[CERT-daily] Tageszusammenfassung - 11.05.2021

Tue May 11 18:18:37 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 10-05-2021 18:00 − Dienstag 11-05-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ BSI aktualisiert den Mindeststandard zur Verwendung von Transport Layer Security (TLS) ∗∗∗
---------------------------------------------
Die neue Version 2.2 des Mindeststandards berücksichtigt die aktuellen Empfehlungen der technischen Richtlinien des BSI (TR 02102-2, TR 03116-4) und thematisiert den Umgang mit TLS-Protokoll-Versionen und kryptografischen Verfahren, die nicht den Vorgaben des Mindeststandards entsprechen.
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Mindeststandard_TLS_aktualisiert_100521.html


∗∗∗ Gefälschtes E-Mail der bank99 im Umlauf ∗∗∗
---------------------------------------------
Ihr bank99-Konto wurde angeblich gesperrt, weil Sie Ihre Identität nicht bestätigt haben? Vorsicht, diese Kundenmitteilung ist gefälscht. Kriminelle fälschen bank99-E-Mails, um an Ihre Zugangsdaten zu kommen. Klicken Sie keinesfalls auf den "Vorgang starten"-Link. Sie werden auf eine nachgebaute Login-Website geleitet.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschtes-e-mail-der-bank99-im-umlauf/


∗∗∗ US and Australia warn of escalating Avaddon ransomware attacks ∗∗∗
---------------------------------------------
The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/us-and-australia-warn-of-escalating-avaddon-ransomware-attacks/


∗∗∗ TeaBot: a new Android malware emerged in Italy, targets banks in Europe ∗∗∗
---------------------------------------------
[...] At the beginning of January 2021, a new Android banker started appearing and it was discovered and analysed by our Threat Intelligence and Incident Response (TIR) team. Since lack of information and the absence of a proper nomenclature of this Android banker family, we decide to dub it as TeaBot to better track this family inside our internal Threat Intelligence taxonomy.
---------------------------------------------
https://www.cleafy.com/documents/teabot


∗∗∗ Beware of Applications Misusing Root Stores ∗∗∗
---------------------------------------------
We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla’s root store is curated for. [...] Applications that use Mozilla’s root store for a purpose other than that have a critical security vulnerability.
---------------------------------------------
https://blog.mozilla.org/security/2021/05/10/beware-of-applications-misusing-root-stores/


∗∗∗ DarkSide Malware Profile ∗∗∗
---------------------------------------------
The following report provides X-Force Threat Intelligences analysis of the DarkSide ransomware family based on publicly available samples. Summary: DarkSide, like other ransomware used in targeted attacks, encrypts user data in compromised computers. Recent variants of DarkSide ransomware enumerates various system properties of the victim and beacons them in an encoded POST request to its C2 address. DarkSide also executes an encoded PowerShell command to delete volume shadow copies. It deletes [...]
---------------------------------------------
https://exchange.xforce.ibmcloud.com/collection/06d0917405c36ca91f5db1fe0c01d1ad


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (hivex), Fedora (djvulibre and thunderbird), openSUSE (monitoring-plugins-smart and perl-Image-ExifTool), Oracle (kernel and kernel-container), Red Hat (kernel and kpatch-patch), SUSE (drbd-utils, java-11-openjdk, and python3), and Ubuntu (exiv2, firefox, libxstream-java, and pyyaml).
---------------------------------------------
https://lwn.net/Articles/855995/


∗∗∗ Synology-SA-21:19 SRM ∗∗∗
---------------------------------------------
A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_21_19


∗∗∗ Citrix Workspace App Security Update ∗∗∗
---------------------------------------------
A vulnerability has been identified that could result in a local user escalating their privilege level to SYSTEM on the computer running Citrix Workspace app for Windows.
---------------------------------------------
https://support.citrix.com/article/CTX307794


∗∗∗ Google Releases Security Updates for Chrome ∗∗∗
---------------------------------------------
Google has released Chrome version 90.0.4430.212 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/05/11/google-releases-security-updates-chrome


∗∗∗ Reflected XSS Vulnerability in SIS Infromatik - Rewe Go ∗∗∗
---------------------------------------------
https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go-cve-2021-31537/


∗∗∗ SAP Patchday Mai ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0496


∗∗∗ 2020-10Password Change Authentication Bypass Vulnerability in HiOS & HiSecOS ∗∗∗
---------------------------------------------
https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=12914&mediaformatid=50063&destinationid=10016


∗∗∗ Security Bulletin: IBM OpenPages with Watson has addressed an information disclosure vulnerability (CVE-2020-4536) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson-has-addressed-an-information-disclosure-vulnerability-cve-2020-4536/


∗∗∗ Security Bulletin: IBM OpenPages with Watson has addressed a cross-site scripting vulnerability (CVE-2020-4535) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson-has-addressed-a-cross-site-scripting-vulnerability-cve-2020-4535/


∗∗∗ SSA-854248: Information Disclosure Vulnerability in Mendix Excel Importer Module ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-854248.txt


∗∗∗ SSA-752103: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-752103.txt


∗∗∗ SSA-723417: Multiple Vulnerabilities in SCALANCE W1750D ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt


∗∗∗ SSA-678983: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020) ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-678983.txt


∗∗∗ SSA-676775: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-676775.txt


∗∗∗ SSA-594364: Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-594364.txt


∗∗∗ SSA-501073: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020) ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-501073.txt


∗∗∗ SSA-324955: SAD DNS Attack in Linux Based Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-324955.txt


∗∗∗ SSA-286838: Multiple Vulnerabilities in SINAMICS Medium Voltage Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-286838.txt


∗∗∗ SSA-116379: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-116379.txt

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily