Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - 26.07.2021
by Daily end-of-shift report 26 Jul '21

26 Jul '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-07-2021 18:00 − Montag 26-07-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Windows-Netze verwundbar für Relay-Angriff PetitPotam ∗∗∗ --------------------------------------------- Forscher demonstrieren einen neuen Weg, sich zum König einer Windows-Domäne aufzuschwingen. Microsoft zuckt mit den Achseln und verweist auf Härtungsmaßnahmen. --------------------------------------------- https://heise.de/-6147467 ∗∗∗ GitLab schickt Package Hunter auf die Jagd nach Schadcode ∗∗∗ --------------------------------------------- Das neue Open-Source-Tool Package Hunter soll Schadcode in Dependencies erkennen können. --------------------------------------------- https://heise.de/-6147526 ∗∗∗ No More Ransom: We Prevented Ransomware Operators From Earning $1 Billion ∗∗∗ --------------------------------------------- No More Ransom is celebrating its 5th anniversary and the project says it has helped more than 6 million ransomware victims recover their files and prevented cybercriminals from earning roughly $1 billion. No More Ransom is a joint effort of law enforcement and cybersecurity companies whose goal is to help victims of ransomware attacks recover their files without having to pay the ransom demanded by criminals. --------------------------------------------- https://www.securityweek.com/no-more-ransom-we-prevented-ransomware-operato… ∗∗∗ Microsoft warns of weeks-long malspam campaign abusing HTML smuggling ∗∗∗ --------------------------------------------- The Microsoft security team said it detected a weeks-long email spam campaign abusing a technique known as “HTML smuggling” to bypass email security systems and deliver malware to user devices. HTML smugging, as explained by SecureTeam and Outflank, is a technique that allows threat actors to assemble malicious files on users’ device by clever use of HTML5 and JavaScript code. --------------------------------------------- https://therecord.media/microsoft-warns-of-weeks-long-malspam-campaign-abus… ∗∗∗ RemotePotato0: Privilege Escalation-Schwachstelle im Windows RPC Protocol ∗∗∗ --------------------------------------------- Jedes Windows-System ist anfällig für eine bestimmte NTLM-Relay-Attacke, die es Angreifern ermöglichen könnte, die Privilegien vom Benutzer zum Domain-Admin zu erweitern. Diese Schwachstelle besitzt den Status „wird nicht behoben“ und war Gegenstand des PetitPotam-Ansatzes, den ich am Wochenende thematisiert hatte. Nun hat Antonio Cocomazzi auf die RemotePotato0 genannte Schwachstelle hingewiesen. Diese verwendet das Windows RPC Protocol für eine Privilegien-Ausweitung. --------------------------------------------- https://www.borncity.com/blog/2021/07/26/remotepotato0-privilege-escalation… ===================== = Vulnerabilities = ===================== ∗∗∗ Collabora Online: Update schützt vor unbefugten Dateizugriffen aus der Ferne ∗∗∗ --------------------------------------------- Das Collabora Online-Team rät zur Aktualisierung der Online-Officeanwendung, um eine als "kritisch" eingestufte Remote-Angriffsmöglichkeit zu beseitigen. --------------------------------------------- https://heise.de/-6147967 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (aspell, intel-microcode, krb5, rabbitmq-server, and ruby-actionpack-page-caching), Fedora (chromium, containernetworking-plugins, containers-common, crun, fossil, podman, skopeo, varnish-modules, and vmod-uuid), Gentoo (leptonica, libsdl2, and libyang), Mageia (golang, lib3mf, nodejs, python-pip, redis, and xstream), openSUSE (containerd, crmsh, curl, icinga2, and systemd), Oracle (containerd), and Red Hat (thunderbird). --------------------------------------------- https://lwn.net/Articles/864346/ ∗∗∗ OTRS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in OTRS ausnutzen, um Sicherheitsvorkehrungen zu umgehen und einen Cross-Site-Scripting-Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0805 ∗∗∗ Security Bulletin: FasterXML Vulnerability in Jackson-Databind Affects IBM Sterling Connect:Direct File Agent (CVE-2018-7489) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-fasterxml-vulnerability-i… ∗∗∗ Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Sterling Connect:Direct File Agent (CVE-2020-1953) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-configurat… ∗∗∗ Security Bulletin: IBM i2 Analyze missing security header (CVE-2021-29769) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-missing-se… ∗∗∗ Security Bulletin: IBM i2 Analyze and i2 Analyst's Notebook Premium has session handling vulnerability (CVE-2021-20431) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-and-i2-ana… ∗∗∗ Security Bulletin: Apache PDFBox as used by IBM QRadar Incident Forensics is vulnerable to denial of service (CVE-2021-27807, CVE-2021-27906) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-pdfbox-as-used-by-… ∗∗∗ Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29767) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-… ∗∗∗ Security Bulletin: IBM i2 iBase vulnerable to DLL highjacking (CVE-2020-4623) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-ibase-vulnerable-t… ∗∗∗ Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-… ∗∗∗ Security Bulletin: IBM QRadar SIEM uses weaker than expected cryptographic algorithms (CVE-2021-20337) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-uses-weak… ∗∗∗ Security Bulletin: IBM i2 Analyze has an information disclosure vulnerability (CVE-2021-20430) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-has-an-inf… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.07.2021
by Daily end-of-shift report 23 Jul '21

23 Jul '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-07-2021 18:00 − Freitag 23-07-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Nach Lieferkettenangriff: Kaseya will Daten retten dank Entschlüsselungs-Tool ∗∗∗ --------------------------------------------- Fast drei Wochen nach dem verheerenden LIeferkettenangriff auf Kunden von Kaseya gibt es Hoffnung für die Opfer. Die US-Firma hat einen Generalschlüssel. --------------------------------------------- https://heise.de/-6145950 ∗∗∗ The NSO “Surveillance List”: What It Is and Isn’t ∗∗∗ --------------------------------------------- A series of blockbuster stories published this week around a leaked list of 50,000 phone numbers have created confusion about whether the owners of those numbers were targets of surveillance or not. --------------------------------------------- https://zetter.substack.com/p/the-nso-surveillance-list-what-it ∗∗∗ Phish Swims Past Email Security With Milanote Pages ∗∗∗ --------------------------------------------- The “Evernote for creatives” is anchoring a rapidly spiking phishing campaign, evading SEGs with ease. --------------------------------------------- https://threatpost.com/phish-email-security-milanote/168021/ ∗∗∗ When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure ∗∗∗ --------------------------------------------- LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity. --------------------------------------------- https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-… ∗∗∗ Uncovering Shenanigans in an IP Address Block via Hurricane Electrics BGP Toolkit (II), (Fri, Jul 23rd) ∗∗∗ --------------------------------------------- Today's diary revisits hunting for dodgy domains via Hurricane Electric's BGP Toolkit [1]. This was previously done in an earlier diary [2], and I plan to do this occasionally to share potential or identified threats so that readers can be aware of them. --------------------------------------------- https://isc.sans.edu/diary/rss/27664 ∗∗∗ Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software ∗∗∗ --------------------------------------------- A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics." --------------------------------------------- https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.ht… ∗∗∗ Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code ∗∗∗ --------------------------------------------- After more than 20 years in the making, now its official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. --------------------------------------------- https://thehackernews.com/2021/07/wake-up-identify-api-vulnerabilities.html ∗∗∗ This Week in Security: NSO, Print Spooler, and a Mysterious Decryptor ∗∗∗ --------------------------------------------- The NSO Group has been in the news again recently, with multiple stories reporting on their Pegasus spyware product. The research and reporting spearheaded by Amnesty International is collectively known [...] --------------------------------------------- https://hackaday.com/2021/07/23/this-week-in-security-nso-print-spooler-and… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, curl, impacket, jdk11-openjdk, jre-openjdk, jre-openjdk-headless, jre11-openjdk-headless, kernel, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, libpano13, linux-hardened, linux-lts, linux-zen, nvidia-utils, opera, systemd, and virtualbox), CentOS (java-11-openjdk and kernel), Debian (lemonldap-ng), Fedora (curl and podman), Gentoo (icedtea-web and velocity), openSUSE (bluez, go1.15, go1.16, [...] --------------------------------------------- https://lwn.net/Articles/864158/ ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2021-0004 ∗∗∗ --------------------------------------------- Date Reported: July 23, 2021 Advisory ID: WSA-2021-0004 CVE identifiers: CVE-2021-1817, CVE-2021-1820,CVE-2021-1825, CVE-2021-1826,CVE-2021-21775, CVE-2021-21779,CVE-2021-21806, CVE-2021-30661,CVE-2021-30663, CVE-2021-30665,CVE-2021-30666, CVE-2021-30682,CVE-2021-30689, CVE-2021-30720,CVE-2021-30734, CVE-2021-30744,CVE-2021-30749, CVE-2021-30758,CVE-2021-30761, CVE-2021-30762,CVE-2021-30795, CVE-2021-30797,CVE-2021-30799. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. --------------------------------------------- https://webkitgtk.org/security/WSA-2021-0004.html ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210721… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise v11 are affected by vulnerabilities in Node.js (CVE-2021-3450, CVE-2021-3449) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-i… ∗∗∗ Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-2207) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vu… ∗∗∗ Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2207) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vu… ∗∗∗ Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-… ∗∗∗ Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-2207) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vu… ∗∗∗ Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2207) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vu… ∗∗∗ Microsoft Chrome Based Edge: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0800 ∗∗∗ Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0799 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.07.2021
by Daily end-of-shift report 22 Jul '21

22 Jul '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-07-2021 18:00 − Donnerstag 22-07-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Cisco: Wichtiges Sicherheitsupdate für Intersight Virtual Appliance verfügbar ∗∗∗ --------------------------------------------- Für die virtuelle Cisco Intersight-Appliance, aber auch für weitere Produkte des Netzwerkausrüsters stehen sicherheitsrelevante Aktualisierungen bereit. --------------------------------------------- https://heise.de/-6144993 ∗∗∗ HP, Samsung & Xerox: Lücke in Windows-Druckertreibern gefixt – nach 16 Jahren ∗∗∗ --------------------------------------------- Wer die seit Mitte Mai verfügbaren Druckertreiber-Updates noch nicht installiert hat, sollte dies zügig nachholen: Angreifer könnten Systeme übernehmen. --------------------------------------------- https://heise.de/-6145114 ∗∗∗ Recovery Scams: Weitere Schäden statt Geld zurück! ∗∗∗ --------------------------------------------- Wer Opfer einer betrügerischen Investitionsplattform wird, erleidet mitunter beträchtlichen finanziellen Schaden. Damit nicht genug, folgen wenig später E-Mails oder Anrufe der Kriminellen, die hinter dem Investitionsbetrug steckten. Diesmal geben sie sich jedoch nicht als InvestmentberaterInnen aus, sondern Schlüpfen in eine andere Rolle: Gegen Vorabzahlung versprechen sie Hilfe beim Zurückholen des verlorenen Geldes. --------------------------------------------- https://www.watchlist-internet.at/news/recovery-scams-weitere-schaeden-stat… ∗∗∗ MITRE updates list of top 25 most dangerous software bugs ∗∗∗ --------------------------------------------- MITRE has shared this years top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mitre-updates-list-of-top-25… ∗∗∗ Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug ∗∗∗ --------------------------------------------- A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems. --------------------------------------------- https://threatpost.com/win-10-serioussam/168034/ ∗∗∗ Compromising a Network Using an "Info" Level Finding ∗∗∗ --------------------------------------------- Anyone who has ever read a vulnerability scan report will know that scanners often include a large number of findings they classify as "Info". Typically this is meant to convey general information about the target systems which does not pose any risk. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/compromisin… ∗∗∗ Vulnerable Plugin Exploited in Spam Redirect Campaign ∗∗∗ --------------------------------------------- Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we have been seeing the infections start. This plugin has over 400,000 installations so we have seen a sustained campaign to infect sites with this plugin installed. In this post I will review a common infection seen as a result of this vulnerability in the wp-user-avatar plugin. --------------------------------------------- https://blog.sucuri.net/2021/07/vulnerable-plugin-exploited-in-spam-redirec… ∗∗∗ Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws ∗∗∗ --------------------------------------------- Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services thats remotely exploitable without authentication. It's worth noting that the weakness was originally addressed as part of an out-of-band security update in June 2019. --------------------------------------------- https://thehackernews.com/2021/07/oracle-warns-of-critical-remotely.