===================== = End-of-Day report = =====================
Timeframe: Montag 09-08-2021 18:00 − Dienstag 10-08-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ eCh0raix ransomware now targets both QNAP and Synology NAS devices ∗∗∗ --------------------------------------------- A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ech0raix-ransomware-now-targe...
∗∗∗ Team Cymru’s Threat Hunting Maturity Model Explained ∗∗∗ --------------------------------------------- In this four part series we’ll be looking at Team Cymru’s Threat Hunting Maturity Model. --------------------------------------------- https://team-cymru.com/blog/2021/08/09/team-cymrus-threat-hunting-maturity-m...
∗∗∗ Chaos Malware Walks Line Between Ransomware and Wiper ∗∗∗ --------------------------------------------- The dangerous malware has been rapidly developed since June and could be released into the wild soon. --------------------------------------------- https://threatpost.com/chaos-malware-ransomware-wiper/168520/
∗∗∗ Vulnerability Management Resources ∗∗∗ --------------------------------------------- SANS Vulnerability Management Resources collected in one place for easy access. --------------------------------------------- https://www.sans.org/blog/vulnerability-management-resources
∗∗∗ XLSM Malware with MacroSheets ∗∗∗ --------------------------------------------- Excel-based malware has been around for decades and has been in the limelight in recent years. --------------------------------------------- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/xlsm-malware-with-macro...
∗∗∗ Gefälschtes E-Mail der Post im Umlauf ∗∗∗ --------------------------------------------- Sie warten auf ein Paket? Dann nehmen Sie sich vor gefälschten Benachrichtigungen der Post in Acht. BetrügerInnen behaupten in einer E-Mail, dass Ihr Paket nicht zugestellt werden konnte und Sie über einen Link einen weiteren Zustellversuch anfordern müssen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschtes-e-mail-der-post-im-umlau...
===================== = Vulnerabilities = =====================
∗∗∗ Root-Lücke in VPN-Lösung Pulse Connect Secure als Schadcode-Schlupfloch ∗∗∗ --------------------------------------------- Ein wichtiges Sicherheitsupdates schließt Schwachstellen in der Fernzugriff-Software Pulse Connect Secure. --------------------------------------------- https://heise.de/-6159492
∗∗∗ Firefox und Firefox ESR gegen verschiedene Attacken abgesichert ∗∗∗ --------------------------------------------- Mozilla hat mehrere Sicherheitslücken in seinem Webbrowser Firefox geschlossen. --------------------------------------------- https://heise.de/-6160037
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (flatpak and microcode_ctl), Debian (c-ares, lynx, openjdk-8, and tomcat9), Fedora (kernel), openSUSE (apache-commons-compress, aria2, djvulibre, fastjar, kernel, libvirt, linuxptp, mysql-connector-java, nodejs8, virtualbox, webkit2gtk3, and wireshark), Oracle (kernel, kernel-container, and microcode_ctl), Red Hat (glib2, kernel, kernel-rt, kpatch-patch, and rust-toolset-1.52 and rust-toolset-1.52-rust), Scientific Linux (microcode_ctl), [...] --------------------------------------------- https://lwn.net/Articles/865872/
∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- Adobe has released security updates to address vulnerabilities in multiple Adobe products. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/adobe-releases-sec...
∗∗∗ WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN65388002/
∗∗∗ SSA-938030: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-938030.txt
∗∗∗ SSA-865327: Incorrect Authorization Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-865327.txt
∗∗∗ SSA-830194: Missing Authentication Vulnerability in S7-1200 Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-830194.txt
∗∗∗ SSA-818688: Multiple Vulnerabilities in Solid Edge before SE2021MP7 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-818688.txt
∗∗∗ SSA-756744: OS Command Injection Vulnerability in SINEC NMS ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-756744.txt
∗∗∗ SSA-679335: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-679335.txt
∗∗∗ SSA-553445: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-553445.txt
∗∗∗ SSA-365397: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-365397.txt
∗∗∗ SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-309571.txt
∗∗∗ SSA-158827: Denial-of-Service Vulnerability in Automation License Manager ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-158827.txt
∗∗∗ Security Bulletin: A vulnerability in glibc impacts IBM Watson™ Speech Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-glibc-i...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct File Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-jav...
∗∗∗ Security Bulletin: IBM Planning Analytics Spreadsheet Services is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-spr...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ Security Bulletin: Vulnerability in self-service console affects IBM Cloud Pak System (CVE-2021-20478) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-self-serv...
∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-a...
∗∗∗ XSA-357 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-357.html
∗∗∗ TYPO3 Core: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0842
∗∗∗ SAP Patchday August 2021: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0847
∗∗∗ Citrix ShareFile storage zones controller security update ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX322787
∗∗∗ XML External Entity Expansion in MobileTogether Server ∗∗∗ --------------------------------------------- https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-002/