[CERT-daily] Tageszusammenfassung - 16.09.2021

Daily end-of-shift report team at cert.at
Thu Sep 16 18:12:35 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 15-09-2021 18:00 − Donnerstag 16-09-2021 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Phishing 101: why depend on one suspicious message subject when you can use many?, (Thu, Sep 16th) ∗∗∗
---------------------------------------------
There are many e-mail subjects that people tend to associate with phishing due to their overuse in this area. Among the more traditional and common phishing subjects, that most people have probably seen at some point, are variations on the [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/27842


∗∗∗ Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released ∗∗∗
---------------------------------------------
New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw — dubbed "Seventh Inferno" (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demons Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8)
---------------------------------------------
https://thehackernews.com/2021/09/third-critical-bug-affects-netgear.html


∗∗∗ PetitPotam – NTLM Relay to AD CS ∗∗∗
---------------------------------------------
Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different directory objects. However, it could allow red team operators to conduct an NTLM relay attack towards the web interface of an AD CS in order to compromise the network.
---------------------------------------------
https://pentestlab.blog/2021/09/14/petitpotam-ntlm-relay-to-ad-cs/


∗∗∗ Hunderttausende MikroTik-Router sind seit 2018 angreifbar ∗∗∗
---------------------------------------------
Ein auf die Geräte spezialisiertes Botnetz hat in den vergangenen Monaten großangelegte Angriffe auf Cloudflare und Yandex zu verantworten.
---------------------------------------------
https://heise.de/-6193825


∗∗∗ Operation Layover: How we tracked an attack on the aviation industry to five years of compromise ∗∗∗
---------------------------------------------
Cisco Talos linked the recent aviation targeting campaigns to an actor who has been targeting the aviation industry for two years. The same actor has been running successful malware campaigns for more than five years.
---------------------------------------------
https://blog.talosintelligence.com/2021/09/operation-layover-how-we-tracked-attack.html


∗∗∗ Vorsicht vor unseriösen Shops auf Pinterest ∗∗∗
---------------------------------------------
Günstige Modeangebote auf Pinterest entpuppen sich im Nachhinein als Kostenfalle. Oft kommt es zu hohen Lieferkosten, Zollkosten oder Rücksendekosten – Falls Retouren überhaupt akzeptiert werden.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-unserioesen-shops-auf-pinterest/


∗∗∗ Untangling the Spider Web: The Curious Connection Between WIZARD SPIDER’s Ransomware Infrastructure and a Windows Zero-Day Exploit ∗∗∗
---------------------------------------------
RiskIQ’s Team Atlas assesses with high confidence that the network infrastructure supporting the exploitation of a Windows zero-day vulnerability disclosed by Microsoft on September 7, CVE-2021-40444, shares historical connections with that of a ransomware syndicate known as WIZARD SPIDER. This group, also tracked separately under the names UNC1878 and RYUK, deploys several different ransomware families in targeted Big-Game Hunting campaigns.
---------------------------------------------
https://www.riskiq.com/blog/external-threat-management/wizard-spider-windows-0day-exploit/


∗∗∗ Dangling Domains: Security Threats, Detection and Prevalence ∗∗∗
---------------------------------------------
Dangling domains are a largely overlooked threat in DNS, but they can be exploited for domain hijacking and are important to detect.
---------------------------------------------
https://unit42.paloaltonetworks.com/dangling-domains/


∗∗∗ New Go malware Capoae targets WordPress installs, Linux systems ∗∗∗
---------------------------------------------
Capoae highlights the increase of cyberattacks designed to deploy cryptocurrency-mining payloads.
---------------------------------------------
https://www.zdnet.com/article/new-go-malware-capoae-targets-wordpress-installs-linux-systems/


∗∗∗ Malware samples found trying to hack Windows from its Linux subsystem ∗∗∗
---------------------------------------------
Security researchers at Lumens Black Lotus Labs have found a series of malware samples that were configured to infect the Windows Subsystem for Linux and then pivot to its native Windows environment.
---------------------------------------------
https://therecord.media/malware-samples-found-trying-to-hack-windows-from-its-linux-subsystem/


∗∗∗ Universal decryptor released for past REvil ransomware victims ∗∗∗
---------------------------------------------
Romanian cybersecurity firm Bitdefender has published today a universal decryption utility that will be able to help past victims of the REvil (Sodinokibi) ransomware gang recover their encrypted files — if they still have them.
---------------------------------------------
https://therecord.media/universal-decryptor-released-for-past-revil-ransomware-victims/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Kritische Sicherheitslücke ohne Patch gefährdet ältere IBM-System-X-Server ∗∗∗
---------------------------------------------
Die Server werden seit 2020 nicht mehr mit Updates versorgt. Angreifer können sie nun über eine Lücke in der Firmware der Admin-Schnittstelle IMM kapern.
---------------------------------------------
https://heise.de/-6193718


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (sssd), Fedora (libtpms and vim), openSUSE (kernel and php7-pear), Oracle (kernel), Slackware (curl), and Ubuntu (libgcrypt20 and squashfs-tools).
---------------------------------------------
https://lwn.net/Articles/869380/


∗∗∗ Several Access Bypass, CSRF Vulnerabilities Patched in Drupal ∗∗∗
---------------------------------------------
Drupal developers on Wednesday informed users that updates released for Drupal 8.9, 9.1 and 9.2 patch five vulnerabilities that can be exploited for cross-site request forgery (CSRF) and access bypass.
---------------------------------------------
https://www.securityweek.com/several-access-bypass-csrf-vulnerabilities-patched-drupal


∗∗∗ iTunes U 3.8.3 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT212809


∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-information-disclosure-cve-2021-29842/


∗∗∗ Security Bulletin: IBM Aspera Webapps are vulnerable to cross-site scripting (CVE-2020-7656). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-webapps-are-vulnerable-to-cross-site-scripting-cve-2020-7656/


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-txseries-for-multiplatforms-6/


∗∗∗ Security Bulletin: libXml2 used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2021-3518) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-libxml2-used-by-ibm-infosphere-identity-insight-has-a-potential-vulnerability-cve-2021-3518/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server Liberty (CVE-2021-33517, CVE-2021-36090) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-commons-compress-affect-websphere-application-server-liberty-cve-2021-33517-cve-2021-36090/


∗∗∗ Security Bulletin: IBM® Db2® could allow a local user to read and write specific files due to weak file permissions (CVE-2020-4976) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-a-local-user-to-read-and-write-specific-files-due-to-weak-file-permissions-cve-2020-4976/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to an information disclosure, exposing remote storage credentials to privileged users under specific conditions.(CVE-2021-29752) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-exposing-remote-storage-credentials-to-privileged-users-under-specific-conditions-cve-2021-29752/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix-6/


∗∗∗ Security Bulletin: A vulnerability in Bouncy Castle affect IBM Watson Machine Learning Accelerator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-bouncy-castle-affect-ibm-watson-machine-learning-accelerator-2/


∗∗∗ Security Bulletin: IBM® Db2® could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. (CVE-2021-29825) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-disclose-sensitive-information-when-using-admin_cmd-with-load-or-backup-cve-2021-29825/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2021 – Includes Oracle Apr 2021 CPU minus CVE-2021-2163 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2021-includes-oracle-apr-2021-cpu-minus-cve-2021-2163/


∗∗∗ Security Bulletin: IBM® Db2® under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. (CVE-2021-29763) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-under-very-specific-conditions-could-allow-a-local-user-to-keep-running-a-procedure-that-could-cause-the-system-to-run-out-of-memory-and-cause-a-denial-of-ser/


∗∗∗ OpenSSH: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0979


∗∗∗ Kubernetes: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0977


∗∗∗ Fluent Bit: Schwachstelle ermöglicht Darstellen falscher Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0985


∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0980

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list