Daily May 2021

daily@lists.cert.at

1 participants
19 discussions

Tageszusammenfassung - 14.05.2021
by Daily end-of-shift report 14 May '21

14 May '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-05-2021 18:00 − Freitag 14-05-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Jetzt patchen! Kritische Lücke bedroht WordPress 3.7 bis 5.7 ∗∗∗ --------------------------------------------- Viele WordPress-Websites sind verwundbar. Sicherheitsupdates sind verfügbar. --------------------------------------------- https://heise.de/-6045823 ∗∗∗ DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized ∗∗∗ --------------------------------------------- The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained funds from an account the group uses to pay affiliates. --------------------------------------------- https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-se… ∗∗∗ Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity ∗∗∗ --------------------------------------------- This skimmer is using a hybrid approach to bypass detection and target vulnerable e-commerce websites. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-s… ∗∗∗ „Hier ist die letzte Warnung!“: Erpresser fordern Bitcoins ∗∗∗ --------------------------------------------- Kriminelle versenden derzeit massenweise Erpressungsmails. Darin wird behauptet, dass das System der EmpfängerInnen gehackt wurde. Außerdem gäbe es ein Video, in dem ersichtlich wird, dass die betroffene Person einen Pornofilm sähe und dabei masturbiert. Die Kriminellen drohen, dieses Video zu veröffentlichen - außer man bezahlt 1.200$. Gehen Sie auf die Forderungen nicht ein, denn: Die Mails werden willkürlich an zahlreiche Menschen versendet. --------------------------------------------- https://www.watchlist-internet.at/news/hier-ist-die-letzte-warnung-erpresse… ∗∗∗ CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise ∗∗∗ --------------------------------------------- CISA has released an analysis report, AR21-134A Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise. The report provides detailed steps for affected organizations to evict the adversary from compromised on-premises and cloud environments. Additionally, CISA has publicly issued Emergency Directive (ED) 21-01 Supplemental Direction Version 4: Mitigate SolarWinds Orion Code Compromise to all federal agencies that [...] --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/05/14/cisa-publishes-ev… ∗∗∗ Microsoft: Windows 10 1809 and 1909 have reached end of service ∗∗∗ --------------------------------------------- Multiple editions of Windows 10 versions 1803, 1809, and 1909 have reached their End of Service (EOS) on this months Patch Tuesday, as Microsoft reminded customers yesterday. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-1809-a… ∗∗∗ Meet Lorenz - A new ransomware gang targeting the enterprise ∗∗∗ --------------------------------------------- A new ransomware operation known as Lorenz targets organizations worldwide with customized attacks demanding hundreds of thousands of dollars in ransoms. --------------------------------------------- https://www.bleepingcomputer.com/news/security/meet-lorenz-a-new-ransomware… ∗∗∗ Attackers abuse Microsoft dev tool to deploy Windows malware ∗∗∗ --------------------------------------------- Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. --------------------------------------------- https://www.bleepingcomputer.com/news/security/attackers-abuse-microsoft-de… ∗∗∗ QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day ∗∗∗ --------------------------------------------- QNAP warns customers of an actively exploited Roon Server zero-day bug and eCh0raix ransomware attacks targeting their Network Attached Storage (NAS) devices, just two weeks after alerting them of an ongoing AgeLocker ransomware outbreak. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qnap-warns-of-ech0raix-ranso… ∗∗∗ Fresh Loader Targets Aviation Victims with Spy RATs ∗∗∗ --------------------------------------------- The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads. --------------------------------------------- https://threatpost.com/loader-aviation-spy-rats/166133/ ∗∗∗ "Open" Access to Industrial Systems Interface is Also Far From Zero, (Fri, May 14th) ∗∗∗ --------------------------------------------- Jan's last diary about the recent attack against the US pipeline[1] was in perfect timing with the quick research I was preparing for a few weeks. If core components of industrial systems are less exposed in the wild, as said Jan, there is another issue with such infrastructures: remote access tools. --------------------------------------------- https://isc.sans.edu/diary/rss/27418 ∗∗∗ Server Side Scans and File Integrity Monitoring ∗∗∗ --------------------------------------------- When it comes to the ABCs of website security server side scans and file integrity monitoring are the “A” and “B”. In fact, our server side scanner is one of the most crucial tools in Sucuri’s arsenal. It’s paramount in maintaining an effective security product for our customers and analysts alike. This crucial tool handles tasks like issuing security warnings and alerts to our clients, notifying them that they have been compromised, and assisting our [...] --------------------------------------------- https://blog.sucuri.net/2021/05/server-side-scans-and-file-integrity-monito… ===================== = Vulnerabilities = ===================== ∗∗∗ SA44800 - 2021-05: Out-of-Cycle Advisory: Pulse Connect Secure Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- A vulnerability was discovered under Pulse Connect Secure (PCS). This includes buffer overflow vulnerability on the Pulse Connect Secure gateway that allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. --------------------------------------------- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800 ∗∗∗ Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Hosted Collaboration Mediation Fulfillment Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Java Management Extensions (JMX) component of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Critical Vulnerability Patched in External Media Plugin ∗∗∗ --------------------------------------------- On February 2, 2021, our Threat Intelligence team responsibly disclosed the details of a vulnerability in External Media, a WordPress plugin used by over 8,000 sites. This flaw made it possible for authenticated users, such as subscribers, to upload arbitrary files on any site running the plugin. This vulnerability could be used to achieve remote [...] --------------------------------------------- https://www.wordfence.com/blog/2021/05/critical-vulnerability-patched-in-ex… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (graphviz and redmine), Fedora (dom4j, kernel, kernel-headers, kernel-tools, mariadb, php, php-phpmailer6, and redis), openSUSE (kernel and nagios), and Ubuntu (mysql-5.7, mysql-8.0 and python-django). --------------------------------------------- https://lwn.net/Articles/856177/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jetty9, libgetdata, and postgresql-11), openSUSE (java-11-openjdk), SUSE (dtc, ibsim, ibutils, ipvsadm, and kernel), and Ubuntu (awstats and glibc). --------------------------------------------- https://lwn.net/Articles/856265/ ∗∗∗ Rockwell Automation Connected Components Workbench ∗∗∗ --------------------------------------------- This advisory contains mitigations for Deserialization of Untrusted Data, Path Traversal, and Improper Input Validation vulnerabilities in Rockwell Automation Connected Components Workbench software. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-133-01 ∗∗∗ Johnson Controls Sensormatic Tyco AI ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Off-by-one Error vulnerability in Sensormatic Electronics (a subsidiary of Johnson Controls) Tyco AI products. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-133-02 ∗∗∗ OPC Foundation UA Products Built with .NET Framework ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Uncontrolled Recursion vulnerability in OPC Foundation servers. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03 ∗∗∗ OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5 ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Unified Automation .NET based OPC UA Client/Server SDK Bundle Framework versions. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04 ∗∗∗ mod_auth_openidc vulnerable to denial-of-service (DoS) ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN49704918/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ PostgreSQL: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0521 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0528 ∗∗∗ ILIAS: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0526 ∗∗∗ git: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0524 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.05.2021
by Daily end-of-shift report 12 May '21

12 May '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-05-2021 18:00 − Mittwoch 12-05-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Number of industrial control systems on the internet is lower then in 2020...but still far from zero, (Wed, May 12th) ∗∗∗ --------------------------------------------- With the recent ransomware attack that impacted operation of one of the major US pipelines, I thought it might be a good time to revisit the old topic of internet-connected industrial systems. --------------------------------------------- https://isc.sans.edu/diary/rss/27412 ∗∗∗ Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks ∗∗∗ --------------------------------------------- Three design and multiple implementation flaws have been disclosed in IEEE 802.11 technical standard that undergirds Wi-Fi, potentially enabling an adversary to take control over a system and plunder confidential data. --------------------------------------------- https://thehackernews.com/2021/05/nearly-all-wifi-devices-are-vulnerable.ht… ∗∗∗ Shining a Light on DARKSIDE Ransomware Operations ∗∗∗ --------------------------------------------- Since initially surfacing in August 2020, the creators of DARKSIDE ransomware and their affiliates have launched a global crime spree affecting organizations in more than 15 countries and multiple industry verticals. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-dar… ∗∗∗ Lebenslauf-Erstellung auf cvmaker.de führt zu Abo-Vertrag! ∗∗∗ --------------------------------------------- Sie sind auf Arbeitssuche und wollen einen professionellen Lebenslauf erstellen? Die Suche danach könnte Sie auf die Seite cvmaker.de führen. Dort können Sie schnell und unkompliziert den benötigten Lebenslauf erstellen und das für nur 2,95 Euro. Aber Achtung: Sieben Tage nachdem Sie bezahlt haben, schließen Sie automatisch ein Abo ab. --------------------------------------------- https://www.watchlist-internet.at/news/lebenslauf-erstellung-auf-cvmakerde-… ∗∗∗ „Ihre Lieferung befindet sich in unserem Zollzentrum“: Vorsicht vor betrügerischer SMS! ∗∗∗ --------------------------------------------- Zahlreiche LeserInnen der Watchlist Internet melden uns derzeit eine betrügerische SMS, die die EmpfängerInnen in eine Abo-Falle locken soll. Darin wird behauptet, dass sich eine Lieferung im Zollzentrum befindet und Importgebühren bezahlt werden müssen. --------------------------------------------- https://www.watchlist-internet.at/news/ihre-lieferung-befindet-sich-in-unse… ∗∗∗ Conti Ransomware ∗∗∗ --------------------------------------------- First seen in May 2020, Conti ransomware has quickly become one of the most common ransomware variants, according to Coveware. --------------------------------------------- https://thedfirreport.com/2021/05/12/conti-ransomware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Send My: Arbitrary data transmission via Apples Find My network ∗∗∗ --------------------------------------------- Its possible to upload arbitrary data from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices that then upload the data for you. --------------------------------------------- https://positive.security/blog/send-my ∗∗∗ Microsoft-Patchday: Windows-Trojaner könnte sich wurmartig auf PCs verbreiten ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Windows & Co. Mehrere Lücken sind bereits öffentlich bekannt. Attacken gibt es wohl noch nicht. --------------------------------------------- https://heise.de/-6044412 ∗∗∗ Adobe-Patchday: Attacken auf Adobe Acrobat und Reader ∗∗∗ --------------------------------------------- Adobe hat Sicherheitsupdates für verschiedene Anwendungen veröffentlicht. Vor allem Nutzer von Acrobat und Reader sollten die Patches zügig installieren. --------------------------------------------- https://heise.de/-6044528 ∗∗∗ SAP-Patchday: Angreifer könnten Daten von SAP-Software leaken ∗∗∗ --------------------------------------------- SAP hat Sicherheitsupdates für unter anderem Business One und NetWeaver AS ABAP veröffentlicht. --------------------------------------------- https://heise.de/-6044570 ∗∗∗ WLAN-Sicherheitslücken FragAttacks: Erste Updates ∗∗∗ --------------------------------------------- Für Windows, Linux, Router und WLAN-Adapter es bereits Patches oder zumindest Hinweise zum Schutz gegen die WLAN-Schwachstellen "FragAttacks". --------------------------------------------- https://heise.de/-6045116 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (composer, hivex, lz4, and rails), Fedora (chromium, community-mysql, djvulibre, dom4j, firefox, php, php-phpmailer6, python-django, and redis), Mageia (mariadb, nagios, and pngcheck), openSUSE (opera, syncthing, and vlc), SUSE (kernel, openvpn, openvpn-openssl1, shim, and xen), and Ubuntu (flatpak, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4,[...] --------------------------------------------- https://lwn.net/Articles/856086/ ∗∗∗ Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for RedHat OpenShift (CVE-2020-5258) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-webspher… ∗∗∗ Security Bulletin: A security vulnerability in Node.js glob-parent module affects IBM Cloud Automation Manager. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Security Bypass Vulnerability in PostgreSQL Affect IBM Connect:Direct Web Service ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-bypass-vulnerabi… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in PostgreSQL Affect IBM Connect:Direct Web Service ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A security vulnerability in Node.js Lodash module affects IBM Cloud Automation Manager. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in PostgreSQL Affect IBM Connect:Direct Web Service ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Security vulnerabilities in Ansible affect IBM Cloud Pak for Multicloud Management Hybrid GRC ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ May 10, 2021 TNS-2021-09 [R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2021-09 ∗∗∗ Synology-SA-21:20 FragAttacks ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_21_20 ∗∗∗ BlackBerry Workspaces Server: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0503 ∗∗∗ Red Hat OpenShift: Mehrere Schwachstellen ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0510 ∗∗∗ BlackBerry UEM Management Console: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0517 ∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0515 ∗∗∗ Omron CX-One ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-01 ∗∗∗ Mitsubishi Electric GOT and Tension Controller ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-02 ∗∗∗ Siemens Mendix Database Replication Module ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-05 ∗∗∗ Siemens Tecnomatix Plant Simulation ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-08 ∗∗∗ SA44790 - HTTP Request Smuggling vulnerability with Virtual Traffic Manager (vTM) ∗∗∗ --------------------------------------------- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44790 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.05.2021
by Daily end-of-shift report 11 May '21

11 May '21

===================== = End-of-Day report = ===================== Timeframe: Montag 10-05-2021 18:00 − Dienstag 11-05-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ BSI aktualisiert den Mindeststandard zur Verwendung von Transport Layer Security (TLS) ∗∗∗ --------------------------------------------- Die neue Version 2.2 des Mindeststandards berücksichtigt die aktuellen Empfehlungen der technischen Richtlinien des BSI (TR 02102-2, TR 03116-4) und thematisiert den Umgang mit TLS-Protokoll-Versionen und kryptografischen Verfahren, die nicht den Vorgaben des Mindeststandards entsprechen. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldunge… ∗∗∗ Gefälschtes E-Mail der bank99 im Umlauf ∗∗∗ --------------------------------------------- Ihr bank99-Konto wurde angeblich gesperrt, weil Sie Ihre Identität nicht bestätigt haben? Vorsicht, diese Kundenmitteilung ist gefälscht. Kriminelle fälschen bank99-E-Mails, um an Ihre Zugangsdaten zu kommen. Klicken Sie keinesfalls auf den "Vorgang starten"-Link. Sie werden auf eine nachgebaute Login-Website geleitet. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschtes-e-mail-der-bank99-im-um… ∗∗∗ US and Australia warn of escalating Avaddon ransomware attacks ∗∗∗ --------------------------------------------- The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-and-australia-warn-of-esc… ∗∗∗ TeaBot: a new Android malware emerged in Italy, targets banks in Europe ∗∗∗ --------------------------------------------- [...] At the beginning of January 2021, a new Android banker started appearing and it was discovered and analysed by our Threat Intelligence and Incident Response (TIR) team. Since lack of information and the absence of a proper nomenclature of this Android banker family, we decide to dub it as TeaBot to better track this family inside our internal Threat Intelligence taxonomy. --------------------------------------------- https://www.cleafy.com/documents/teabot ∗∗∗ Beware of Applications Misusing Root Stores ∗∗∗ --------------------------------------------- We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla’s root store is curated for. [...] Applications that use Mozilla’s root store for a purpose other than that have a critical security vulnerability. --------------------------------------------- https://blog.mozilla.org/security/2021/05/10/beware-of-applications-misusin… ∗∗∗ DarkSide Malware Profile ∗∗∗ --------------------------------------------- The following report provides X-Force Threat Intelligences analysis of the DarkSide ransomware family based on publicly available samples. Summary: DarkSide, like other ransomware used in targeted attacks, encrypts user data in compromised computers. Recent variants of DarkSide ransomware enumerates various system properties of the victim and beacons them in an encoded POST request to its C2 address. DarkSide also executes an encoded PowerShell command to delete volume shadow copies. It deletes [...] --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/06d0917405c36ca91f5db1fe0c0… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (hivex), Fedora (djvulibre and thunderbird), openSUSE (monitoring-plugins-smart and perl-Image-ExifTool), Oracle (kernel and kernel-container), Red Hat (kernel and kpatch-patch), SUSE (drbd-utils, java-11-openjdk, and python3), and Ubuntu (exiv2, firefox, libxstream-java, and pyyaml). --------------------------------------------- https://lwn.net/Articles/855995/ ∗∗∗ Synology-SA-21:19 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_21_19 ∗∗∗ Citrix Workspace App Security Update ∗∗∗ --------------------------------------------- A vulnerability has been identified that could result in a local user escalating their privilege level to SYSTEM on the computer running Citrix Workspace app for Windows. --------------------------------------------- https://support.citrix.com/article/CTX307794 ∗∗∗ Google Releases Security Updates for Chrome ∗∗∗ --------------------------------------------- Google has released Chrome version 90.0.4430.212 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/05/11/google-releases-s… ∗∗∗ Reflected XSS Vulnerability in SIS Infromatik - Rewe Go ∗∗∗ --------------------------------------------- https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infrom… ∗∗∗ SAP Patchday Mai ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0496 ∗∗∗ 2020-10Password Change Authentication Bypass Vulnerability in HiOS & HiSecOS ∗∗∗ --------------------------------------------- https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=12914&mediaformat… ∗∗∗ Security Bulletin: IBM OpenPages with Watson has addressed an information disclosure vulnerability (CVE-2020-4536) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson… ∗∗∗ Security Bulletin: IBM OpenPages with Watson has addressed a cross-site scripting vulnerability (CVE-2020-4535) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson… ∗∗∗ SSA-854248: Information Disclosure Vulnerability in Mendix Excel Importer Module ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-854248.txt ∗∗∗ SSA-752103: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-752103.txt ∗∗∗ SSA-723417: Multiple Vulnerabilities in SCALANCE W1750D ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt ∗∗∗ SSA-678983: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-678983.txt ∗∗∗ SSA-676775: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-676775.txt ∗∗∗ SSA-594364: Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-594364.txt ∗∗∗ SSA-501073: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-501073.txt ∗∗∗ SSA-324955: SAD DNS Attack in Linux Based Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-324955.txt ∗∗∗ SSA-286838: Multiple Vulnerabilities in SINAMICS Medium Voltage Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-286838.txt ∗∗∗ SSA-116379: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-116379.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.05.2021
by Daily end-of-shift report 10 May '21

10 May '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-05-2021 18:00 − Montag 10-05-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Correctly Validating IP Addresses: Why encoding matters for input validation., (Mon, May 10th) ∗∗∗ --------------------------------------------- Recently, a number of libraries suffered from a very similar security flaw: IP addresses expressed in octal were not correctly interpreted. The result was that an attacker was able to bypass input validation rules that restricted IP addresses to specific subnets. --------------------------------------------- https://isc.sans.edu/diary/rss/27404 ∗∗∗ Manipulierte Entwicklungsumgebung: Xcode-Malware war enorm verbreitet ∗∗∗ --------------------------------------------- Im Verfahren Epic gegen Apple kam heraus, dass 2015 fast 130 Millionen iPhone-Nutzer von "XcodeGhost" betroffen waren – in über 2500 Apps. --------------------------------------------- https://heise.de/-6041836 ∗∗∗ Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs ∗∗∗ --------------------------------------------- Lemon Duck continues to refine and improve upon their tactics, techniques and procedures as they attempt to maximize the effectiveness of their campaigns. Lemon Duck remains relevant as the operators begin to target [...] --------------------------------------------- https://blog.talosintelligence.com/2021/05/lemon-duck-spreads-wings.html ∗∗∗ Banking‑Trojaner Ousaban analysiert ∗∗∗ --------------------------------------------- In unserer Serie zu lateinamerikanischen Banking-Trojanern betrachten wir einen Vertreter mit komplexen Vertriebsweg --------------------------------------------- https://www.welivesecurity.com/deutsch/2021/05/07/banking-trojaner-ousaban-… ∗∗∗ Colonial Pipeline Falls Victim to Attack ∗∗∗ --------------------------------------------- Summary A top U.S. fuel pipeline company has suffered a cyber attack that has forced them to halt operations. Several news sources and the company itself have confirmed the attack. Threat Type Cyber Attack Overview ** Update May 10 - 8:50 AM** The most recent reporting indicates that the attack likely involved DarkSide, a ransomware-as-a-service (RaaS) affiliate operation. DarkSide posted the following statement to their leak site following the attack: We are apolitical, we do not participate in [...] --------------------------------------------- https://exchange.xforce.ibmcloud.com/collection/cc757925ae0fdf1689518a35128… ∗∗∗ SolarWinds says fewer than 100 customers were impacted by supply chain attack ∗∗∗ --------------------------------------------- Texas-based software firm SolarWinds downgraded the number of customers impacted by its 2020 supply chain attack from 18,000 to less than 100. --------------------------------------------- https://therecord.media/solarwinds-says-fewer-than-100-customers-were-impac… ===================== = Vulnerabilities = ===================== ∗∗∗ Foxit Reader bug lets attackers run malicious code via PDFs ∗∗∗ --------------------------------------------- Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution (RCE) vulnerability affecting the PDF reader. --------------------------------------------- https://www.bleepingcomputer.com/news/security/foxit-reader-bug-lets-attack… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libxml2), Fedora (autotrace, babel, kernel, libopenmpt, libxml2, mingw-exiv2, mingw-OpenEXR, mingw-openexr, python-markdown2, and samba), openSUSE (alpine, avahi, libxml2, p7zip, redis, syncthing, and vlc), and Ubuntu (webkit2gtk). --------------------------------------------- https://lwn.net/Articles/855909/ ∗∗∗ Linux kernel vulnerability CVE-2020-1749 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K02186513 ∗∗∗ Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloudpak-foundational… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: IBM Cloud Pak for Security is vulnerable to CVE-2021-20538 and CVE-2021-20577 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-securit… ∗∗∗ Security Bulletin: A security vulnerability in Node.js urijs module affects IBM Cloud Pak for Multicloud Management Infrastructure management. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise – CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise… ∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise… ∗∗∗ Security Bulletin: IBM Control Desk is vulnerable to Cross-Site Scripting Vulnerability (CVE-2021-20559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-control-desk-is-vulne… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons Codec ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in XStream ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: Vulnerabilities in Apache Commons and Log4j affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.05.2021
by Daily end-of-shift report 07 May '21

07 May '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-05-2021 18:00 − Freitag 07-05-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Cuba Ransomware partners with Hancitor for spam-fueled attacks ∗∗∗ --------------------------------------------- The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cuba-ransomware-partners-wit… ∗∗∗ MSM: Qualcomm-Modems in Millionen Smartphones angreifbar ∗∗∗ --------------------------------------------- Die Modems von Qualcomm könnten aus Android heraus angegriffen werden, um Gespräche mitzuhören. --------------------------------------------- https://www.golem.de/news/msm-qualcomm-modems-in-millionen-smartphones-angr… ∗∗∗ TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers ∗∗∗ --------------------------------------------- Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service (DDoS) attacks against authoritative DNS servers, a group of researchers warned this week. --------------------------------------------- https://www.securityweek.com/tsuname-vulnerability-can-be-exploited-ddos-at… ∗∗∗ Grill- und Gartensaison eröffnet: BetrügerInnen locken mit günstigen Angeboten! ∗∗∗ --------------------------------------------- Egal ob Werkzeuge zur Pflanzenpflege, ein neuer Griller, Terrassenmöbel oder ein Pool für den Garten: Mit steigenden Temperaturen, nimmt der Bedarf nach diesen Produkten zu. Natürlich lassen da auch BetrügerInnen nicht lange auf sich warten und locken mit günstigen Angeboten für die Grill- und Gartensaison. Wir zeigen Ihnen, wo Sie lieber nicht shoppen sollten! --------------------------------------------- https://www.watchlist-internet.at/news/grill-und-gartensaison-eroeffnet-bet… ∗∗∗ New Moriya rootkit stealthily backdoors Windows systems ∗∗∗ --------------------------------------------- Unknown attackers may have been quietly exploiting networks in attacks reaching back to 2018. --------------------------------------------- https://www.zdnet.com/article/new-moriya-rootkit-stealthily-backdoors-windo… ∗∗∗ LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution. --------------------------------------------- https://www.darknet.org.uk/2021/05/libinjection-detect-sql-injection-sqli-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mediawiki and unbound1.9), Fedora (djvulibre and samba), Mageia (ceph, messagelib, and pagure), openSUSE (alpine and exim), Oracle (kernel and postgresql), Scientific Linux (postgresql), and Ubuntu (thunderbird and unbound). --------------------------------------------- https://lwn.net/Articles/855744/ ∗∗∗ SYSS-2021-024: XSS-SCHWACHSTELLE IM PRODUKT ADISCON LOGANALYZER (CVE-2021-31738) ∗∗∗ --------------------------------------------- Die Loginmaske des Adiscon LogAnalyzer war anfällig für eine Reflected XSS-Schwachstelle. Der Hersteller hat diese bereits mit einem Patch behoben. --------------------------------------------- https://www.syss.de/pentest-blog/syss-2021-024-xss-schwachstelle-im-produkt… ∗∗∗ ABB Cybersecurity Advisory - AC 800PEC platform NAME:WRECK vulnerability ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A1892&Lan… ∗∗∗ ABB Cybersecurity Advisory - Cassia Access Controller for ABB ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108368&Language… ∗∗∗ Security Advisory - Out-of-Bounds Write Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210506… ∗∗∗ Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2021-3177 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-openscale-on-c… ∗∗∗ Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Interac e-Transfers for Red Hat OpenShift (CVE-2020-5258) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-webspher… ∗∗∗ Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift (CVE-2020-5258) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-webspher… ∗∗∗ Security Bulletin: Information disclosure vulnerability may affect IBM Robotic Process Automation Anywher – CVE-2020-4901 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.05.2021
by Daily end-of-shift report 06 May '21

06 May '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-05-2021 18:00 − Donnerstag 06-05-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ RotaJakiro, the Linux version of the OceanLotus ∗∗∗ --------------------------------------------- On Apr 28, we published our RotaJakiro backdoor blog, at that time, we didn’t have the answer for a very important question, what is this backdoor exactly for? We asked the community for clues and two days ago we got a hint, PE(Thanks!) wrote the following comment on --------------------------------------------- https://blog.netlab.360.com/rotajakiro_linux_version_of_oceanlotus/ ∗∗∗ Alternative Ways To Perform Basic Tasks, (Thu, May 6th) ∗∗∗ --------------------------------------------- I like to spot techniques used by malware developers to perform basic tasks. We know the lolbins[1] that are pre-installed tools used to perform malicious activities. Many lolbins are used, for example, to download some content from the Internet. Some tools are so powerful that they can also be used to perform unexpected tasks. --------------------------------------------- https://isc.sans.edu/diary/rss/27392 ∗∗∗ Strong, Secure Passwords Are Key to Helping Reduce Risk to Your Organization ∗∗∗ --------------------------------------------- Blog post on how to create strong, secure passwords to reduce risk to your organization. --------------------------------------------- https://www.sans.org/blog/strong-secure-passwords-are-key-to-helping-reduce… ∗∗∗ BSI veröffentlicht Whitepaper zum aktuellen Stand der Prüfbarkeit von KI-Systemen ∗∗∗ --------------------------------------------- Basierend auf einem vom BSI, vom Verband der TÜVs und vom Fraunhofer HHI ausgetragenen internationalen Expertenworkshop wurde ein Whitepaper zum aktuellen Stand, offenen Fragen und zukünftig wichtigen Aktivitäten bezüglich der Prüfbarkeit von KI-Systemen verfasst. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldunge… ∗∗∗ TrickBot: Get to Know the Malware That Refuses to Be Killed ∗∗∗ --------------------------------------------- Versatile, easy to use, and widely available, TrickBot has become a favorite tool of threat actors of all skill levels and a formidable threat that security teams in all organizations should be familiar with. Over the last five years, TrickBot has earned a reputation as a remarkably adaptive modular malware, with its operators regularly updating its software to be more effective and potent against a wide range of targets worldwide. --------------------------------------------- https://www.riskiq.com/blog/external-threat-management/trickbot/ ∗∗∗ Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software ∗∗∗ --------------------------------------------- The incident started with a student who didnt want to pay for a license and ended with the loss of research. --------------------------------------------- https://www.zdnet.com/article/ryuk-ransomware-finds-foothold-in-bio-researc… ∗∗∗ CISA Releases Analysis Reports on New FiveHands Ransomware ∗∗∗ --------------------------------------------- CISA is aware of a recent, successful cyberattack against an organization using a new ransomware variant, known as FiveHands, that has been used to successfully conduct a cyberattack against an organization. CISA has released AR21-126A: FiveHands Ransomware and MAR-10324784-1.v1: FiveHands Ransomware to provide analysis of the threat actor’s tactics, techniques, and procedures as well as indicators of compromise (IOCs). --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/05/06/cisa-releases-ana… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco SD-WAN: Angreifer könnten Admin-Accounts erstellen ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für mehrere Produkte von Cisco. --------------------------------------------- https://heise.de/-6038258 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-django), Fedora (java-latest-openjdk, libopenmpt, python-yara, skopeo, thunderbird, and yara), openSUSE (ceph and openexr), Red Hat (postgresql), SUSE (libxml2), and Ubuntu (exim4 and gnome-autoar). --------------------------------------------- https://lwn.net/Articles/855613/ ∗∗∗ Android users’ privacy at risk as Check Point Research identifies vulnerability on Qualcomm’s mobile station modems ∗∗∗ --------------------------------------------- Check Point Research (CPR) found a security vulnerability in Qualcomm’s mobile station modem (MSM), the chip responsible for cellular communication in nearly 40% of the world’s phones. If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them [...] --------------------------------------------- https://blog.checkpoint.com/2021/05/06/android-users-privacy-at-risk-as-che… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in FusionCompute Product ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210506… ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0480 ∗∗∗ Foxit Reader & PhantomPDF: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0481 ∗∗∗ VMware vRealize Operations: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0489 ∗∗∗ ZDI-21-523: (0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-21-523/ ∗∗∗ ZDI-21-522: (0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-21-522/ ∗∗∗ ZDI-21-521: (0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-21-521/ ∗∗∗ ZDI-21-520: (0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-21-520/ ∗∗∗ Security Bulletin: Vulnerability in Fabric OS used by IBM b-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-fabric-o… ∗∗∗ Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-8287) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-ibm-a… ∗∗∗ Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-8265) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-ibm-a… ∗∗∗ Security Bulletin: A vulnerabilities in IBM Java affects IBM Rational Asset Analyzer. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerabilities-in-ibm-… ∗∗∗ Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-28500) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-ibm-a… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java affecting IBM Rational Asset Analyzer. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: Vulnerabilitiìy identified in IBM DB2 that is shipped as component and pattern type or pType with Cloud Pak System and Cloud Pak System Software Suite. Cloud Pak System addressed response with new DB2 pType ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilitiy-identified… ∗∗∗ Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.05.2021
by Daily end-of-shift report 05 May '21

05 May '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-05-2021 18:00 − Mittwoch 05-05-2021 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Quick and dirty Python: masscan, (Tue, May 4th) ∗∗∗ --------------------------------------------- The last couple of years I have been trying to ramp up on Python and am increasingly finding that these complicated shell code scripts can be elegantly implemented in Python. The resulting code is way easier to read and way more supportable. --------------------------------------------- https://isc.sans.edu/diary/rss/27384 ∗∗∗ Introducing Baserunner: a tool for exploring and exploiting Firebase datastores ∗∗∗ --------------------------------------------- In this post well be looking at some risks posed by Firebase, a popular serverless application platform. --------------------------------------------- https://iosiro.com/blog/baserunner-exploiting-firebase-datastores ∗∗∗ How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps ∗∗∗ --------------------------------------------- Open authorization or “OAuth” apps add business features and user-interface enhancements to major cloud platforms such as Microsoft 365 and Google Workspace. Unfortunately, they’re also a new threat vector [...] --------------------------------------------- https://www.proofpoint.com/us/blog/email-and-cloud-threats/how-attackers-us… ∗∗∗ How to Stop the Popups ∗∗∗ --------------------------------------------- McAfee is tracking an increase in the use of deceptive popups that mislead some users into taking action, while annoying many others. --------------------------------------------- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/how-to-stop-the-popups/ ∗∗∗ Tour de Peloton: Exposed user data ∗∗∗ --------------------------------------------- An unauthenticated user could view sensitive information for all users, and snoop on live class statistics and its attendees, despite having a private mode. --------------------------------------------- https://www.pentestpartners.com/security-blog/tour-de-peloton-exposed-user-… ∗∗∗ Wunderheilmittel Entgiftungspflaster? Vorsicht bei Bestellungen auf nuubu.com! ∗∗∗ --------------------------------------------- Die körperliche und psychische Gesundheit mit Hilfe eines Entgiftungspflasters steigern? Das verspricht die litauische Firma „UAB Ekomlita“, die die Webseite nuubu.com betreibt. Wir raten jedoch zu Vorsicht: Rechtliche Vorgaben werden nicht eingehalten. --------------------------------------------- https://www.watchlist-internet.at/news/wunderheilmittel-entgiftungspflaster… ===================== = Vulnerabilities = ===================== ∗∗∗ Jetzt patchen! Kritische Root-Lücken bedrohen Exim-Mail-Server ∗∗∗ --------------------------------------------- Bei einer Untersuchung des Codes von Exim sind Sicherheitsforscher auf 21 Sicherheitslücken gestoßen. Angreifer könnten ganze Server übernehmen. --------------------------------------------- https://heise.de/-6036724 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cgal, exim4, and mediawiki), Fedora (axel, libmicrohttpd, libtpms, perl-Image-ExifTool, pngcheck, python-yara, and yara), Gentoo (exim), Mageia (kernel-linus), openSUSE (bind and postsrsd), SUSE (avahi, openexr, p7zip, python-Pygments, python36, samba, sca-patterns-sle11, and webkit2gtk3), and Ubuntu (nvidia-graphics-drivers-390, nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450, nvidia-graphics-drivers-450-server,[...] --------------------------------------------- https://lwn.net/Articles/855462/ ∗∗∗ Advantech WISE-PaaS RMM ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in Advantech WISE-PaaS RMM, a software platform focused on IoT device remote monitoring and management. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-124-01 ∗∗∗ Delta Electronics CNCSoft ScreenEditor ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Out-of-bounds Write vulnerability in Delta Electronics CNCSoft ScreenEditor software management platform. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-124-02 ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to insecure inter-deployment communication (CVE-2020-4979) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: Issues in IBM® Java™ SDK Technology Edition affects IBM Security Identity Manager Virtual Appliance (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-issues-in-ibm-java-sdk-te… ∗∗∗ Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2021-20401, CVE-2020-4932) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-contains-… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting (XSS) (CVE-2020-4929) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache httpclient ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to path traversal (CVE-2020-4993) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: IBM QRadar SIEM may be vulnerable to a XML External Entity Injection attack (XXE) (CVE-2020-5013) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-may-be-vu… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Cross domain information disclosure (CVE-2020-4883) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: Apache Tomcat as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13943) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-as-used-by-… ∗∗∗ CVE-2021-26900: Privilege Escalation Via a Use After Free Vulnerability In win32k ∗∗∗ --------------------------------------------- https://www.thezdi.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-vi… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.05.2021
by Daily end-of-shift report 04 May '21

04 May '21

===================== = End-of-Day report = ===================== Timeframe: Montag 03-05-2021 18:00 − Dienstag 04-05-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Webkit: Apple warnt vor Zero Days in iOS und MacOS ∗∗∗ --------------------------------------------- Die Apple-Lücken in Webkit werden wohl bereits aktiv ausgenutzt. Das Unternehmen stellt Updates bereit. --------------------------------------------- https://www.golem.de/news/webkit-apple-warnt-vor-zero-days-in-ios-2105-1562… ∗∗∗ 21Nails vulnerabilities impact 60% of the internet’s email servers ∗∗∗ --------------------------------------------- The maintainers of the Exim email server software have released updates today to patch a collection of 21 vulnerabilities that can allow threat actors to take over servers using both local and remote attack vectors. --------------------------------------------- https://therecord.media/21nails-vulnerabilities-impact-60-of-the-internets-… ∗∗∗ Pingback: Backdoor At The End Of The ICMP Tunnel ∗∗∗ --------------------------------------------- In this post, we analyze a piece of malware that we encountered during a recent breach investigation. What caught our attention was how the malware achieved persistence, how it used ICMP tunneling for its backdoor communications, and how it operated with different modes to increase its chances of a successful attack. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at… ∗∗∗ RM3 - Curiosities of the wildest banking malware ∗∗∗ --------------------------------------------- TL:DR Our Research and Intelligence Fusion Team have been tracking the Gozi variant RM3 for close to 30 months. In this post we provide some history, analysis and observations on this most pernicious family of banking malware targeting Oceania, the UK, Germany and Italy. We’ll start with an overview of its origins and current operations before providing a deep dive technical analysis [...] --------------------------------------------- https://blog.fox-it.com/2021/05/04/rm3-curiosities-of-the-wildest-banking-m… ∗∗∗ Firebase Domain Front - Hiding C2 as App traffic ∗∗∗ --------------------------------------------- We often see that large organization use firebase for hosting their applications and database. Firebase has a lot of features such as real-time database, hosting, cloud functions, hosting etc. Today we are going to talk about firebase hosting and cloud functions which are used by a lot of mobile applications these days. In our recent project, we were able to hide ourselves as a legit mobile traffic and bypass a lot of traffic filters --------------------------------------------- https://www.redteam.cafe/red-team/domain-front/firebase-domain-front-hiding… ∗∗∗ Jetzt patchen! Sicherheitsupdate für Pulse Connect Secure verfügbar ∗∗∗ --------------------------------------------- In einer aktualisierten Version der VPN-Software Pulse Connect Secure von Ivanti haben die Entwickler kritische Lücken geschlossen. --------------------------------------------- https://heise.de/-6035501 ∗∗∗ ATT&CK v9 Introduces Containers, Google Workspace ∗∗∗ --------------------------------------------- MITRE announced last week that the latest update to the popular ATT&CK framework introduces techniques related to containers and the Google Workspace platform. --------------------------------------------- https://www.securityweek.com/attck-v9-introduces-containers-google-workspace ∗∗∗ Anzügliche Sex-Nachrichten auf Facebook & Instagram: Dahinter steckt Betrug ∗∗∗ --------------------------------------------- Facebook- und Instagram-NutzerInnen kennen es: Freundschaftsanfragen oder Nachrichten von unbekannten, meist freizügig gekleideten Frauen. Auf Instagram werden NutzerInnen auch sehr häufig zu fragwürdigen Gruppen hinzugefügt oder von Unbekannten auf Bildern markiert. Dahinter stecken Fake-Profile oder Bots, die auf unseriöse Dating-Portale locken, Daten sammeln oder nach Zugangsdaten fischen. --------------------------------------------- https://www.watchlist-internet.at/news/anzuegliche-sex-nachrichten-auf-face… ∗∗∗ Three new malware families found in global finance phishing campaign ∗∗∗ --------------------------------------------- Doubledrag, Doubledrop, and Doubleback are the work of “experienced” threat actors. --------------------------------------------- https://www.zdnet.com/article/researchers-find-three-new-malware-families-u… ===================== = Vulnerabilities = ===================== ∗∗∗ Aktiv ausgenutzte Lücken: Apple patcht iOS, macOS und watchOS ∗∗∗ --------------------------------------------- macOS 11.3.1, iOS 14.5.1 und watchOS 7.4.1 beheben ein akutes Sicherheitsproblem in Safari. Außerdem wird ein Bug beim iPhone-App-Tracking-Schutz gefixt. --------------------------------------------- https://heise.de/-6035220 ∗∗∗ Android-Patchday: Kritische System-Lücke gibt Angreifern die volle Kontrolle ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für verschiedene Android-Versionen. --------------------------------------------- https://heise.de/-6035560 ∗∗∗ Xen Security Advisory CVE-2021-28689 / XSA-370 - x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests ∗∗∗ --------------------------------------------- A malicious 32-bit guest kernel may be able to mount a Spectre v2 attack against Xen, despite the presence hardware protections being active. It therefore might be able to infer the contents of arbitrary host memory, including memory assigned to other guests. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-370.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, chromium, exim4, and subversion), Fedora (exiv2 and skopeo), openSUSE (gsoap), Oracle (bind, kernel, and sudo), SUSE (bind, ceph, ceph, deepsea, permissions, and stunnel), and Ubuntu (clamav, exim4, openvpn, python-django, and samba). --------------------------------------------- https://lwn.net/Articles/855308/ ∗∗∗ High-Severity Dell Driver Vulnerabilities Impact Hundreds of Millions of Devices ∗∗∗ --------------------------------------------- Owners of Dell devices were informed on Tuesday that a firmware update driver present on a large number of systems is affected by a series of high-severity vulnerabilities. --------------------------------------------- https://www.securityweek.com/high-severity-dell-driver-vulnerabilities-impa… ∗∗∗ Synology-SA-21:18 Hyper Backup ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to inject arbitrary web script or HTML via a susceptible version of Hyper Backup. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_21_18 ∗∗∗ Security Bulletin: Go is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-go-is-vulnerable-to-a-den… ∗∗∗ Security Bulletin: Tensor Flow security vulnerabilities with segmentation fault on IBM Watson Machine Learning on CP4D ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-tensor-flow-security-vuln… ∗∗∗ Security Bulletin: GO is vulnerable to allows attacks on clients on IBM Watson Machine Learning on CP4D ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-go-is-vulnerable-to-allow… ∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openss… ∗∗∗ Security Bulletin: A vulnerability exists in the management GUI of the IBM FlashSystem 900 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in… ∗∗∗ Security Bulletin: Tensor Flow security vulnerabilities with denial of service on IBM Watson Machine Learning on CP4D ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-tensor-flow-security-vuln… ∗∗∗ Security Bulletin: Tensor Flow security vulnerabilities with denial of service on IBM Watson Machine Learning Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-tensor-flow-security-vuln… ∗∗∗ Security Bulletin: TensorFlow is vulnerable to a heap-based buffer overflow on IBM Watson Machine Learning on CP4D ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-tensorflow-is-vulnerable-… ∗∗∗ Security Bulletin: GO security vulnerabilities on IBM Watson Machine Learning Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-go-security-vulnerabiliti… ∗∗∗ Security Bulletin: OpenSSL Vulnerabilities Affect IBM Sterling Connect:Express for UNIX (CVE-2021-3049, CVE-2021-3050) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-a… ∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20454). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-ser… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.05.2021
by Daily end-of-shift report 03 May '21

03 May '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-04-2021 18:00 − Montag 03-05-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Babuk quits ransomware encryption, focuses on data-theft extortion ∗∗∗ --------------------------------------------- A new message today from the operators of Babuk ransomware clarifies that the gang has decided to close the affiliate program and move to an extortion model that does not rely on encrypting victim computers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/babuk-quits-ransomware-encry… ∗∗∗ Hacker-Wettbewerb Austria Cyber Security Challenge gestartet ∗∗∗ --------------------------------------------- Der IT-Security-Wettbewerb für Schüler*innen, Studierende und Interessierte feiert heuer sein 10-jähriges Jubiläum. --------------------------------------------- https://futurezone.at/digital-life/hacker-wettbewerb-austria-cyber-security… ∗∗∗ New Buer Malware Downloader Rewritten in E-Z Rust Language ∗∗∗ --------------------------------------------- Its coming in emails disguised as DHL Support shipping notices and is apparently getting prepped for leasing on the underground. --------------------------------------------- https://threatpost.com/buer-malware-loader-rewritten-rust/165782/ ∗∗∗ PuTTY And FileZilla Use The Same Fingerprint Registry Keys, (Sun, May 2nd) ∗∗∗ --------------------------------------------- Many SSH clients can remember SSH servers' fingerprints. This can serve as a safety mechanism: you get a warning when the server you want to connect to, has no longer the same fingerprint. And then you can decide what to do: continue with the connection, or stop and try to figure out what is going on. --------------------------------------------- https://isc.sans.edu/diary/rss/27376 ∗∗∗ Sicherheitslücke Spectre lebt neu auf: AMD- und Intel-Prozessoren betroffen ∗∗∗ --------------------------------------------- Ein neuer Seitenkanalangriff zielt auf die Micro-Op-Caches aller modernen CPUs von AMD und Intel ab, Ryzen 5000 und Rocket Lake-S eingeschlossen. --------------------------------------------- https://heise.de/-6034264 ∗∗∗ Windows 10: BSI stellt Sicherheitseinstellungen zur Verfügung ∗∗∗ --------------------------------------------- Das BSI hat im Rahmen der „Studie zu Systemaufbau, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10“ (SiSyPHuS Win10) Handlungsempfehlungen zur Absicherung der Windows-Systeme in deutscher und englischer Sprache veröffentlicht. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse202… ∗∗∗ Tesla Car Hacked Remotely From Drone via Zero-Click Exploit ∗∗∗ --------------------------------------------- Two researchers have shown how a Tesla - and possibly other cars - can be hacked remotely without any user interaction. They carried out the attack from a drone. --------------------------------------------- https://www.securityweek.com/tesla-car-hacked-remotely-drone-zero-click-exp… ∗∗∗ Trickbot Brief: Creds and Beacons ∗∗∗ --------------------------------------------- “TrickBot malware—first identified in 2016—is a Trojan developed and operated by a sophisticated group of cybercrime actors. The cybercrime group initially designed TrickBot as a banking trojan to steal [...] --------------------------------------------- https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/ ∗∗∗ Swiss Cloud becomes the latest web hosting provider to suffer a ransomware attack ∗∗∗ --------------------------------------------- Swiss Cloud, a Switzerland-based cloud hosting provider, has suffered this week a ransomware attack that brought the companys server infrastructure to its knees. --------------------------------------------- https://therecord.media/swiss-cloud-becomes-the-latest-web-hosting-provider… ===================== = Vulnerabilities = ===================== ∗∗∗ Pulse Secure fixes VPN zero-day used to hack high-value targets ∗∗∗ --------------------------------------------- Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pulse-secure-fixes-vpn-zero-… ∗∗∗ 8 geben: Python-Standard-Library ignoriert das Oktalystem in IP-Adressen ∗∗∗ --------------------------------------------- Die Library ipaddress prüft IP-Adressen seit 2019 nicht mehr auf führende Nullen. Ein Patch ist in Sicht, aber noch nicht veröffentlicht. --------------------------------------------- https://heise.de/-6034508 ∗∗∗ SQL Injection Vulnerability Patched in CleanTalk AntiSpam Plugin ∗∗∗ --------------------------------------------- On March 4, 2021, the Wordfence Threat Intelligence team initiated responsible disclosure for a Time-Based Blind SQL Injection vulnerability discovered in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin installed on over 100,000 sites. This vulnerability could be used to extract sensitive information from a site’s database, including user emails and password hashes, all [...] --------------------------------------------- https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind, GNOME, java-1.8.0-openjdk, java-11-openjdk, nss and nspr, xstream, and xterm), Debian (bind9 and libimage-exiftool-perl), Fedora (ansible, babel, java-11-openjdk, and java-latest-openjdk), Gentoo (chromium, clamav, firefox, git, grub, python, thunderbird, tiff, webkit-gtk, and xorg-server), Mageia (kernel, nvidia-current, nvidia390, qtbase5, and sdl2), openSUSE (Chromium, cifs-utils, cups, giflib, gsoap, libnettle, librsvg, netdata, postsrsd, [...] --------------------------------------------- https://lwn.net/Articles/855217/ ∗∗∗ Synology-SA-21:16 ISC BIND ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain sensitive information or conduct denial-of-service attacks via a susceptible version of Synology DNS Server. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_21_16 ∗∗∗ Synology-SA-21:17 Samba ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_21_17 ∗∗∗ Epic Games Rocket League 1.95 (AK::MemoryMgr::GetPoolName) Stack Buffer Overrun ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5651.php ∗∗∗ Epic Games Psyonix Rocket League v1.95 Insecure Permissions ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5650.php ∗∗∗ Security Bulletin: Vulnerability in bind affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-aff… ∗∗∗ Security Bulletin: Vulnerability in bind affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-aff… ∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to multiple denial of service through the Node.js runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ Security Bulletin: A vulnerability in IBM® SDK, Java™ Technology Edition may affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-sd… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to a command injection vulnerability (CVE-2021-23337) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2020-5024) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-… ∗∗∗ Security Bulletin: A vulnerability in IBM® SDK, Java™ Technology Edition may affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-sd… ∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily May 2021