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pillow and redis), Fedora (kernel-headers, kernel-tools, kernelshark, libbpf, libtraceevent, libtracefs, nextcloud, and trace-cmd), Gentoo (chromium and singularity), Mageia (kernel, kernel-linus, and systemd), openSUSE (caribou, chromium, curl, and qemu), Oracle (java-1.8.0-openjdk, java-11-openjdk, kernel, and systemd), Slackware (curl), SUSE (curl, kernel, linuxptp, python-pip, and qemu), and Ubuntu (ruby2.3, ruby2.5, ruby2.7). --------------------------------------------- https://lwn.net/Articles/863997/ ∗∗∗ Atlassian Patches Critical Vulnerability in Jira Data Center Products ∗∗∗ --------------------------------------------- Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products. --------------------------------------------- https://www.securityweek.com/atlassian-patches-critical-vulnerability-jira-… ∗∗∗ IDEMIA fixed biometric identification devices vulnerabilities discovered by Positive Technologies ∗∗∗ --------------------------------------------- https://www.ptsecurity.com/ww-en/about/news/idemia-fixed-biometric-identifi… ∗∗∗ July 22, 2021 TNS-2021-14 [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2021-14 ∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0793 ∗∗∗ cURL: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0797 ∗∗∗ MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24, mymbCONNECT24 <= 2.8.0 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2021-031 ∗∗∗ MB connect line: two vulnerabilities in mymbCONNECT24, mbCONNECT24 <= 2.8.0 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2021-030 ∗∗∗ MB connect line: Privilege escalation in mbDIALUP <= 3.9R0.0 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2021-017 ∗∗∗ ZDI-21-893: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-893/ ∗∗∗ ZDI-21-892: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-892/ ∗∗∗ ZDI-21-891: (0Day) Apple macOS ImageIO TIFF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-891/ ∗∗∗ ZDI-21-890: (0Day) Apple macOS AudioToolboxCore LOAS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-890/ ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK (April 2021) affects IBM InfoSphere Information Server (CVE-2021-2161) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: Addressing the Sqlite Vulnerability CVE-2021-20227 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-addressing-the-sqlite-vul… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL injection ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-informatio… ∗∗∗ Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Directory Server (CVE-2020-5258) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-ha… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.07.2021
by Daily end-of-shift report 21 Jul '21

21 Jul '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-07-2021 18:00 − Mittwoch 21-07-2021 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Trügerische Gewinnversprechen ∗∗∗ --------------------------------------------- Der Onlinehandel mit Finanzinstrumenten wird bei Anlegern immer beliebter. Diesen Trend machen sich Betrüger zunutze. Sie versprechen hohe Gewinne mit betrügerischen Cybertrading-Plattformen. --------------------------------------------- https://www.bmi.gv.at/news.aspx?id=4661724A4D466861696B4D3D ∗∗∗ XLoader malware steals logins from macOS and Windows systems ∗∗∗ --------------------------------------------- A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/xloader-malware-steals-login… ∗∗∗ NPM package steals Chrome passwords on Windows via recovery tool ∗∗∗ --------------------------------------------- New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/npm-package-steals-chrome-pa… ∗∗∗ Betrügerische E-Mail im Namen der Raiffeisen Bank im Umlauf ∗∗∗ --------------------------------------------- Zahlreiche InternetnutzerInnen finden derzeit ein vermeintliches E-Mail der Raiffeisen Bank in ihrem Posteingang. Darin wird behauptet, dass aufgrund aktueller Betrugsversuche ein neues Sicherheitssystem notwendig sei. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-e-mail-im-namen-der-r… ∗∗∗ CVE-2021-31969: Underflowing in the Clouds ∗∗∗ --------------------------------------------- You can now have your storage in the cloud while exploring it locally on your system. On Windows, this is done via the Cloud Sync Engine. This component exposes a native API known as the Cloud Filter API. --------------------------------------------- https://www.thezdi.com/blog/2021/7/19/cve-2021-31969-underflowing-in-the-cl… ∗∗∗ New Attacks on Kubernetes via Misconfigured Argo Workflows ∗∗∗ --------------------------------------------- Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. --------------------------------------------- https://www.intezer.com/blog/container-security/new-attacks-on-kubernetes-v… ===================== = Vulnerabilities = ===================== ∗∗∗ Nasty Linux Systemd Security Bug Revealed ∗∗∗ --------------------------------------------- Qualys has discovered a new systemd security bug that enables any unprivileged user to cause a denial of service via a kernel panic. --------------------------------------------- https://it.slashdot.org/story/21/07/20/211230/nasty-linux-systemd-security-… ∗∗∗ Vulnerability in ON24 Plugin for macOS Shares More Than Just Your Screen ∗∗∗ --------------------------------------------- ON24 presenter mode requires you to install a plugin that is used to share your screen. For the macOS app (DesktopScreenShare.app), the plugin is started automatically once a user logs on. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vulnerabili… ∗∗∗ HiveNightmare: Nutzer können die Windows-Passwort-Datenbank auslesen ∗∗∗ --------------------------------------------- Fehlerhafte Zugriffsrechte verursachen eine Sicherheitslücke in Windows 10 und 11. Einen Patch gibt es noch nicht – wir zeigen aber erste Workarounds. --------------------------------------------- https://heise.de/-6143746 ∗∗∗ Sicherheitsupdates: Adobe patcht Photoshop & Co. außer der Reihe ∗∗∗ --------------------------------------------- Angreifer könnten Computer, auf denen unter anderem Adobe After Effects oder Prelude laufen, mit Schadcode attackieren. --------------------------------------------- https://heise.de/-6143780 ∗∗∗ Root-Kernel-Lücke bedroht viele Linux-Distributionen ∗∗∗ --------------------------------------------- Sicherheitsforscher demonstrieren erfolgreiche Attacken auf Debian, Fedora und Ubuntu. Im Anschluss hatten sie Root-Rechte. Patches schaffen Abhilfe. --------------------------------------------- https://heise.de/-6144023 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (ant, code, dino, firefox-ublock-origin, go, libuv, nextcloud-app-mail, nodejs-lts-erbium, nodejs-lts-fermium, openvswitch, putty, racket, telegram-desktop, and wireshark-cli), Debian (kernel, linux-4.19, and systemd), Fedora (kernel, kernel-headers, kernel-tools, and krb5), Gentoo (systemd), Mageia (perl-Convert-ASN1 and wireshark), openSUSE (caribou, containerd, crmsh, fossil, icinga2, kernel, nextcloud, and systemd), Red Hat (389-ds:1.4, glibc,[...] --------------------------------------------- https://lwn.net/Articles/863861/ ∗∗∗ Apple Releases Security Updates ∗∗∗ --------------------------------------------- Apple has released security updates to address vulnerabilities in Safari 14.1.2 and iOS 14.7. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/apple-releases-se… ∗∗∗ Malware Targeting Pulse Secure Devices ∗∗∗ --------------------------------------------- As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed 13 malware samples related to exploited Pulse Secure devices. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting… ∗∗∗ VU#914124: Arcadyan-based routers and modems vulnerable to authentication bypass ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/914124 ∗∗∗ Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2021070121 ∗∗∗ Security Bulletin: Multiple vulnerabilities in F5 NGINX Controller affect IBM Cloud Pak for Automation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Nvidia GPU Display Treiber: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0769 ∗∗∗ PuTTY: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0790 ∗∗∗ Mitsubishi Electric MELSEC-F Series ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.07.2021
by Daily end-of-shift report 20 Jul '21

20 Jul '21

===================== = End-of-Day report = ===================== Timeframe: Montag 19-07-2021 18:00 − Dienstag 20-07-2021 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ New MosaicLoader malware targets software pirates via online ads ∗∗∗ --------------------------------------------- An ongoing worldwide campaign is pushing new malware dubbed MosaicLoader advertising camouflaged as cracked software via search engine results to infect wannabe software pirates systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-mosaicloader-malware-tar… ∗∗∗ Summer of SAM - incorrect permissions on Windows 10/11 hives, (Tue, Jul 20th) ∗∗∗ --------------------------------------------- If you opened Twitter today you were probably flooded with news about the latest security issue with Windows. --------------------------------------------- https://isc.sans.edu/diary/rss/27652 ∗∗∗ 6 typische Phishing-Attacken ∗∗∗ --------------------------------------------- Phishing, Smishing, Vishing - kennen Sie den Unterschied? --------------------------------------------- https://sec-consult.com/de/blog/detail/6-common-types-of-phishing-attacks/ ∗∗∗ Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware ∗∗∗ --------------------------------------------- The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). --------------------------------------------- https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-fro… ∗∗∗ Don’t Wanna Pay Ransom Gangs? Test Your Backups. ∗∗∗ --------------------------------------------- Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only theyd had proper data backups. --------------------------------------------- https://krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-b… ∗∗∗ Vorsicht vor gefälschtem „Voicemail“ SMS ∗∗∗ --------------------------------------------- „Sie haben eine neue Voicemail“: Dieses lästige Fake-SMS mit einem Link zu einer angeblichen Sprachnachricht erhalten momentan unzählige HandynutzerInnen. Klicken Sie keinesfalls auf den Link. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschtem-voicemail-… ∗∗∗ AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department ∗∗∗ --------------------------------------------- This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. --------------------------------------------- https://us-cert.cisa.gov/ncas/alerts/aa21-200a ∗∗∗ Significant Historical Cyber-Intrusion Campaigns Targeting ICS ∗∗∗ --------------------------------------------- CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/significant-histo… ===================== = Vulnerabilities = ===================== ∗∗∗ TYPO3 Security Advisories for 2021-07-20 ∗∗∗ --------------------------------------------- TYPO3-CORE-SA-2021-009 - TYPO3-CORE-SA-2021-012 --------------------------------------------- https://typo3.org/help/security-advisories ∗∗∗ Forensischer Bericht: iMessage-Lücke für Pegasus Spyware wird weiterhin genutzt ∗∗∗ --------------------------------------------- Amnesty International geht davon aus, dass eine iMessage-Lücke zur Installation von Spyware der Überwachungsfirma NSO Group bis heute ausgenutzt wird. --------------------------------------------- https://heise.de/-6141467 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel, libjdom1-java, rabbitmq-server, and systemd), Fedora (glibc), Gentoo (libpano13, libslirp, mpv, pjproject, pycharm-community, and rpm), Mageia (glibc, libuv, mbedtls, rvxt-unicode, mxrvt, eterm, tomcat, and zziplib), openSUSE (dbus-1, firefox, go1.15, lasso, nodejs10, nodejs12, nodejs14, and sqlite3), SUSE (go1.15), and Ubuntu (containerd). --------------------------------------------- https://lwn.net/Articles/863617/ ∗∗∗ Oracle Releases July 2021 Critical Patch Update ∗∗∗ --------------------------------------------- Oracle has released its Critical Patch Update for July 2021 to address 327 vulnerabilities across multiple products. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/oracle-releases-j… ∗∗∗ Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug ∗∗∗ --------------------------------------------- Security experts have found a severe vulnerability in a common printer driver used by HP, Xerox, and Samsung. --------------------------------------------- https://therecord.media/hundreds-of-millions-of-hp-xerox-and-samsung-printe… ∗∗∗ New Sequoia bug gives you root access on most Linux systems ∗∗∗ --------------------------------------------- Security auditing firm Qualys said today it discovered a new vulnerability in the Linux operating system that can grant attackers root access on most distros, such as Ubuntu, Debian, and Fedora. --------------------------------------------- https://therecord.media/new-sequoia-bug-gives-you-root-access-on-most-linux… ∗∗∗ Sicherheitsupdates: Root-Lücke bedroht FortiManager und FortiAnalyzer ∗∗∗ --------------------------------------------- https://heise.de/-6142498 ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect OS Images for Red Hat Linux Systems used by IBM Cloud Pak System (Jan2021 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM App Connect Enterprise v11 is affected by vulnerabilities in Node.js (CVE-2021-23358) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ Security Bulletin: Vulnerability in self-service console affects IBM Cloud Pak System (CVE-2021-20478) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-self-ser… ∗∗∗ Security Bulletin: A vulnerability in IBM Spectrum Scale could allow an authenticated user to gain elevated privileges (CVE-2020-9492) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-sp… ∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Pak System (CVE-2020-1971) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-… ∗∗∗ Security Bulletin: Vulnerabilities in Docker affect IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-docker… ∗∗∗ Security Bulletin: Vulnerabilities in Python affect OS Image for RedHat bundled with Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-python… ∗∗∗ Security Bulletin: Watson Explorer is affected by Apache PDFBox vulnerabilities (CVE-2021-27807, CVE-2021-27906, CVE-2021-31811, CVE-2021-31812) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-watson-explorer-is-affect… ∗∗∗ Security Bulletin: Vulnerability in jackson-databind affects Cloud Pak System (CVE-2020-25649) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-… ∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in node.js and OpenSSL (CVE-2021-23840, CVE-2021-22884, CVE-2021-22883) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Vulnerabilities in CODESYS V2 runtime systems ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-670099.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.07.2021
by Daily end-of-shift report 19 Jul '21

