Daily

daily@lists.cert.at

1 participants
3150 discussions

Tageszusammenfassung - 13.09.2021
by Daily end-of-shift report 13 Sep '21

13 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-09-2021 18:00 − Montag 13-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Warten auf Windows-Patches: Selbstbau-Anleitung für MSHTML-Exploit in Umlauf ∗∗∗ --------------------------------------------- Sicherheitsforscher warnen, wie Angreifer Microsofts Schutzmaßnahmen vor Windows-Attacken umgehen könnten. Außerdem ist ein Exploit-Baukasten verfügbar. --------------------------------------------- https://heise.de/-6190319 ∗∗∗ SOVA, Worryingly Sophisticated Android Trojan, Takes Flight ∗∗∗ --------------------------------------------- The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it the most feature-rich Android malware on the market. --------------------------------------------- https://threatpost.com/sova-sophisticated-android-trojan/169366/ ∗∗∗ Shipping to Elasticsearch Microsoft DNS Logs, (Sat, Sep 11th) ∗∗∗ --------------------------------------------- This parser takes the logs from a Windows 2012R2 and/or 2019 server (C:\DNSLogs\windns.log) and parses them into usable metatada which can be monitored and queried via an ELK dashboard. The logs have been mapped using DNS ECS field meta here [1]. --------------------------------------------- https://isc.sans.edu/diary/rss/27828 ∗∗∗ New SpookJS Attack Bypasses Google Chrome’s Site Isolation Protection ∗∗∗ --------------------------------------------- A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack. Dubbed "Spook.js" by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv [...] --------------------------------------------- https://thehackernews.com/2021/09/new-spookjs-attack-bypasses-google.html ∗∗∗ REvil: Ransomware-Gang in neuer Aufstellung wieder aktiv ∗∗∗ --------------------------------------------- Neue Forenbeiträge und "Happy Blog"-Inhalte belegen, dass die Erpresserbande um REvil zurück ist - und dass ihre Auszeit wohl nicht freiwillig war. --------------------------------------------- https://heise.de/-6190537 ∗∗∗ BazarLoader to Conti Ransomware in 32 Hours ∗∗∗ --------------------------------------------- Conti is a top player in the ransomware ecosystem, being listed as 2nd overall in the Q2 2021 Coveware ransomware report. The groups deploying this RaaS have only grown [...] --------------------------------------------- https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-… ∗∗∗ Incident response analyst report 2020 ∗∗∗ --------------------------------------------- We deliver a range of services: incident response, digital forensics and malware analysis. Data in the report comes from our daily practices with organizations seeking assistance with full-blown incident response or complementary expert activities for their internal incident response teams. --------------------------------------------- https://securelist.com/incident-response-analyst-report-2020/104080/ ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Code execution vulnerability in Nitro Pro PDF ∗∗∗ --------------------------------------------- Cisco Talos recently discovered a vulnerability in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application. --------------------------------------------- https://blog.talosintelligence.com/2021/09/nitro-pro-code-execution.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (qemu and thunderbird), Fedora (chromium, firefox, and mosquitto), openSUSE (apache2-mod_auth_openidc, gifsicle, openssl-1_1, php7-pear, and wireshark), Oracle (oswatcher), Red Hat (cyrus-imapd, firefox, and thunderbird), SUSE (apache2-mod_auth_openidc, compat-openssl098, php7-pear, and wireshark), and Ubuntu (git and linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon). --------------------------------------------- https://lwn.net/Articles/869103/ ∗∗∗ Update - Kritische Sicherheitslücke in der Microsoft MSHTML Komponente - Workarounds verfügbar, Exploits veröffentlicht ∗∗∗ --------------------------------------------- Update: 13. September 2021 / Beschreibung Microsoft hat außerhalb des üblichen Patch-Zyklus eine Warnung über eine Sicherheitslücke in der MSHTML Komponente veröffentlicht. Diese kann von Angreifer:innen durch entsprechend präparierte Microsoft Office-Dokumente ausgenutzt werden - laut Microsoft sind solche Dokumente bereits im Umlauf. --------------------------------------------- https://cert.at/de/warnungen/2021/9/kritische-sicherheitslucke-in-der-micro… ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to CSV Injection (CVE-2021-20509) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2021 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in ICU libraries used in IBM DataPower Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in the AIX kernel (CVE-2021-29727, CVE-2021-29801, CVE-2021-29862) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-ai… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security SOAR (CVE-2021-2341, CVE-2021-2369) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… ∗∗∗ Security Bulletin: Input Validation Vulnerability in Apache Commons Codec Affects IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-input-validation-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.09.2021
by Daily end-of-shift report 10 Sep '21

10 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-09-2021 18:00 − Freitag 10-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ MSHTML-Schwachstelle CVE-2021-40444 kritischer als bekannt ∗∗∗ --------------------------------------------- Vor einigen Tagen hat Microsoft einen Sicherheitshinweis zur Schwachstelle CVE-2021-40444 in der in Windows enthaltenen MSHTML-Komponente offen gelegt. Es hieß, es gebe den Versuch, die Schwachstelle in freier Wildbahn über präparierte Office-Dokumente auszunutzen. Aber Office-Nutzer seien eigentlich durch die geschützte Ansicht vor dieser Bedrohung geschützt. Nun wird bekannt, dass dieser Schutz löchrig ist und oft nicht wirkt. --------------------------------------------- https://www.borncity.com/blog/2021/09/10/mshtml-schwachstelle-cve-2021-4044… ∗∗∗ A Look at iMessage in iOS 14 ∗∗∗ --------------------------------------------- [...] Given that it is also now almost exactly one year ago since we published the Remote iPhone Exploitation blog post series, in which we described how an iMessage 0-click exploit can work in practice and gave a number of suggestions on how similar attacks could be prevented in the future, now seemed like a great time to dig into the security improvements in iOS 14 in more detail and explore how Apple has hardened their platform against 0-click attacks. --------------------------------------------- https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14… ∗∗∗ August 2021’s Most Wanted Malware: Formbook Climbs into First Place ∗∗∗ --------------------------------------------- Check Point Research reports that the infostealer, Formbook, is the most prevalent malware while the banking trojan, Qbot, has dropped from the list all together. Our latest Global Threat Index for August 2021 has revealed that Formbook is now the most prevalent malware, taking over Trickbot, which has fallen into second following a three-month long [...] --------------------------------------------- https://blog.checkpoint.com/2021/09/10/august-2021s-most-wanted-malware-for… ∗∗∗ Meet Meris, the new 250,000-strong DDoS botnet terrorizing the internet ∗∗∗ --------------------------------------------- A new botnet consisting of an estimated 250,000 malware-infected devices has been behind some of the biggest DDoS attacks over the summer, breaking the record for the largest volumetric DDoS attack twice, once in June and again this month. --------------------------------------------- https://therecord.media/meet-meris-the-new-250000-strong-ddos-botnet-terror… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitspatch: WordPress-Entwickler raten zu zügigem Update ∗∗∗ --------------------------------------------- Das Content Management System WordPress ist über mehrere Sicherheitslücken angreifbar. --------------------------------------------- https://heise.de/-6188735 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, ghostscript, ntfs-3g, and postorius), Fedora (java-1.8.0-openjdk-aarch32, libtpms, and salt), openSUSE (libaom, libtpms, and openssl-1_0_0), Red Hat (openstack-neutron), SUSE (grilo, java-1_7_0-openjdk, libaom, libtpms, mariadb, openssl-1_0_0, openssl-1_1, and php74-pear), and Ubuntu (firefox and ghostscript). --------------------------------------------- https://lwn.net/Articles/868863/ ∗∗∗ AVEVA PCS Portal ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Uncontrolled Search Path Element vulnerability in AVEVA PCS Portal sofware. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-252-01 ∗∗∗ Delta Electronics DOPSoft 2 ∗∗∗ --------------------------------------------- This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-Bounds Write, and Heap-based Buffer Overflow vulnerabilities in Delta Electronics DOPSoft 2 HMI editing software. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02 ∗∗∗ Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU ∗∗∗ --------------------------------------------- This advisory is a follow-up to a CISA product update titled ICS-ALERT-19-225-01 Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU (Update A) published September 10, 2019, on the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for OS Command Injection, Improper Access Control, Cross-site Scripting, Use of Hard-coded Credentials, Unprotected Storage of Credentials, and Incorrect Default Permissions vulnerabilities in select Mitsubishi Electric firmware. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-252-03 ∗∗∗ Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2021-3712) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2021-3711) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-aff… ∗∗∗ Stack Buffer Overflow Vulnerabilities in QTS, QuTS hero, and QuTScloud ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-33 ∗∗∗ Stack Buffer Overflow Vulnerability in QUSBCam2 ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-34 ∗∗∗ Stack-Based Buffer Overflow Vulnerabilities in NVR Storage Expansion ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-36 ∗∗∗ Insufficiently Protected Credentials in QSW-M2116P-2T2S and QuNetSwitch ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-37 ∗∗∗ Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-03 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.09.2021
by Daily end-of-shift report 09 Sep '21

09 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-09-2021 18:00 − Donnerstag 09-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Ransomware: Erpressungs-Website der "REvil"-Gang plötzlich wieder online ∗∗∗ --------------------------------------------- Die Gang, deren Kaseya-Lieferkettenangriff Schlagzeilen machte, war Mitte Juli von der Bildfläche verschwunden - nun ist ihre Tor-Onion-Leak-Site wieder aktiv. --------------------------------------------- https://heise.de/-6187682 ∗∗∗ Betrügerische Streaming-Plattformen verschicken ungerechtfertigte Zahlungsaufforderungen! ∗∗∗ --------------------------------------------- Zahlreiche InternetnutzerInnen stolpern bei der Suche nach Hollywood-Blockbustern auf Webseiten wie kinox.su, justhdfilme.com oder kinox-deutsch.com. Wer auf einer solchen Seite versucht einen Film zu schauen, wird auf weitere betrügerische Websites wie luguplay.de, playnate.de oder rubuplay.de weitergeleitet. Nach einer angeblich kostenlosen Anmeldung auf diesen Seiten, können Sie sich keinen Film ansehen - stattdessen erhalten Sie Rechnungen und Mahnungen. Zahlen Sie auf keinen Fall! --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-streaming-plattformen… ∗∗∗ Fortinet warns customers after hackers leak passwords for 87,000 VPNs ∗∗∗ --------------------------------------------- Networking equipment vendor Fortinet has notified customers today that a cybercriminal gang has assembled a collection of access credentials for more than 87,000 FortiGate SSL-VPN devices. "This incident is related to an old vulnerability resolved in May 2019," the company said in a blog post following an inquiry from The Record sent on Tuesday, when a small portion of this larger list was published on a private cybercrime forum hosted on the dark web, and later on the website of a ransomware gang, [...] --------------------------------------------- https://therecord.media/fortinet-warns-customers-after-hackers-leak-passwor… ∗∗∗ Microsoft fixes bug letting hackers take over Azure containers ∗∗∗ --------------------------------------------- Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malicious container to take over containers belonging to other customers on the platform. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-fixes-bug-letting-… ∗∗∗ Updates to Our Datafeeds/API, (Thu, Sep 9th) ∗∗∗ --------------------------------------------- Most of the data we are collecting is freely available via our API. For quick documentation, see https://isc.sans.edu/api. One particular popular feed is our list of "Researcher IPs." These are IP addresses connected to commercial and academic projects that scan the internet. These scans can account for a large percentage of your unsolicited inbound activity. One use of this feed is to add "color to your logs" by enriching your log data from this feed. --------------------------------------------- https://isc.sans.edu/diary/rss/27824 ∗∗∗ Multistage WordPress Redirect Kit ∗∗∗ --------------------------------------------- Recently, one of our analysts @kpetku came across a series of semi-randomised malware injections in multiple WordPress environments. Typical of spam redirect infections, the malware redirects visitors by calling malicious files hosted on third party infected websites. Interestingly, the infection stores itself as encoded content in the database and is called through random functions littered throughout plugin files using a very common wordpress function “get_option”. --------------------------------------------- https://blog.sucuri.net/2021/09/multistage-wordpress-redirect-kit.html ∗∗∗ Get Ready for PYSA Ransomware Attacks Against Linux Systems ∗∗∗ --------------------------------------------- Linux is increasingly targeted by ransomware. Researchers have now detected indications that the PYSA ransomware, often also known as Mespinoza, is also being readied for Linux targets. read more --------------------------------------------- https://www.securityweek.com/get-ready-pysa-ransomware-attacks-against-linu… ∗∗∗ Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja ∗∗∗ --------------------------------------------- Parallels Desktop uses a paravirtual PCI device called the “Parallels ToolGate” for communication between guest and host OS. This device is identified by Vendor ID 0x1AB8 and Device ID 0x4000 in a Parallels guest. The guest driver provided as part of Parallels Tools and the host virtual device communicate using a ToolGate messaging protocol. To provide a summary, the guest driver prepares a message and writes the physical address of the message to [...] --------------------------------------------- https://www.thezdi.com/blog/2021/9/9/analysis-of-a-parallels-desktop-stack-… ∗∗∗ When the Cyberthreat Comes from the Inside ∗∗∗ --------------------------------------------- Would you like to earn millions of dollars? The LockBit 2.0 ransomware are now trying to recruit insiders – and there is no reason to believe that your company wouldn’t be targeted. The global competitive framework has changed significantly: hybrid warfare with methods like infiltration and espionage will be an imminent threat against the strategic environment for the foreseeable future. --------------------------------------------- https://blog.truesec.com/2021/09/08/when-the-cyberthreat-comes-from-the-ins… ===================== = Vulnerabilities = ===================== ∗∗∗ OpenVPN for Linux and FreeBSD: Schwachstelle ermöglicht Umgehung von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Linux und OpenVPN ausnutzen, um einen Denial of Service zu verursachen oder Sicherheitsvorkehrungen zu umgehen --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0944 ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco hat zehn Security Advisories veröffentlicht. Keine der darin behobenen Schwachstellen wird als "critical" eingestuft, vier als "high". --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ ABB: EIBPORT several CVEs ABBVREP0049_R9120 ∗∗∗ --------------------------------------------- ABB is aware of vulnerabilities in the product versions listed above. A firmware update is available that resolves these privately reported vulnerabilities in the product versions listed above. An attacker who successfully exploited these vulnerabilities could access sensitive information stored inside the device and can access the device with root privileges. CVE-IDs: CVE-2021-28909, CVE-2021-28910, CVE-2021-28911, CVE-2021-28912, CVE-2021-28913, CVE-2021-28914 --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A7304&Lan… ∗∗∗ GitHub entdeckt sieben Sicherheitslücken in Node.js Packages ∗∗∗ --------------------------------------------- In einem Rahmen Bug-Bounty-Programm hat GitHub Schwachstellen aufgedeckt und bietet Handlungsanweisungen für betroffene Nutzer. --------------------------------------------- https://heise.de/-6187785 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (lynx, matrix-synapse, and proftpd), openSUSE (ntfs-3g_ntfsprogs), Oracle (kernel), Red Hat (RHV-H), Scientific Linux (kernel), and Ubuntu (libapache2-mod-auth-mellon, linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-hwe-5.11, linux-kvm, linux-oracle, linux-oracle-5.11, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, [...] --------------------------------------------- https://lwn.net/Articles/868743/ ∗∗∗ Intel processor vulnerabilities CVE-2021-0086 and CVE-2021-0089 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41043270?utm_source=f5support&utm_mediu… ∗∗∗ SaltStack Salt: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0946 ∗∗∗ WordPress: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0948 ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210908… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2021-20427) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Security vulnerabilitiy has been fixed in IBM Security Identity Manager (CVE-2021-29692) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilitiy-h… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OpenLDAP vulnerability (CVE-2020-25692) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory (CVE-2021-2161) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nx-os-fi… ∗∗∗ Security Bulletin: Security vulnerabilitiy has been identified in IBM® Java SDK that affect IBM Security Directory Suite (CVE-2021-2161) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilitiy-h… ∗∗∗ Security Bulletin: Container Environment Vulnerabilities Affect IBM Secure Proxy (CVE-2020-14298, CVE-2020-14300) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-container-environment-vul… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Reliance on Untrusted Inputs in Security Descision ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Weak Password Policy vulnerability (CVE-2021-20418) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.09.2021
by Daily end-of-shift report 08 Sep '21

08 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-09-2021 18:00 − Mittwoch 08-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ vaxcontrolgroup.com: Nutzlose Studie und Scheckkarte für Nichtgeimpfte ∗∗∗ --------------------------------------------- Auf vaxcontrolgroup.com bewirbt die „Vaccine Control Group“ eine angebliche Studie, in der Nichtgeimpfte auf der ganzen Welt als Kontrollgruppe herangezogen werden sollen. Die Studie ist wissenschaftlich als unbrauchbar zu bewerten. Ein beworbener Ausweis im Scheckkartenformat, der eine Verpflichtung zur Nichtimpfung bestätigen soll, ist kostenpflichtig und nutzlos! --------------------------------------------- https://www.watchlist-internet.at/news/vaxcontrolgroupcom-nutzlose-studie-u… ===================== = Vulnerabilities = ===================== ∗∗∗ HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack ∗∗∗ --------------------------------------------- A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks. Tracked as CVE-2021-40346.. --------------------------------------------- https://thehackernews.com/2021/09/haproxy-found-vulnerable-to-critical.html ∗∗∗ ZDI: Mehrere Lücken in Parallels Desktop ∗∗∗ --------------------------------------------- Toolgate Uncontrolled Memory Allocation Privilege Escalations: * CVE-2021-34869 http://www.zerodayinitiative.com/advisories/ZDI-21-1057/ * CVE-2021-34868 http://www.zerodayinitiative.com/advisories/ZDI-21-1056/ * CVE-2021-34867 http://www.zerodayinitiative.com/advisories/ZDI-21-1055/ --------------------------------------------- ∗∗∗ Fortinet Security Advisories September 2021 ∗∗∗ --------------------------------------------- Fortinet hat eine Reihe von Security Advisories zu diversen Problemen/Produkten veröffentlicht. Eine Übersicht findet sich auf der Fortinet PSIRT Webseite. --------------------------------------------- https://www.fortiguard.com/psirt-monthly-advisory/september-2021-vulnerabil… ∗∗∗ September 7, 2021 TNS-2021-15 [R1] Nessus Agent 8.3.1 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- Nessus Agent 8.3.0 and earlier were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. --------------------------------------------- http://www.tenable.com/security/tns-2021-15 ∗∗∗ Android Security Bulletin - September 2021 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2021-09-05 or later address all of these issues. --------------------------------------------- https://source.android.com/security/bulletin/2021-09-01 ∗∗∗ Xen XSA-384 - Another race in XENMAPSPACE_grant_table handling ∗∗∗ --------------------------------------------- A malicious guest may be able to elevate its privileges to that of the host, cause host or guest Denial of Service (DoS), or cause information leaks. All Xen versions from 4.0 onwards are affected. Xen versions 3.4 and older are not affected. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-384.html ∗∗∗ Citrix Hypervisor Security Update ∗∗∗ --------------------------------------------- Several security issues have been discovered in Citrix Hypervisor that, collectively, may allow privileged code in a guest VM to compromise or crash the host. Citrix has released hotfixes to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule allows --------------------------------------------- https://support.citrix.com/article/CTX325319 ∗∗∗ Microsoft Releases Mitigations and Workarounds for CVE-2021-40444 ∗∗∗ --------------------------------------------- Microsoft has released mitigations and workarounds to address a remote code execution vulnerability (CVE-2021-40444) in Microsoft Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. This vulnerability has been detected in exploits in the wild. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/microsoft-release… ∗∗∗ Zoho Releases Security Update for ADSelfService Plus ∗∗∗ --------------------------------------------- Zoho has released a security update on a vulnerability (CVE-2021-40539) affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/zoho-releases-sec… ∗∗∗ Security Bulletin: CVE-2021-2161 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2161-may-affect-… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-2773) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: A security vulnerability has been fixed in IBM Security Identity Manager Virtual Appliance (CVE-2018-15494) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-14782) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: CVE-2021-2161 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2161-may-affect-… ∗∗∗ Security Bulletin: CVE-2021-2161 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2161-may-affect-… ∗∗∗ Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager (CVE-2021-29687, CVE-2021-29688) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Identity Manager Password Synchronization Plug-in for Windows AD affected by multiple vulnerabilities (CVE-2021-20483, CVE-2021-20488) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-man… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-14781) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: CVE-2021-2161 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2161-may-affect-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in OpenSSL may affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: CVE-2020-1971 vulnerability in OpenSSL may affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-1971-vulnerabili… ∗∗∗ Security Bulletin: Security vulnerabilitiy has been fixed in IBM Security Identity Manager (93519) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilitiy-h… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Identity Manager deprecated Self Service UI contains Struts V1 (CVE-2016-1182) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-man… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in OpenSSL may affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.09.2021
by Daily end-of-shift report 07 Sep '21

07 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Montag 06-09-2021 18:00 − Dienstag 07-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server ∗∗∗ --------------------------------------------- The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. [...] "At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected," the company said in a statement published over the weekend. --------------------------------------------- https://thehackernews.com/2021/09/latest-atlassian-confluence-flaw.html ∗∗∗ Firefox 92 und ESR-Versionen bringen wichtige Sicherheitsupdates mit ∗∗∗ --------------------------------------------- Die neuen Versionen des Browsers nebst Extended Support Releases umfassen nicht nur funktionale Neuerungen, sondern auch Sicherheitslücken-Fixes. --------------------------------------------- https://heise.de/-6185311 ∗∗∗ online-handelsregister.eu bucht für einen Handelsregisterauszug über 750 Euro ab ∗∗∗ --------------------------------------------- Für einen Handelsregisterauszug verrechnet das Unternehmen hinter online-handelsregister.eu zusätzlich 749,00 Euro – angeblich für die Freischaltung des Portals. Opfern ist meist nicht bewusst, wie dieser Betrag zu Stande kam. Eines ist klar: online-handelsregister.eu geht nicht seriös vor und hat diesen Betrag ohne Berechtigung abgezogen, denn beim Kaufabschluss wurde die sogenannte Button-Lösung nicht eingehalten. --------------------------------------------- https://www.watchlist-internet.at/news/online-handelsregistereu-bucht-fuer-… ===================== = Vulnerabilities = ===================== ∗∗∗ Ghostscript Zero-Day Allows Full Server Compromises ∗∗∗ --------------------------------------------- Proof-of-concept exploit code was published online over the weekend for an unpatched Ghostscript vulnerability that puts all servers that rely on the component at risk of attacks. From a report: Published by Vietnamese security researcher Nguyen The Duc, the proof-of-concept code is available on GitHub and was confirmed to work by several of todays leading security researchers. --------------------------------------------- https://it.slashdot.org/story/21/09/07/1532205/ghostscript-zero-day-allows-… ∗∗∗ Netgear schließt Sicherheitslücken in 20 Switches ∗∗∗ --------------------------------------------- Wenn die Voraussetzungen stimmen, könnten Angreifer die Kontrolle über Netgear-Switches erlangen. Sicherheitsupdates sind verfügbar. --------------------------------------------- https://heise.de/-6184272 ∗∗∗ Lücken in Gutenberg-Template-Plug-in gefährden eine Million WordPress-Websites ∗∗∗ --------------------------------------------- Angreifer könnten WordPress-Websites mit dem Plug-in Gutenberg Template Library & Redux Framework attackieren. Ein Sicherheitspatch steht zum Download. --------------------------------------------- https://heise.de/-6184875 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (apache2, java-11-openjdk, libesmtp, nodejs10, ntfs-3g_ntfsprogs, openssl-1_1, xen, and xerces-c), Red Hat (kernel-rt and kpatch-patch), and SUSE (ntfs-3g_ntfsprogs and openssl-1_1). --------------------------------------------- https://lwn.net/Articles/868569/ ∗∗∗ Synology-SA-21:26 Photo Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to bypass security constraints via a susceptible version of Photo Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_21_26 ∗∗∗ Security Bulletin: A security vulnerability has been identified in Oracle Oct 2020 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14782) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dojo-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities have been identified in Oracle Jan 2021 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14803) (CVE-2020-27221) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: A security vulnerability has been identified in Oracle Oct 2020 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-2773) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: Vulnerability in Bind affects IBM Integrated Analytics System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities in OpenSSL may affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: CVE-2020-1971 vulnerability in OpenSSL may affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-1971-vulnerabili… ∗∗∗ Security Bulletin: Multiple vulnerabilities have been identified in Oracle Oct 2020 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14779, CVE-2020-14792,CVE-2020-14796,CVE-2020-14797,CVE-2020-14798) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in OpenSSL may affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Mitsubishi Electric MELSEC iQ-R Series ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-250-01 ∗∗∗ Hitachi ABB Power Grids System Data Manager ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-250-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.09.2021
by Daily end-of-shift report 06 Sep '21

06 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-09-2021 18:00 − Montag 06-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Exchange-Server-Attacken reißen nicht ab - Angreifer installieren 7 Hintertüren ∗∗∗ --------------------------------------------- Wenn nicht längst geschehen, sollten Admins die ProxyShell-Lücken in Exchange Server durch die Installation von Sicherheitsupdates schließen. --------------------------------------------- https://heise.de/-6182364 ∗∗∗ Patch me if you can: Ransomware 3.0 - der Widerstand wächst ∗∗∗ --------------------------------------------- ITler jonglieren gern mit Zahlen, vor allem beim Reifegrad von Software. Bei Ransomware hat ein Versionssprung aber nichts Gutes zu bedeuten - oder doch? --------------------------------------------- https://heise.de/-6071696 ∗∗∗ Sourcecode von Erpressungstrojaner "Babuk Locker" geleakt ∗∗∗ --------------------------------------------- In einem russischen Hacker-Forum sind alle Bauteile für die Ransomware "Babuk Locker" aufgetaucht. Darunter könnten auch für Opfer interessante Schlüssel sein. --------------------------------------------- https://heise.de/-6182385 ∗∗∗ Ransomware gangs target companies using these criteria ∗∗∗ --------------------------------------------- Ransomware gangs increasingly purchase access to a victims network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomware-gangs-target-comp… ∗∗∗ The State of Incident Response: Measuring Risk and Evaluating Your Preparedness ∗∗∗ --------------------------------------------- Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster. --------------------------------------------- https://threatpost.com/incident-response-risk-preparedness/169211/ ∗∗∗ Traffic Exchange Networks Distributing Malware Disguised as Cracked Software ∗∗∗ --------------------------------------------- An ongoing campaign has been found to leverage a network of websites acting as a "dropper as a service" to deliver a bundle of malware payloads to victims looking for "cracked" versions of popular business and consumer applications. "These malware included an assortment of click fraud bots, other information stealers, and even ransomware," researchers from cybersecurity firm Sophos said [...] --------------------------------------------- https://thehackernews.com/2021/09/traffic-exchange-networks-distributing.ht… ===================== = Vulnerabilities = ===================== ∗∗∗ Proxies are complicated: RCE vulnerability in a 3 million downloads/week NPM package ∗∗∗ --------------------------------------------- Pac-Resolver, a widely used NPM dependency, had a high-severity RCE (Remote Code Execution) vulnerability that could allow network administrators or other malicious actors on your local network to remotely run arbitrary code inside your Node.js process whenever you tried to send an HTTP request. --------------------------------------------- https://httptoolkit.tech/blog/npm-pac-proxy-agent-vulnerability/ ∗∗∗ ‘Demon’s Cries’ authentication bypass patched in Netgear switches ∗∗∗ --------------------------------------------- Networking equipment vendor Netgear has patched three vulnerabilities in several of its smart switches that can allow threat actors to bypass authentication and take over devices. --------------------------------------------- https://therecord.media/demons-cries-authentication-bypass-patched-in-netge… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (btrbk, pywps, and squashfs-tools), Fedora (libguestfs, libss7, ntfs-3g, ntfs-3g-system-compression, partclone, testdisk, wimlib, and xen), Mageia (exiv2, golang, libspf2, and ruby-addressable), openSUSE (apache2, dovecot23, gstreamer-plugins-good, java-11-openjdk, libesmtp, mariadb, nodejs10, opera, python39, sssd, and xerces-c), and SUSE (apache2, java-11-openjdk, libesmtp, mariadb, nodejs10, python39, sssd, xen, and xerces-c). --------------------------------------------- https://lwn.net/Articles/868464/ ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Helm vulnerabilities ( CVE-2021-21303) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2020-1971 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL and Node.js vulnerabilities (CVE-2020-1971, CVE-2020-8287, CVE-2020-8265) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8554) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Java vulnerabilities (CVE-2020-14781) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Docker vulnerabilities (CVE-2021-21285, CVE-2021-21284) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: Multiple vulnerabilities in VMware affect IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Node.js lodash vulnerabilities (CVE-2021-23337) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: A Privilege Escalation vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool and its Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-privilege-escalation-vu… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2020-1968 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-3121) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8569) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2020-25649) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: A security vulnerability has been identified in Oracle Oct 2020 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14781) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Elastic vulnerabilities (CVE-2020-7020 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Java vulnerabilities (CVE-2020-2773) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.09.2021
by Daily end-of-shift report 03 Sep '21

03 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-09-2021 18:00 − Freitag 03-09-2021 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ A deep-dive into the SolarWinds Serv-U SSH vulnerability ∗∗∗ --------------------------------------------- We're sharing technical information about the vulnerability tracked as CVE-2021-35211, which was used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks. --------------------------------------------- https://www.microsoft.com/security/blog/2021/09/02/a-deep-dive-into-the-sol… ∗∗∗ From RpcView to PetitPotam ∗∗∗ --------------------------------------------- In the previous post we saw how to set up a Windows 10 machine in order to manually analyze Windows RPC with RpcView. In this post, we will see how the information provided by this tool can be used to create a basic RPC client application in C/C++. Then, we will see how we can reproduce the trick used in the PetitPotam tool. --------------------------------------------- https://itm4n.github.io/from-rpcview-to-petitpotam/ ∗∗∗ PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers ∗∗∗ --------------------------------------------- The Exploit Chain Explained - ProxyShell refers to a chain of attacks that exploit three different vulnerabilities affecting on-premises Microsoft Exchange servers to achieve pre-authenticated remote code execution (RCE). --------------------------------------------- http://www.fireeye.com/blog/threat-research/2021/09/proxyshell-exploiting-m… ∗∗∗ Jetzt patchen! Krypto-Miner schlüpft durch Confluence-Lücke ∗∗∗ --------------------------------------------- Angreifer nutzen derzeit aktiv eine kritische Sicherheitslücke in der Wiki-Software Confluence aus. Ein Sicherheitsupdate ist verfügbar. --------------------------------------------- https://heise.de/-6181023 ∗∗∗ From open Guest Wi-Fi to pwning a lift or why validating network segregation is critical ∗∗∗ --------------------------------------------- TL;DR A recent engagement took quite an unexpected turn and led to me having remote control of a bunch of building services including a lift from the street outside, unauthenticated. --------------------------------------------- https://www.pentestpartners.com/security-blog/from-open-guest-wi-fi-to-pwni… ∗∗∗ Shodan Verified Vulns 2021-09-01 ∗∗∗ --------------------------------------------- Mit 2021-09-01 sah die Lage laut den Daten in unserer Shodan-Datenbank wie folgt aus: Während der Großteil sich zu den Vormonaten wenig verändert hat, gibt es zwei größere Änderungen: * Im Zuge der BlackHat 2021 USA stellte der Sicherheitsforscher Orange Tsai eine neue Exploit-Chain gegen Microsoft Exchange Server vor, die "ProxyShell" genannt wurde... * Außerdem neu ist CVE-2021-31206, eine – wie auch ProxyShell – im Zuge des diesjährigen Pwn2Own-Contests der Zero Day Initiative gefundene Schwachstelle, die ebenfalls zu einer Remote-Code-Execution führen kann. --------------------------------------------- https://cert.at/de/aktuelles/2021/9/shodan-verified-vulns-2021-09-01 ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 19 Security Bulletins zu diversen Schwachstellen veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/2021/09/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (qemu), Fedora (condor, grilo, libopenmpt, opencryptoki, and php), openSUSE (xen), and SUSE (ffmpeg, file, php72, rubygem-addressable, and xen). --------------------------------------------- https://lwn.net/Articles/868282/ ∗∗∗ Microsoft Edge: Mehrere Schwachstelle ∗∗∗ --------------------------------------------- Edge ist ein Web Browser von Microsoft. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um einen Angriff mit unbekannten Auswirkungen durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0934 ∗∗∗ CVE-2021-2429: A Heap-based Buffer Overflow Bug in the MySQL InnoDB memcached Plugin ∗∗∗ --------------------------------------------- The vulnerability affects MySQL versions 8.0.25 and prior. It can be triggered remotely and without authentication. Attackers can leverage this vulnerability to execute arbitrary code on the MySQL database server. Oracle patched it in July and assigned it CVE-2021-2429, while ZDI’s identifier is ZDI-2021-889. ... Although the InnoDB memcached plugin is not enabled by default, it is nonetheless wise to apply the patch as soon as possible. It would not surprise me to see a reliable full exploit in the near future. --------------------------------------------- https://www.thezdi.com/blog/2021/9/2/cve-2021-2429-a-heap-based-buffer-over… ∗∗∗ 2021-06-03: Cybersecurity Advisory - Multiple Vulnerabilities in Automation Runtime NTP Service ∗∗∗ --------------------------------------------- https://www.br-automation.com/downloads_br_productcatalogue/assets/16212592… ∗∗∗ SECURITY - ABB Base Software for SoftControl Remote Code Execution vulnerability ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=2PAA122974&Language… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Elastic vulnerabilities (CVE-2020-7021 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Node.js lodash vulnerabilities (CVE-2020-28500) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL and Node.js vulnerabilities (CVE-2021-23840, CVE-2021-22884, CVE-2021-22883) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-27919, CVE-2021-27918) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2021-3449, CVE-2021-3450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Apache vulnerabilities (CVE-2021-26296) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… ∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Dojo vulnerabilities (CVE-2020-5258) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vuln… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.09.2021
by Daily end-of-shift report 02 Sep '21

02 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 01-09-2021 18:00 − Donnerstag 02-09-2021 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ How to block Windows Plug-and-Play auto-installing insecure apps ∗∗∗ --------------------------------------------- A trick has been discovered that prevents your device from being taken over by vulnerable Windows applications when devices are plugged into your computer. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/how-to-block-windows-plug-a… ∗∗∗ Team Cymru’s Threat Hunting Maturity Model Explained ∗∗∗ --------------------------------------------- In this four-part series, we’ll be looking at Team Cymru’s Threat Hunting Maturity Model. --------------------------------------------- https://team-cymru.com/blog/2021/09/02/team-cymrus-threat-hunting-maturity-… ∗∗∗ QakBot technical analysis ∗∗∗ --------------------------------------------- This report contains technical analysis of the Trojan-Banker named QakBot (aka QBot, QuackBot or Pinkslipbot) and its information stealing, web injection and other modules. --------------------------------------------- https://securelist.com/qakbot-technical-analysis/103931/ ∗∗∗ Analysis of a Phishing Kit (that targets Chase Bank) ∗∗∗ --------------------------------------------- Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by attackers. --------------------------------------------- https://blog.sucuri.net/2021/09/analysis-of-a-phishing-kit-that-targets-cha… ∗∗∗ Too Log; Didnt Read — Unknown Actor Using CLFS Log Files for Stealth ∗∗∗ --------------------------------------------- The Mandiant Advanced Practices team recently discovered a new malware family we have named PRIVATELOG and its installer, STASHLOG. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clf… ∗∗∗ Google Play sign-ins can be abused to track another person’s movements ∗∗∗ --------------------------------------------- We tried to help somebody install an app on an Android phone and stumbled on a way to track them instead. --------------------------------------------- https://blog.malwarebytes.com/awareness/2021/09/google-play-sign-ins-can-be… ∗∗∗ Translated: Talos insights from the recently leaked Conti ransomware playbook ∗∗∗ --------------------------------------------- Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti. --------------------------------------------- https://blog.talosintelligence.com/2021/09/Conti-leak-translation.html ∗∗∗ Vorsicht vor fit4fun-arena.de – zu günstig um wahr zu sein ∗∗∗ --------------------------------------------- Der Fake-Shop fit4fun-arena.de bietet unglaublich günstige Fahrräder und weitere Fitnessartikel an. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-fit4fun-arenade-zu-guen… ===================== = Vulnerabilities = ===================== ∗∗∗ Dateimanager Midnight Commander seit neun Jahren angreifbar ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für Midnight Commander. --------------------------------------------- https://heise.de/-6180301 ∗∗∗ Braktooth: Neue Bluetooth-Lücken bedrohen unzählige Geräte ∗∗∗ --------------------------------------------- Sicherheitsforscher haben mehrere Bluetooth-Schwachstellen entdeckt. Nicht alle Hersteller planen, Patches zu veröffentlichen. --------------------------------------------- https://heise.de/-6180540 ∗∗∗ Cisco beseitigt kritische Lücke aus Enterprise NFV Infrastructure Software ∗∗∗ --------------------------------------------- Jetzt updaten: Die Enterprise NFV Infrastructure Software (NFVIS) kann je nach Konfiguration aus der Ferne angreifbar sein. Aktualisierungen stehen bereit. --------------------------------------------- https://heise.de/-6180655 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (ffmpeg and gstreamer-plugins-good), SUSE (apache2, apache2-mod_auth_mellon, ffmpeg, gstreamer-plugins-good, libesmtp, openexr, rubygem-puma, xen, and xerces-c), and Ubuntu (openssl). --------------------------------------------- https://lwn.net/Articles/868155/ ∗∗∗ Recently Patched Confluence Vulnerability Exploited in the Wild ∗∗∗ --------------------------------------------- Hackers started exploiting a vulnerability in Atlassian’s Confluence enterprise collaboration product just one week after the availability of a patch was announced. --------------------------------------------- https://www.securityweek.com/recently-patched-confluence-vulnerability-expl… ∗∗∗ Cisco Nexus Insights Authenticated Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Johnson Controls Sensormatic Electronics Illustra ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-245-01 ∗∗∗ JTEKT TOYOPUC TCC-6353 PC10G-CPU ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-245-02 ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.09.2021
by Daily end-of-shift report 01 Sep '21

01 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 31-08-2021 18:00 − Mittwoch 01-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Kritische Root-Sicherheitslücke in Netzwerk-Videorekorder von Annke entdeckt ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für den Netzwerk-Videorekorder N48PBB von Annke. --------------------------------------------- https://heise.de/-6179374 ∗∗∗ Energiemanagementsystem DIAEnergie weist kritische Lücken auf ∗∗∗ --------------------------------------------- Wichtige Sicherheitsupdates für das industrielle Energiemanagementsystem DIAEnergie sind in Arbeit. Die US-Behörde CISA rät zwischenzeitlich zu Schutzmaßnahmen. --------------------------------------------- https://heise.de/-6179591 ∗∗∗ SMS: Vorsicht vor gefälschter Sendungsverfolgung ∗∗∗ --------------------------------------------- Kriminelle versenden momentan per SMS gefälschte Paketinformationen zu einer Bestellung. In der Nachricht heißt es, dass Ihr Paket nicht zugestellt werden konnte oder eine Sendungsverfolgung nun möglich ist. Sie werden aufgefordert, auf einen Link zu klicken. Achtung: Der Link führt in eine Internetfalle. --------------------------------------------- https://www.watchlist-internet.at/news/sms-vorsicht-vor-gefaelschter-sendun… ∗∗∗ STRRAT: a Java-based RAT that doesnt care if you have Java, (Wed, Sep 1st) ∗∗∗ --------------------------------------------- STRRAT was discovered earlier this year as a Java-based Remote Access Tool (RAT) that does not require a preinstalled Java Runtime Environment (JRE). It has been distributed through malicious spam (malspam) during 2021. Today's diary reviews an infection generated using an Excel spreadsheet discovered on Monday, 2021-08-30. --------------------------------------------- https://isc.sans.edu/diary/rss/27798 ∗∗∗ This is why the Mozi botnet will linger on ∗∗∗ --------------------------------------------- The botnet continues to haunt IoT devices, and likely will for some time to come. --------------------------------------------- https://www.zdnet.com/article/this-is-why-the-mozi-botnet-will-linger-on/ ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 52 Security Bulletins zu diversen Schwachstellen veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/2021/08/ ∗∗∗ Mehrere Schwachstellen in Moxa Netzwerkgeräten ∗∗∗ --------------------------------------------- Mehrere Geräte, entwickelt von MOXA Inc., sind anfällig auf verschiedene Schwachstellen wie Command Injection und Cross-Site Scripting in der Config-Upload Funktion. Des weiteren wurde veraltete Software identifiziert und eine Stichprobe (CVE-2015-0235) davon wurde auch mithilfe eines öffentlichen exploits getestet. Alle Schwachstellen wurden durch Emulation des Gerätes mit der MEDUSA scalable firmware runtime verifiziert. --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/mehrere-schwachstelle… ∗∗∗ Over 1 Million Sites Affected by Gutenberg Template Library & Redux Framework Vulnerabilities ∗∗∗ --------------------------------------------- On August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed on over 1 million WordPress sites. One vulnerability allowed users with lower permissions, such as contributors, to install and activate arbitrary plugins and delete any [...] --------------------------------------------- https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-red… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind, GNOME, hivex, kernel, and sssd), Debian (gpac and squashfs-tools), Fedora (c-ares and openssl), openSUSE (dovecot23), Oracle (bind, hivex, kernel, and sssd), Red Hat (kernel), Scientific Linux (bind, hivex, kernel, libsndfile, libX11, and sssd), Slackware (ntfs), SUSE (dovecot23), and Ubuntu (ntfs-3g). --------------------------------------------- https://lwn.net/Articles/868015/ ∗∗∗ Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack ∗∗∗ --------------------------------------------- A serious vulnerability affecting the Linphone Session Initiation Protocol (SIP) client suite can allow malicious actors to remotely crash applications, industrial cybersecurity firm Claroty warned on Tuesday. read more --------------------------------------------- https://www.securityweek.com/vulnerability-allows-remote-dos-attacks-agains… ∗∗∗ Sensormatic Electronics KT-1 ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Use of Unmaintained Third-party Components vulnerability in Sensormatic Electronics KT-1 Ethernet-ready single-door controller. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-243-01 ∗∗∗ Philips Patient Monitoring Devices (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSMA-20-254-01 Philips Patient Monitoring Devices that was published September 10, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate Revocation, Improper Handling of Length Parameter Inconsistency, Improper Validation of Syntactic Correctness of Input, [...] --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 ∗∗∗ Node.js: Mehrere Schwachstellen ermöglichen Manipulation von Dateien ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0932 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.08.2021
by Daily end-of-shift report 31 Aug '21

31 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Montag 30-08-2021 18:00 − Dienstag 31-08-2021 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs ∗∗∗ --------------------------------------------- Cybercriminals are making strides towards attacks with malware that executes code from the graphics processing unit (GPU) of a compromised system. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-… ∗∗∗ LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection ∗∗∗ --------------------------------------------- Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems. --------------------------------------------- https://threatpost.com/lockfile-ransomware-avoid-detection/169042/ ∗∗∗ Top 3 APIs Vulnerabilities: Why Apps are Owned by Cyberattackers ∗∗∗ --------------------------------------------- Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them. --------------------------------------------- https://threatpost.com/top-3-api-vulnerabilities-cyberattackers/169048/ ∗∗∗ BrakTooth: Impacts, Implications and Next Steps, (Tue, Aug 31st) ∗∗∗ --------------------------------------------- Today, the Automated Systems SEcuriTy (ASSET) Research Group from the Singapore University of Technology and Design (SUTD) revealed the BrakTooth family of vulnerabilities in commercial Bluetooth (BT) Classic stacks for various System-on-Chips (SoC). --------------------------------------------- https://isc.sans.edu/diary/rss/27802 ∗∗∗ Code Generated by GitHub Copilot Can Introduce Vulnerabilities: Researchers ∗∗∗ --------------------------------------------- A group of researchers has discovered that roughly 40% of the code produced by the GitHub Copilot language model is vulnerable. --------------------------------------------- https://www.securityweek.com/code-generated-github-copilot-can-introduce-vu… ∗∗∗ SWR-Verbrauchermagazin „Marktcheck“ warnt vor Fake-Shops auf Instagram ∗∗∗ --------------------------------------------- Betrügerische Online-Shops schalten im großen Stil auf Social-Media-Plattformen wie Instagram Werbeanzeigen. --------------------------------------------- https://www.watchlist-internet.at/news/swr-verbrauchermagazin-marktcheck-wa… ∗∗∗ DNS Rebinding Attack: How Malicious Websites Exploit Private Networks ∗∗∗ --------------------------------------------- DNS rebinding allows attackers to take advantage of web-based consoles to exploit internal networks by abusing the domain name system. --------------------------------------------- https://unit42.paloaltonetworks.com/dns-rebinding/ ∗∗∗ Cyberattackers are now quietly selling off their victims internet bandwidth ∗∗∗ --------------------------------------------- Proxyware is yet another way for criminals to generate revenue from their victims. --------------------------------------------- https://www.zdnet.com/article/cyberattackers-are-now-quietly-selling-off-th… ===================== = Vulnerabilities = ===================== ∗∗∗ NAS und Sicherheit: Qnap und Synology von OpenSSL-Lücke betroffen ∗∗∗ --------------------------------------------- Produkte beider NAS-Hersteller sind von einer bereits geschlossenen OpenSSL-Lücke betroffen. Sie arbeiten an einem Fix. --------------------------------------------- https://www.golem.de/news/nas-und-sicherheit-qnap-und-synology-von-openssl-… ∗∗∗ HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform ∗∗∗ --------------------------------------------- HPE joins Apple in warning customers of a high-severity Sudo vulnerability. --------------------------------------------- https://threatpost.com/hpe-sudo-bug-aruba-platform/169038/ ∗∗∗ Kritische Rechte-Lücke in PostgreSQL-Modul geschlossen ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für das set_user-Extension-Modul der Open-Source-Datenbank PostgreSQL. --------------------------------------------- https://heise.de/-6177973 ∗∗∗ CPU-Sicherheitslücke: AMD Ryzen und Epyc per Seitenkanal verwundbar ∗∗∗ --------------------------------------------- Sicherheitsforscher der TU Dresden beweisen, dass komplizierte Angriffe der Meltdown-Klasse grundsätzlich auch bei AMDs Ryzen-Prozessoren funktionieren. --------------------------------------------- https://heise.de/-6178386 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libsndfile and libX11), Debian (ledgersmb, libssh, and postgresql-9.6), Fedora (squashfs-tools), openSUSE (389-ds, nodejs12, php7, spectre-meltdown-checker, and thunderbird), Oracle (kernel, libsndfile, and libX11), Red Hat (bind, cloud-init, edk2, glibc, hivex, kernel, kernel-rt, kpatch-patch, microcode_ctl, python3, and sssd), SUSE (bind, mysql-connector-java, nodejs12, sssd, and thunderbird), and Ubuntu (apr, squashfs-tools, thunderbird, [...] --------------------------------------------- https://lwn.net/Articles/867917/ ∗∗∗ Companies Release Security Advisories in Response to New OpenSSL Vulnerabilities ∗∗∗ --------------------------------------------- Updates announced by the OpenSSL Project on August 24 patched CVE-2021-3711, a high-severity buffer overflow related to SM2 decryption, and CVE-2021-3712, a medium-severity flaw that can be exploited for denial-of-service (DoS) attacks, and possibly for the disclosure of private memory contents. --------------------------------------------- https://www.securityweek.com/companies-release-security-advisories-response… ∗∗∗ Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems ∗∗∗ --------------------------------------------- Researchers at cybersecurity firm Rapid7 have identified a couple of vulnerabilities that they claim can be exploited by hackers to remotely disarm one of the home security systems offered by Fortress Security Store. --------------------------------------------- https://www.securityweek.com/vulnerabilities-can-allow-hackers-disarm-fortr… ∗∗∗ Crashing SIP Clients with a Single Slash ∗∗∗ --------------------------------------------- Claroty’s Team82 has disclosed a vulnerability in Belledonne Communications’ Linphone SIP Protocol Stack. --------------------------------------------- https://claroty.com/2021/08/31/blog-research-crashing-sip-clients-with-a-si… ∗∗∗ Synology-SA-21:25 DSM ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_21_25 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily