Daily August 2021

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - 03.08.2021
by Daily end-of-shift report 03 Aug '21

03 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Montag 02-08-2021 18:00 − Dienstag 03-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Supply-Chain-Angriffe: EU-Behörde empfiehlt Code-Checks für Abhängigkeiten ∗∗∗ --------------------------------------------- Als Reaktion auf Angriffe wie bei Solarwinds hat die zuständige EU-Behörde einen einfachen Rat. Doch entsprechende Maßnahmen kann offenbar nicht mal Microsoft umsetzen. --------------------------------------------- https://www.golem.de/news/supply-chain-angriffe-eu-behoerde-empfiehlt-code-… ∗∗∗ Do You Trust Your Smart TV? ∗∗∗ --------------------------------------------- Did you ever stop to think that the office smart TV used for company presentations, Zoom meetings, and other work-related activities may not be so trustworthy? --------------------------------------------- https://securityaffairs.co/wordpress/120752/iot/smart-tv-security.html ∗∗∗ Android-Patchday: Google bessert unter anderem beim Media Framework nach ∗∗∗ --------------------------------------------- Updates für das mobile Betriebssystem zielen wieder einmal auf das Media Framework, beseitigen aber etwa auch kritische Lücken aus Qualcomm-Komponenten. --------------------------------------------- https://heise.de/-6154130 ∗∗∗ RDP brute force attacks explained ∗∗∗ --------------------------------------------- A simple and straightforward explanation of what RDP brute force attacks are, why they are so dangerous, and what you can do about them. --------------------------------------------- https://blog.malwarebytes.com/explained/2021/08/rdp-brute-force-attacks-exp… ∗∗∗ Gefälschte A1-Rechnung führt zu Schadsoftware ∗∗∗ --------------------------------------------- Aktuell werden gefälschte A1-E-Mails mit dem Betreff "Rechnung vom 04.07.2021" versendet. Im E-Mail wird behauptet, dass eine Zahlung nicht bearbeitet werden konnte. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-a1-rechnung-fuehrt-zu-sc… ∗∗∗ Raccoon stealer-as-a-service will now try to grab your cryptocurrency ∗∗∗ --------------------------------------------- The malware has been upgraded to target even more financial information. --------------------------------------------- https://www.zdnet.com/article/raccoon-stealer-as-a-service-will-now-try-to-… ∗∗∗ CISA and NSA Release Kubernetes Hardening Guidance ∗∗∗ --------------------------------------------- The National Security Agency (NSA) and CISA have released Kubernetes Hardening Guidance, a cybersecurity technical report detailing the complexities of securely managing Kubernetes—an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized applications. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/08/02/cisa-and-nsa-rele… ∗∗∗ Positive Technologies: APT group targeting government agencies around the world detected in Russia for the first time ∗∗∗ --------------------------------------------- Positive Technologies Expert Security Center (PT ESC) revealed new attacks by APT31 and analyzed its new tool—a malicious software that allows criminals to control a victim’s computer or network by using remote access. --------------------------------------------- https://www.ptsecurity.com/ww-en/about/news/positive-technologies-apt-group… ∗∗∗ PetitPotam-Angriffe auf Windows durch RPC-Filter blocken ∗∗∗ --------------------------------------------- Sicherheitsforscher haben kürzlich einen neuen Angriffsvektor namens PetitPotam offen gelegt. Mittels eines NTLM-Relay-Angriffs kann jeder Windows Domain Controller übernommen werden. --------------------------------------------- https://www.borncity.com/blog/2021/08/03/petitpotam-angriffe-auf-windows-du… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#405600: Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks ∗∗∗ --------------------------------------------- Microsoft Windows Active Directory Certificate Services (AD CS) by default can be used as a target for NTLM relay attacks, which can allow a domain-joined computer to take over the entire Active Directory. --------------------------------------------- https://kb.cert.org/vuls/id/405600 ∗∗∗ PwnedPiper: Rohrpostsysteme in US-Krankenhäusern über Firmware-Lücken angreifbar ∗∗∗ --------------------------------------------- Sicherheitslücken erlaubten Forschern die komplette Übernahme von "Translogic"-Rohrpostsystemen. Hersteller Swisslog Healthcare hat Updates veröffentlicht. --------------------------------------------- https://heise.de/-6153319 ∗∗∗ Chrome: Browser-Update für den Desktop schließt Sicherheitslücken ∗∗∗ --------------------------------------------- Für die Windows-, Linux- und macOS-Ausgaben des Chrome-Browsers ist ein Update mit insgesamt zehn Security-Fixes verfügbar. --------------------------------------------- https://heise.de/-6153994 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, nodejs, nodejs-lts-erbium, and nodejs-lts-fermium), Debian (pyxdg, shiro, and vlc), openSUSE (qemu), Oracle (lasso), Red Hat (glibc, lasso, rh-php73-php, rh-varnish6-varnish, and varnish:6), Scientific Linux (lasso), SUSE (dbus-1, lasso, python-Pillow, and qemu), and Ubuntu (exiv2, gnutls28, and qpdf). --------------------------------------------- https://lwn.net/Articles/865029/ ∗∗∗ Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software ∗∗∗ --------------------------------------------- Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that could be exploited to gain code execution on vulnerable devices. --------------------------------------------- https://www.securityweek.com/code-execution-flaw-found-cisco-firepower-devi… ∗∗∗ Bypassing Authentication on Arcadyan Routers with CVE-2021–20090 and rooting some Buffalo ∗∗∗ --------------------------------------------- In the following sections we will look at how I took the Buffalo devices apart, did a not-so-great solder job, and used a shell offered up on UART to help find a couple of bugs that could let users bypass authentication to the web interface and enable a root BusyBox shell on telnet. --------------------------------------------- https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-ro… ∗∗∗ Spyware-ähnliche Funktionen in China-App Bejing One Pass gefunden ∗∗∗ --------------------------------------------- Ausländische Firmen, die in China tätig sind, benötigen die App Beijing One Pass, um Zugang zu einer digitalen Plattform für die Verwaltung der staatlichen Leistungen für Arbeitnehmer zu erhalten. Nun haben Sicherheitsspezialisten in dieser App Spyware ähnliche Funktionen gefunden. --------------------------------------------- https://www.borncity.com/blog/2021/08/02/spyware-hnliche-funktionen-in-chin… ∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2021-20227) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit… ∗∗∗ Security Bulletin: A vulnerabilty in encoding/unicode in the UTF-16 decoder has been found in x/text package before v0.3.3 for Go that could lead to an infinite loop and denial of service, affecting IBM Cloud Pak for Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerabilty-in-encodin… ∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2021-20227) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlit… ∗∗∗ Security Bulletin: Vulnerability in ksh affects AIX (CVE-2021-29741) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ksh-affe… ∗∗∗ JSA11209 ∗∗∗ --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11209 ∗∗∗ Linux kernel vulnerability CVE-2021-33909 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K75133288?utm_source=f5support&utm_mediu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.08.2021
by Daily end-of-shift report 02 Aug '21

02 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-07-2021 18:00 − Montag 02-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Linux eBPF bug gets root privileges on Ubuntu - Exploit released ∗∗∗ --------------------------------------------- CVE-2021-3490. A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines. ... If properly exploited, a local attacker could get kernel privileges to run arbitrary code on the machine. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-ebpf-bug-gets-root-pri… ∗∗∗ Remote print server gives anyone Windows admin privileges on a PC ∗∗∗ --------------------------------------------- A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/remote-print-server-gives-a… ∗∗∗ New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits ∗∗∗ --------------------------------------------- A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services (IIS) servers to infiltrate their networks. --------------------------------------------- https://thehackernews.com/2021/08/new-apt-hacking-group-targets-microsoft.h… ∗∗∗ PwnedPiper threatens thousands of hospitals worldwide, patch your systems now ∗∗∗ --------------------------------------------- Nine critical vulnerabilities in a popular hospital pneumatic tube software could give attackers control of infrastructure and allow them to launch additional attacks that cripple healthcare operations. Discovered by researchers at security platform provider Armis and dubbed PwnedPiper, the vulnerabilities are in the Nexus Control Panel software used by Translogic pneumatic tube systems (PTS) built by Swisslog Healthcare. --------------------------------------------- https://www.techrepublic.com/article/pwnedpiper-threatens-thousands-of-hosp… ∗∗∗ Vultur: Android-Trojaner späht Login-Daten für Bankkonten und E-Wallets aus ∗∗∗ --------------------------------------------- Die fernsteuerbare Malware Vultur für Android-Smartphones nutzt Funktionen zur Bildschirmaufzeichnung, um sensible Informationen auf Handys zu stehlen. --------------------------------------------- https://heise.de/-6152250 ∗∗∗ Palo Alto Networks Discloses New Attack Surface Targeting Microsoft IIS and SQL Server at Black Hat Asia 2021 ∗∗∗ --------------------------------------------- The technique allows attackers to remotely attack IIS and SQL Server to gain SYSTEM privileges by using Microsoft Jet database engine vulnerabilities. ... In response to this research, Microsoft released a complex patch to mitigate this attack surface. However, the patch is turned off by default and most Jet vulnerabilities are still not patched. We highly recommend that our customers proactively turn on mitigation to disable remote tables access in the registry and stay cautious of these kinds of attacks. --------------------------------------------- https://unit42.paloaltonetworks.com/iis-and-sql-server/ ∗∗∗ Decryptor released for Prometheus ransomware victims ∗∗∗ --------------------------------------------- Taiwanese security firm CyCraft has released a free application that can help victims of the Prometheus ransomware recover and decrypt some of their files. --------------------------------------------- https://therecord.media/decryptor-released-for-prometheus-ransomware-victim… ===================== = Vulnerabilities = ===================== ∗∗∗ Foxit PDF Reader und Editor: Updates beseitigen zahlreiche Schwachstellen ∗∗∗ --------------------------------------------- Für Foxits PDF-Software für Windows und macOS stehen Aktualisierungen bereit, die unter anderem vor Remote Code Execution-Angriffen schützen sollen. --------------------------------------------- https://heise.de/-6152683 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (389-ds-base, consul, containerd, geckodriver, powerdns, vivaldi, webkit2gtk, and wpewebkit), Debian (aspell, condor, libsndfile, linuxptp, and lrzip), and Fedora (bluez, buildah, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, kernel, kernel-tools, mbedtls, mingw-exiv2, mingw-python-pillow, mrxvt, python-pillow, python2-pillow, redis, and seamonkey). --------------------------------------------- https://lwn.net/Articles/864898/ ∗∗∗ MISP: Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MISP ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0823 ∗∗∗ Security Bulletin: October 2020 Patch Update for Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-october-2020-patch-update… ∗∗∗ Security Bulletin: Apache Commons ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons/ ∗∗∗ Security Bulletin: Vulnerability in ksh affects AIX (CVE-2021-29741) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ksh-affe… ∗∗∗ Security Bulletin: Potential vulnerability with Node.js lodash module ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-w… ∗∗∗ Security Bulletin: Potential vulnerability with FasterXML jackson-databind ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-w… ∗∗∗ Security Bulletin: Cloud Pak for Security has several security vulnerabilities addressed in the latest version ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-ha… ∗∗∗ Security Bulletin: Potential vulnerability with Node.js ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-w… ∗∗∗ Security Bulletin: January 2021 Patch Update for Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-january-2021-patch-update… ∗∗∗ Security Bulletin: Oct 2020 Patch Update for Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-oct-2020-patch-update-for… ∗∗∗ Security Bulletin: IBM API Connect is impacted by multiple OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Security Bulletin: Potential vulnerability with Node.js ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-w… ∗∗∗ Security Bulletin: Potential vulnerability in Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-i… ∗∗∗ Security Bulletin: Potential vulnerability with Node.js ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-w… ∗∗∗ Security Bulletin: October 2020 Patch Update for Java ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-october-2020-patch-update… ∗∗∗ Security Bulletin: User Behavior Analytics application add on to IBM QRadar SIEM performs improper CSRF checking for some components ( CVE-2021-29757) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-user-behavior-analytics-a… ∗∗∗ Security Bulletin: Potential vulnerability with Node.js lodash module ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-w… ∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by XML External Entity Injection vulnerability in WebSphere (CVE-2020-4949) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-i… ∗∗∗ Security Bulletin: Potential vulnerability with Node.js ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-w… ∗∗∗ Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager DR ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affe… ∗∗∗ Security Bulletin: Potential vulnerability in OpenSSL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-i… ∗∗∗ Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager HA ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affe… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily August 2021