19 Jul '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-07-2021 18:00 − Montag 19-07-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Innenministerium warnt vor betrügerischen SMS ∗∗∗ --------------------------------------------- Es sind erneut Betrugs-SMS im Umlauf, wobei Menschen in Österreich immer wieder Benachrichtigungen mit Informationen zu einer verpassten Sprachnachricht erhalten. --------------------------------------------- https://www.bmi.gv.at/news.aspx?id=50783968547451414D42673D ∗∗∗ VU#131152: Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files ∗∗∗ --------------------------------------------- Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print. Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler process. --------------------------------------------- https://kb.cert.org/vuls/id/131152 ∗∗∗ Betrug per Whatsapp: "Ich hab mein Handy verloren, kannst du Geld überweisen?" ∗∗∗ --------------------------------------------- Mit vorgeblichen Hilferufen von Verwandten versuchen Trickbetrüger per Whatsapp, Menschen um ihr Geld zu bringen - oft mit Erfolg, sagt die Polizei. --------------------------------------------- https://www.golem.de/news/betrug-per-whatsapp-ich-hab-mein-handy-verloren-k… ∗∗∗ That iPhone WiFi crash bug is far worse than initially thought ∗∗∗ --------------------------------------------- An innocuous iPhone bug that could crash the WiFi service has turned out to be far worse than initially thought after mobile security firm ZecOps showed on Friday how the bug could be abused for remote code execution attacks. --------------------------------------------- https://therecord.media/that-iphone-wifi-crash-bug-is-far-worse-than-initia… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-21-815: Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-815/ ∗∗∗ ZDI-21-876: (0Day) Advantech WebAccess/NMS DashBoardAction Missing Authentication Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-876/ ∗∗∗ ZDI-21-879: (0Day) WSO2 API Manager JMX Use of Hard-coded Credentials Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-879/ ∗∗∗ ZDI-21-877: (0Day) Autodesk Meshmixer 3MF File Parsing Use-After-Free Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Meshmixer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-877/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, mbedtls, nextcloud, python-pillow, ruby, ruby2.6, ruby2.7, systemd, thunderbird, varnish, and vivaldi), Debian (thunderbird), Fedora (chromium, firefox, and linux-firmware), Gentoo (apache, commons-fileupload, dovecot, and mediawiki), openSUSE (firefox, fossil, go1.16, and icinga2), Oracle (firefox, kernel, and kernel-container), Red Hat (nettle), and SUSE (firefox and go1.16). --------------------------------------------- https://lwn.net/Articles/863453/ ∗∗∗ Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. --------------------------------------------- https://support.citrix.com/article/CTX319135 ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: An unspecified vulnerability in Java SE results in a low confidentiality impact ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerabil… ∗∗∗ Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities – Handlebars.js ( CVE-2019-19919, CVE-2021-32820) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-usin… ∗∗∗ Security Bulletin: Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-a… ∗∗∗ Security Bulletin: IBM Security SOAR could allow a privileged user to import non-approved Python2 modules (CVE-2021-29780). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-could-a… ∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tier CVE-2021-21409 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-… ∗∗∗ Security Bulletin: Vulnerability in bind (CVE-2021-25215) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-cve… ∗∗∗ Security Bulletin: Vulnerability in shell affects Power Hardware Management Console ( CVE-2021-29707). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-shell-af… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.07.2021
by Daily end-of-shift report 16 Jul '21

16 Jul '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-07-2021 18:00 − Freitag 16-07-2021 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Warten auf Patches: Neue Drucker-Lücke in Windows entdeckt ∗∗∗ --------------------------------------------- Abermals könnten Angreifer Windows über eine Drucker-Schwachstelle attackieren und Schadcode ausführen. Bislang gibt es nur einen Workaround zur Absicherung. --------------------------------------------- https://heise.de/-6140346 ∗∗∗ Vulnerabilities in Etherpad Collaboration Tool Allow Data Theft ∗∗∗ --------------------------------------------- XSS and Argument Injection Flaws Found in Popular Etherpad Collaboration Tool --------------------------------------------- https://www.securityweek.com/vulnerabilities-etherpad-collaboration-tool-al… ∗∗∗ Introduction to ICS Security Part 2 ∗∗∗ --------------------------------------------- An introduction to the Purdue Enterprise Reference Architecture (PERA), additional reference models, and best practices for secure ICS architectures. --------------------------------------------- https://www.sans.org/blog/introduction-to-ics-security-part-2?msc=rss ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Intelligent Proximity SSL Certificate Validation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device (Version: 1.1 Description: Added fixed releases.) --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Schadcode-Lücken im Netzwerkbetriebssystem Junos OS geschlossen ∗∗∗ --------------------------------------------- Angreifer könnten unter anderem Router und Switches von Juniper attackieren. Sicherheitsupdates schaffen Abhilfe. --------------------------------------------- https://heise.de/-6140423 ∗∗∗ WordPress-Plugin: WooCommerce schließt kritische Sicherheitslücke ∗∗∗ --------------------------------------------- WordPress hat nach dem Veröffentlichen des Patches ein automatisiertes Zwangsupdate veranlasst. Trotzdem könnten noch nicht alle Shops versorgt sein. --------------------------------------------- https://heise.de/-6140221 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040 ∗∗∗ --------------------------------------------- Cisco Talos recently discovered multiple vulnerabilities in the D-LINK DIR-3040 wireless router. The DIR-3040 is an AC3000-based wireless internet router. These vulnerabilities could allow an attacker to carry out a variety of malicious actions, including exposing sensitive information, causing a denial of service and gaining the ability to execute arbitrary code. --------------------------------------------- https://blog.talosintelligence.com/2021/07/vuln-spotlight-d-link.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (firefox-esr), Fedora (linuxptp), Gentoo (commons-collections), Mageia (aom, firefox, python-django, thunderbird, and tpm2-tools), openSUSE (claws-mail, kernel, nodejs10, and nodejs14), Red Hat (nettle), Scientific Linux (firefox), SUSE (firefox, kernel, nodejs10, and nodejs14), and Ubuntu (libslirp and qemu). --------------------------------------------- https://lwn.net/Articles/863180/ ∗∗∗ Ypsomed mylife ∗∗∗ --------------------------------------------- This advisory contains mitigations for Insufficiently Protected Credentials, Not Using an Unpredictable IV with CBC Mode, and Use of Hard-coded Credentials vulnerabilities in the Ypsomed mylife diabetes management platform. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-21-196-01 ∗∗∗ Icinga: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0758 ∗∗∗ [webapps] Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/50132 ∗∗∗ Security Bulletin: IBM i2 Analyze is affected by multiple DB2 vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-is-affecte… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM DB2 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM QRadar SIEM uses less secure methods for securing data at rest and in transit between hosts (CVE-2020-4980) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-uses-less… ∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud TierCVE-(2021-21295) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-… ∗∗∗ Security Bulletin: 3RD PARTY IBM InfoSphere MDM Inspector – Cross Site Request Forgery ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-3rd-party-ibm-infosphere-… ∗∗∗ Security Bulletin: IBM Data Replication Support Tool Information Collection on Sybase Platform ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-supp… ∗∗∗ Security Bulletin: IBM Data Replication Affected by Multiple Vulnerabilities in IBM Java SDK ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affe… ∗∗∗ Security Bulletin: IBM Data Replication Affected by IBM Java SDK Vulnerability (CVE-2019-4732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affe… ∗∗∗ Security Bulletin: Dojo vulnerability in WebSphere Liberty affects Collaboration and Deployment Services (CVE-2020-5258) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-dojo-vulnerability-in-web… ∗∗∗ Security Bulletin: IBM Data Replication Affected by Multiple Vulnerabilities in IBM Java SDK ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affe… ∗∗∗ Security Bulletin: IBM Data Replication Affected by Vulnerabilities in IBM Java SDK (CVE-2020-2654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affe… ∗∗∗ Security Bulletin: IBM Data Replication Management Console Authentication Affected by Annonymous Binding (CVE-2020-4821) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-mana… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.07.2021
by Daily end-of-shift report 15 Jul '21

15 Jul '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-07-2021 18:00 − Donnerstag 15-07-2021 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IT-Sicherheit: Immer mehr Zero-Day-Exploits bei Angriffen entdeckt ∗∗∗ --------------------------------------------- Sicherheitsforscher verzeichnen immer mehr Angriffe, für die zuvor unbekannte Sicherheitslücken ausgenutzt werden. Das müsse jedoch kein schlechtes Zeichen sein, sagen die Forscher. --------------------------------------------- https://www.golem.de/news/it-sicherheit-immer-mehr-zero-day-exploits-bei-an… ∗∗∗ Attacken auf nicht mehr unterstützte Fernzugriff-Produkte von Sonicwall ∗∗∗ --------------------------------------------- Angreifer attackieren derzeit nicht mehr im Support befindliche Sonicwall Secure Mobile Access und Secure Remote Access mit Ransomware. --------------------------------------------- https://heise.de/-6139330 ∗∗∗ Grüner Pass – worauf Sie achten müssen! ∗∗∗ --------------------------------------------- Seit Kurzem kann man mit dem "Grünen Pass" digital nachweisen, dass man geimpft, getestet oder genesen ist. Aber was ist der "Grüne Pass" und wie kann dieser genutzt werden? Der "Grüne Pass" kann in unterschiedlichen Formen genutzt werden: ausgedruckt, via App, als Foto etc. Wir zeigen Ihnen, wie Sie zu diesem kommen und worauf Sie achten sollten. --------------------------------------------- https://www.watchlist-internet.at/news/gruener-pass-worauf-sie-achten-muess… ∗∗∗ Ransomware: Interpol warnt vor exponentiellen Wachstum ∗∗∗ --------------------------------------------- Cyberkriminelle agieren laut Interpol über Grenzen hinweg und bleiben dabei meist ungestraft. Die Polizeibehörde befürchtet ohne eine Zusammenarbeit zwischen Ermittlern und Privatwirtschaft eine "Ransomware-Pandemie". --------------------------------------------- https://www.zdnet.de/88395786/ransomware-interpol-warnt-vor-exponentiellen-… ∗∗∗ BazarBackdoor sneaks in through nested RAR and ZIP archives ∗∗∗ --------------------------------------------- Security researchers caught a new phishing campaign that tried to deliver the BazarBackdoor malware by using the multi-compression technique and masking it as an image file. --------------------------------------------- https://www.bleepingcomputer.com/news/security/bazarbackdoor-sneaks-in-thro… ∗∗∗ Linux version of HelloKitty ransomware targets VMware ESXi servers ∗∗∗ --------------------------------------------- The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMwares ESXi virtual machine platform for maximum damage. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-… ∗∗∗ USPS Phishing Using Telegram to Collect Data, (Tue, Jul 13th) ∗∗∗ --------------------------------------------- Phishing... at least they don't understand security any better than most kids. The latest example is a simple USPS phish. The lure is an email claiming that a package can not be delivered until I care to update my address. Urgency... and obvious action. They learned something in their phishing 101 class. --------------------------------------------- https://isc.sans.edu/diary/rss/27630 ∗∗∗ An Overview of Basic WordPress Hardening ∗∗∗ --------------------------------------------- We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. While there are a plethora of different ways that site owners can lock down their website, in this post we are going to review the most basic hardening mechanisms that WordPress website owners can employ to improve their security. We will also review the pros and cons of these different tactics. --------------------------------------------- https://blog.sucuri.net/2021/07/basic-wordpress-hardening.html ∗∗∗ macOS: Bashed Apples of Shlayer and Bundlore ∗∗∗ --------------------------------------------- The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. Though these scripts have slight variations, they mostly belong to a plague of adware strains—Shlayer and Bundlore. These malware are the most predominant malware in macOS, also with a history of evading and bypassing the built-in Xprotect, Gatekeeper, Notarization and File Quarantine security features of macOS. --------------------------------------------- https://www.uptycs.com/blog/macos-bashed-apples-of-shlayer-and-bundlore ∗∗∗ Gasket and MagicSocks Tools Install Mespinoza Ransomware ∗∗∗ --------------------------------------------- As cyber extortion flourishes, ransomware gangs are constantly changing tactics and business models to increase the chances that victims will pay increasingly large ransoms. As these criminal organizations become more sophisticated, they are increasingly taking on the appearance of professional enterprises. --------------------------------------------- https://unit42.paloaltonetworks.com/gasket-and-magicsocks-tools-install-mes… ∗∗∗ CISA Insights: Guidance for MSPs and Small- and Mid-sized Businesses ∗∗∗ --------------------------------------------- Original release date: July 14, 2021CISA has released CISA Insights: Guidance for Managed Service Providers (MSPs) and Small- and Mid-sized Businesses, which provides mitigation and hardening guidance to help these organizations strengthen their defenses against cyberattacks. Many small- and mid-sized businesses use MSPs to manage IT systems, store data, or support sensitive processes, making MSPs valuable targets for malicious cyber actors. Compromises of MSPs—such as with the recent [...] --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/07/14/cisa-insights-gui… ===================== = Vulnerabilities = ===================== ∗∗∗ SA44846 - OpenSSL Security Advisory CVE-2021-23841 ∗∗∗ --------------------------------------------- On February 16 2021, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. [...] Pulse Secure is currently evaluating the following issues reported by OpenSSL: As the investigation continues, we recommend subscribing to this advisory as it will be periodically updated to reflect the current status. --------------------------------------------- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846 ∗∗∗ Juniper Security Advisories ∗∗∗ --------------------------------------------- Juniper hat am 14.7.2021 32 Security Advisories mit folgenden Severity Levels veröffentlicht: 12x Medium, 15x High, 5x Critical --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVIS… ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet ∗∗∗ --------------------------------------------- Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software. R-SeeNet is the software system used for monitoring Advantech routers. [...] Talos is disclosing these vulnerabilities despite no official update from Advantech inside the 90-day deadline, as outlined in Cisco’s vulnerability disclosure policy. --------------------------------------------- https://blog.talosintelligence.com/2021/07/vuln-spotlight-r-see-net.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr and php7.0), Fedora (firefox, mingw-djvulibre, and seamonkey), Gentoo (fluidsynth, openscad, and urllib3), openSUSE (ffmpeg, nodejs12, and sqlite3), Red Hat (firefox), and SUSE (ffmpeg, kernel, nodejs10, nodejs12, nodejs14, and sqlite3). --------------------------------------------- https://lwn.net/Articles/863001/ ∗∗∗ Lenovo Working on Patches for BIOS Vulnerabilities Affecting Many Laptops ∗∗∗ --------------------------------------------- Lenovo this week published information on three vulnerabilities that impact the BIOS of two of its desktop products and approximately 60 laptop and notebook models. --------------------------------------------- https://www.securityweek.com/lenovo-working-patches-bios-vulnerabilities-af… ∗∗∗ Kubernetes: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0751 ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® WebSphere Application Server Liberty affect IBM LKS Administration and Reporting Tool and its Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by vulnerability in Java SE (CVE-2020-14579)( CVE-2020-14578)(CVE-2020-14577) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-i… ∗∗∗ Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Watson Compare and Comply for IBM Cloud Pak for Data affected by vulnerability in Apache PDFBox ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-compare-and-co… ∗∗∗ Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities – Apache Commons ( CVE-2021-29425) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-usin… ∗∗∗ Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities – Eclipse Jetty ( CVE-2021-28163, CVE-2021-28165, CVE-2020-27223) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-usin… ∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by a specially-crafted sequence of serialized objects(CVE-2020-4576) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-i… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.07.2021
by Daily end-of-shift report 14 Jul '21

14 Jul '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-07-2021 18:00 − Mittwoch 14-07-2021 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Updated Joker Malware Floods into Android Apps ∗∗∗ --------------------------------------------- The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners. --------------------------------------------- https://threatpost.com/updated-joker-malware-android-apps/167776/ ∗∗∗ Cybercrime-Bande REvil von der Bildfläche verschwunden ∗∗∗ --------------------------------------------- Die Kriminellen erpressten über 1000 Firmen, deren Daten sie mit dem Kaseya-Lieferketten-Angriff verschlüsselten. Jetzt sind ihre Server nicht mehr erreichbar. --------------------------------------------- https://heise.de/-6137119 ∗∗∗ Identitätsdiebstahl statt Darlehen: Schließen Sie keinen Kredit auf 1superkredit.com und kredit-united.com ab! ∗∗∗ --------------------------------------------- Sind Sie auf der Suche nach einem Kredit? Dann stoßen Sie womöglich auf die Webseiten 1superkredit.com oder kredit-united.com. Zwei Webseiten, die einiges gemeinsam haben: Die Webseiten sehen sehr ähnlich aus, bewerben Kredite zu günstigen Bedingungen und hinter beiden Seiten stecken BetrügerInnen. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsdiebstahl-statt-darlehen-… ∗∗∗ CISA Releases Analysis of FY20 Risk and Vulnerability Assessments ∗∗∗ --------------------------------------------- CISA has released an analysis and infographic detailing the findings from the Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year (FY) 2020 across multiple sectors. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/07/08/cisa-releases-ana… ===================== = Vulnerabilities = ===================== ∗∗∗ SonicWall warns of critical ransomware risk to SMA 100 VPN appliances ∗∗∗ --------------------------------------------- SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-… ∗∗∗ Authentication bypass & Remote code Execution bei Schneider Electric EVlink Ladestationen ∗∗∗ --------------------------------------------- Schneider Electric Ladestationen für E-Autos der "EVlink" Serie sind von zwei Schwachstellen betroffen die es einem Angreifer ermöglichen das System zu übernehmen und dort beliebige Befehle auszuführen. --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/authentication-bypass… ∗∗∗ Microsoft-Patchday: Angreifer nutzen vier Sicherheitslücken in Windows aus ∗∗∗ --------------------------------------------- Microsoft schließt unter anderem kritische Schadcode-Lücken in der Schutzlösung Windows Defender. Neben aktiven Angriffen könnten weitere Attacken bevorstehen. --------------------------------------------- https://heise.de/-6137050 ∗∗∗ Patchday: Adobe schließt kritische Lücken in Bridge, Illustrator & Co. ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für verschiedene Adobe-Anwendungen. Angreifer könnten Schadcode ausführen. --------------------------------------------- https://heise.de/-6137110 ∗∗∗ Patchday SAP: Angreifer könnten unberechtigt auf NetWeaver zugreifen ∗∗∗ --------------------------------------------- Der Softwarehersteller SAP schließt mehrere Sicherheitslücken in seinem Portfolio. --------------------------------------------- https://heise.de/-6137467 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (xstream), Debian (linuxptp), Fedora (glibc and krb5), Gentoo (pillow and thrift), Mageia (ffmpeg and libsolv), openSUSE (kernel and qemu), SUSE (kernel), and Ubuntu (php5, php7.0). --------------------------------------------- https://lwn.net/Articles/862855/ ∗∗∗ ICS Patch Tuesday: Siemens and Schneider Electric Address 100 Vulnerabilities ∗∗∗ --------------------------------------------- Industrial giants Siemens and Schneider Electric on Tuesday released a total of two dozen advisories covering roughly 100 vulnerabilities affecting their products. --------------------------------------------- https://www.securityweek.com/ics-patch-tuesday-siemens-and-schneider-electr… ∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210714-… ∗∗∗ Security Advisory - Privilege Escalation Vulnerability in some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210714-… ∗∗∗ Security Advisory - Logic Error Vulnerability in Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210714-… ∗∗∗ Security Bulletin: Unrestricted document type definition vulnerability affects IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-unrestricted-document-typ… ∗∗∗ Security Bulletin: A security vulnerability was fixed in IBM Security Access Manager and IBM Security Verify Access Docker containers ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access Docker container ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Apache PDFBox Vulnerabilities Affect IBM Control Center (CVE-2021-31811, CVE-2021-31812) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-pdfbox-vulnerabili… ∗∗∗ Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ VMSA-2021-0015 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2021-0015.html ∗∗∗ Schneider Electric C-Bus Toolkit ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-01 ∗∗∗ Schneider Electric SCADApack RTU, Modicon Controllers, and Software ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.07.2021
by Daily end-of-shift report 13 Jul '21

13 Jul '21

===================== = End-of-Day report = ===================== Timeframe: Montag 12-07-2021 18:00 − Dienstag 13-07-2021 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Trickbot Activity Increases; new VNC Module On the Radar ∗∗∗ --------------------------------------------- Despite the takedown attempt, Trickbot is more active than ever. In May 2021, our systems started to pick up an updated version of the vncDll module that Trickbot uses against select high-profile targets. --------------------------------------------- https://www.bitdefender.com/blog/labs/trickbot-activity-increases-new-vnc-m… ∗∗∗ Buchen Sie Ihre Unterkunft nicht auf fewolio.de ∗∗∗ --------------------------------------------- fewolio.de ist eine unseriöse Buchungsplattform für luxuriöse Ferienhäuser in Deutschland. Die betrügerische Plattform sticht vor allem durch ihre günstigen Preise und kurzfristigen Verfügbarkeiten hervor. --------------------------------------------- https://www.watchlist-internet.at/news/buchen-sie-ihre-unterkunft-nicht-auf… ===================== = Vulnerabilities = ===================== ∗∗∗ IT-Sicherheit: Neue Sicherheitslücke bei Solarwinds ∗∗∗ --------------------------------------------- Bei einer Dateiaustausch-Software von Solarwinds gab es Probleme. Ein Angreifer hat die Sicherheitslücke offenbar aktiv ausgenutzt. --------------------------------------------- https://www.golem.de/news/it-sicherheit-neue-sicherheitsluecke-bei-solarwin… ∗∗∗ ModiPwn ∗∗∗ --------------------------------------------- Armis researchers discover a critical vulnerability in Schneider Electric Modicon PLCs. The vulnerability can allow attackers to bypass authentication mechanisms which can lead to native remote-code-execution on vulnerable PLCs. --------------------------------------------- https://www.armis.com/research/modipwn/ ∗∗∗ Siemens Security Advisories 2021-07-13 ∗∗∗ --------------------------------------------- Siemens hat 18 neue und 5 aktualisierte Security Advisories veröffentlicht. (CVSS Scores von 5.3 bis 9.8) --------------------------------------------- https://new.siemens.com/de/de/produkte/services/cert.html ∗∗∗ Citrix Virtual Apps and Desktops Security Update ∗∗∗ --------------------------------------------- A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM. --------------------------------------------- https://support.citrix.com/article/CTX319750 ∗∗∗ Examining Crypto and Bypassing Authentication in Schneider Electric PLCs (M340/M580) ∗∗∗ --------------------------------------------- What you see in the picture above is similar to what you might see at a factory, plant, or inside a machine. At the core of it is Schneider Electric’s Modicon M340 programmable logic controller (PLC). --------------------------------------------- https://medium.com/tenable-techblog/examining-crypto-and-bypassing-authenti… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sogo), Fedora (libvirt), Gentoo (polkit), Mageia (binutils, freeradius, guile1.8, kernel, kernel-linus, libgrss, mediawiki, mosquitto, php-phpmailer, and webmin), openSUSE (bluez and jdom2), Oracle (kernel and xstream), Scientific Linux (xstream), and SUSE (kernel and python-pip). --------------------------------------------- https://lwn.net/Articles/862767/ ∗∗∗ Recently Patched ForgeRock AM Vulnerability Exploited in Attacks ∗∗∗ --------------------------------------------- Government agencies in the United States and Australia warn organizations that a recently patched vulnerability affecting ForgeRock Access Management has been exploited in the wild. --------------------------------------------- https://www.securityweek.com/recently-patched-forgerock-am-vulnerability-ex… ∗∗∗ ZDI-21-786: Trend Micro Apex One Incorrect Permission Assignment Denial-of-Service Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-786/ ∗∗∗ ZDI-21-789: (0Day) GoPro Player MOV File Parsing Use-After-Free Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-789/ ∗∗∗ ZDI-21-788: (0Day) GoPro Player MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-788/ ∗∗∗ ZDI-21-787: (0Day) GoPro Player MOV File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-787/ ∗∗∗ SAP Software: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0734 ∗∗∗ Security Bulletin: A vulnerability was found in Oniguruma 6.9.2 that would result in a NULL Pointer Dereference, affecting IBM Cloud Pak for Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-found… ∗∗∗ Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 where insecure http communications is used ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator, affecting IBM Cloud Pak for Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-an-out-of-bounds-read-vul… ∗∗∗ Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 where an error message may disclose implementation details ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: IBM Cloud Pak for Applications v4.3 does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-applica… ∗∗∗ Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 that exposes a cross-site scripting attack due to target blank set in HTML anchor tags ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 which may allow a malicious attacker to obtain sensitive user information from memory ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: A vulnerabilty has been found in x/test pacakge before 0.3.3 for Go that could lead to an infinite loop, affecting IBM Cloud Pak for Applications ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerabilty-has-been-f… ∗∗∗ Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 that exposes the possibility of a cross-site scripting attack. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Cloud Pak for Applications v4.3 that exposes a cross-site scripting attack. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-… ∗∗∗ VMSA-2021-0014 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2021-0014.html ∗∗∗ glibc vulnerability CVE-2020-27618 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K08641512 ∗∗∗ Apache Cassandra vulnerability CVE-2020-13946 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K36212405 ∗∗∗ Apache Tomcat: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0733 ∗∗∗ Icinga: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0732 ∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/07/13/adobe-releases-se… ∗∗∗ Security Advisories SYSS-2021-022, SYSS-2021-023, SYSS-2021-025 und SYSS-2021-026 zu P&I-Software LOGA3 ∗∗∗ --------------------------------------------- https://www.syss.de/pentest-blog/security-advisories-syss-2021-022-syss-202… ∗∗∗ SYSS-2021-020, SYSS-2021-021, SYSS-2021-027: Mehrere Schwachstellen in Element-IT HTTP Commander ∗∗∗ --------------------------------------------- https://www.syss.de/pentest-blog/syss-2021-020-syss-2021-021-syss-2021-027-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily