[CERT-daily] Tageszusammenfassung - 20.09.2021

Mon Sep 20 18:11:33 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 17-09-2021 18:00 − Montag 20-09-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Jetzt patchen! Krypto-Miner schlüpft durch OMIGOD-Lücken auf Azure-Server ∗∗∗
---------------------------------------------
Angreifer attackieren derzeit Azure-Kunden mit virtuellen Linux-PCs. Admins sollten jetzt handeln und die verfügbaren Sicherheitsupdates installieren.
---------------------------------------------
https://heise.de/-6195928


∗∗∗ Epik data breach impacts 15 million users, including non-customers ∗∗∗
---------------------------------------------
Scraped WHOIS data of NON-Epik customers also exposed in the 180 GB leak.
---------------------------------------------
https://arstechnica.com/?p=1796568


∗∗∗ Bring Your APIs Out of the Shadows to Protect Your Business ∗∗∗
---------------------------------------------
APIs are immensely more complex to secure. Shadow APIs - those unknown or forgotten API endpoints that escape the attention and protection of IT - present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do.
---------------------------------------------
https://threatpost.com/apis-out-of-shadows-protect-your-business/169334/


∗∗∗ Video: Simple Analysis Of A CVE-2021-40444 .docx Document, (Sun, Sep 19th) ∗∗∗
---------------------------------------------
I created a video for the analysis I described in my last diary entry "Simple Analysis Of A CVE-2021-40444 .docx Document".
---------------------------------------------
https://isc.sans.edu/diary/rss/27850


∗∗∗ EventBuilder Exposed Information of Over 100,000 Event Registrants ∗∗∗
---------------------------------------------
Event management company EventBuilder exposed files containing the personal information of at least 100,000 users who registered for events on its platform.
---------------------------------------------
https://www.securityweek.com/eventbuilder-exposed-information-over-100000-event-registrants


∗∗∗ Network Security Trends: May-July 2021 ∗∗∗
---------------------------------------------
Network security trends, May-July 2021: We analyze how vulnerabilities are being exploited in the wild and rank the most common types of attacks.
---------------------------------------------
https://unit42.paloaltonetworks.com/network-security-trends/


∗∗∗ Threat landscape for industrial automation systems. Statistics for H1 2021 ∗∗∗
---------------------------------------------
In H1 2021, the percentage of ICS computers on which malicious objects were blocked was 33.8%, which was 0.4 p.p. more than in H2 2020.
---------------------------------------------
https://ics-cert.kaspersky.com/reports/2021/09/09/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2021/


∗∗∗ ‘Yes, we are breaking the law:’ An interview with the operator of a marketplace for stolen data ∗∗∗
---------------------------------------------
A website called Marketo emerged earlier this year, billing itself as a marketplace where people can buy leaked data. Although Marketo isn’t a ransomware group, it appears to borrow key strategies from those types of threat actors.
---------------------------------------------
https://therecord.media/yes-we-are-breaking-the-law-an-interview-with-the-operator-of-a-marketplace-for-stolen-data/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ #OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports., (Mon, Sep 20th) ∗∗∗
---------------------------------------------
After the "OMIGOD" vulnerability details were made public, and it became obvious that exploiting vulnerable hosts would be trivial, researchers and attackers started pretty much immediately to scan for vulnerable hosts. We saw a quick rise of scans, particularly against port:1270.
---------------------------------------------
https://isc.sans.edu/diary/rss/27852


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gnutls28, nettle, nextcloud-desktop, and openssl1.0), Fedora (dovecot-fts-xapian, drupal7, ghostscript, haproxy, libtpms, lynx, wordpress, and xen), openSUSE (xen), Red Hat (rh-ruby27-ruby), and SUSE (openssl, openssl1, and xen).
---------------------------------------------
https://lwn.net/Articles/869863/


∗∗∗ Researchers put together a list of vulnerabilities abused by Ransomware - Look for these immediately ∗∗∗
---------------------------------------------
LINK To make it easy, I pulled it and created a simple txt list you can use. These are the some of the initial access methods.
---------------------------------------------
https://securitythreatnews.com/2021/09/20/researchers-put-together-a-list-of-vulnerabilities-abused-by-ransomware-look-for-these-immediately/


∗∗∗ McAfee Endpoint Security: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0991


∗∗∗ Security Bulletin: IBM Aspera Webapps are vulnerable to cross-site scripting (CVE-2020-11022, CVE-2020-11023). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-webapps-are-vulnerable-to-cross-site-scripting-cve-2020-11022-cve-2020-11023/


∗∗∗ Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU – Apr 2021 + Oracle Apr 2021; Jul 2021 + Oracle 2021 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-tech-edition-quarterly-cpu-apr-2021-oracle-apr-2021-jul-2021-oracle-2021-cpu/


∗∗∗ Security Bulletin: Aspera Web Applications (Shares, Console) are affected by OpenSSL Vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-shares-console-are-affected-by-openssl-vulnerabilities-cve-2021-23839-cve-2021-23840-cve-2021-23841/


∗∗∗ Security Bulletin: IBM Data Replication Java SDK Update ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-java-sdk-update-4/


∗∗∗ Security Bulletin: IBM Data Replication Java SDK Update ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-java-sdk-update-3/


∗∗∗ Security Bulletin: ISC DHCP for IBM i is affected by CVE-2021-25217 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-isc-dhcp-for-ibm-i-is-affected-by-cve-2021-25217/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional-7/


∗∗∗ Security Bulletin: IBM Data Replication Java SDK Update ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-java-sdk-update-2/


∗∗∗ Security Bulletin: IBM Cloud Pak for Data could allow a local user with special privileges to obtain highly sensitive information ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-data-could-allow-a-local-user-with-special-privileges-to-obtain-highly-sensitive-information/


∗∗∗ Security Bulletin: IBM Aspera Webapps products (Shares, Console) are affected by OpenSSL Vulnerability (CVE-2021-3712) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-webapps-products-shares-console-are-affected-by-openssl-vulnerability-cve-2021-3712/


∗∗∗ Security Bulletin: IBM Aspera Webapps (Shares, Console) are vulnerable to an OpenSSL Vunerability (CVE-2020-7656). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-webapps-shares-console-are-vulnerable-to-an-openssl-vunerability-cve-2020-7656/


∗∗∗ Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU Apr 2021 + Oracle APR 2021; Jul 2021 + Oracle Jul 2021 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-tech-edition-quarterly-cpu-apr-2021-oracle-apr-2021-jul-2021-oracle-jul-2021/


∗∗∗ Security Bulletin: Aspera Web Applications (Shares, Console) are affected by an OpenSSL Vulnerability (CVE-2020-1971) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-shares-console-are-affected-by-an-openssl-vulnerability-cve-2020-1971/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Commons* affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-commons-affect-tivoli-netcool-omnibus-webgui-cve-2021-35515-cve-2021-35516-cve-2021-35517-cve-2021-36090/


∗∗∗ Security Bulletin: Multiple vulnerabilities is affecting Tivoli Netcool/OMNIbus WebGUI ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-is-affecting-tivoli-netcool-omnibus-webgui/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily