-appservice-irc, nginx-mainline, opera, pigeonhole, tor, tpm2-tools, and vivaldi), Debian (libgcrypt20), Fedora (pdfbox), Mageia (graphicsmagick, matio, and samba and ldb), openSUSE (dovecot23, gupnp, libgcrypt, live555, and ovmf), SUSE (gupnp, libgcrypt, openexr, and ovmf), and Ubuntu (ceph and rabbitmq-server).
---------------------------------------------
https://lwn.net/Articles/860981/


∗∗∗ Philips Interoperability Solution XDS ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Clear Text Transmission of Sensitive Information vulnerability in the Philips Interoperability Solution XDS document sharing system.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-21-175-01


∗∗∗ FATEK WinProladder ∗∗∗
---------------------------------------------
This advisory contains mitigations for Out-of-bounds Read, Out-of-bounds Write, and Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerabilities in FATEK WinProladder programmable logic controllers.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-175-01


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-4/


∗∗∗ Security Bulletin: Operations Dashboard is vulnerable to Go vulnerabilities (CVE-2021-27918 and CVE-2021-27919) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-go-vulnerabilities-cve-2021-27918-and-cve-2021-27919/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tika ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-tika-2/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty-2/


∗∗∗ Security Bulletin: IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python urllib3 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-python-urllib3/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache PDFBox ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-pdfbox/


∗∗∗ Security Bulletin: IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerability (CVE-2020-1971) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerability-cve-2020-1971/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily