===================== = End-of-Day report = =====================
Timeframe: Freitag 23-07-2021 18:00 − Montag 26-07-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner
===================== = News = =====================
∗∗∗ Windows-Netze verwundbar für Relay-Angriff PetitPotam ∗∗∗ --------------------------------------------- Forscher demonstrieren einen neuen Weg, sich zum König einer Windows-Domäne aufzuschwingen. Microsoft zuckt mit den Achseln und verweist auf Härtungsmaßnahmen. --------------------------------------------- https://heise.de/-6147467
∗∗∗ GitLab schickt Package Hunter auf die Jagd nach Schadcode ∗∗∗ --------------------------------------------- Das neue Open-Source-Tool Package Hunter soll Schadcode in Dependencies erkennen können. --------------------------------------------- https://heise.de/-6147526
∗∗∗ No More Ransom: We Prevented Ransomware Operators From Earning $1 Billion ∗∗∗ --------------------------------------------- No More Ransom is celebrating its 5th anniversary and the project says it has helped more than 6 million ransomware victims recover their files and prevented cybercriminals from earning roughly $1 billion. No More Ransom is a joint effort of law enforcement and cybersecurity companies whose goal is to help victims of ransomware attacks recover their files without having to pay the ransom demanded by criminals. --------------------------------------------- https://www.securityweek.com/no-more-ransom-we-prevented-ransomware-operator...
∗∗∗ Microsoft warns of weeks-long malspam campaign abusing HTML smuggling ∗∗∗ --------------------------------------------- The Microsoft security team said it detected a weeks-long email spam campaign abusing a technique known as “HTML smuggling” to bypass email security systems and deliver malware to user devices. HTML smugging, as explained by SecureTeam and Outflank, is a technique that allows threat actors to assemble malicious files on users’ device by clever use of HTML5 and JavaScript code. --------------------------------------------- https://therecord.media/microsoft-warns-of-weeks-long-malspam-campaign-abusi...
∗∗∗ RemotePotato0: Privilege Escalation-Schwachstelle im Windows RPC Protocol ∗∗∗ --------------------------------------------- Jedes Windows-System ist anfällig für eine bestimmte NTLM-Relay-Attacke, die es Angreifern ermöglichen könnte, die Privilegien vom Benutzer zum Domain-Admin zu erweitern. Diese Schwachstelle besitzt den Status „wird nicht behoben“ und war Gegenstand des PetitPotam-Ansatzes, den ich am Wochenende thematisiert hatte. Nun hat Antonio Cocomazzi auf die RemotePotato0 genannte Schwachstelle hingewiesen. Diese verwendet das Windows RPC Protocol für eine Privilegien-Ausweitung. --------------------------------------------- https://www.borncity.com/blog/2021/07/26/remotepotato0-privilege-escalation-...
===================== = Vulnerabilities = =====================
∗∗∗ Collabora Online: Update schützt vor unbefugten Dateizugriffen aus der Ferne ∗∗∗ --------------------------------------------- Das Collabora Online-Team rät zur Aktualisierung der Online-Officeanwendung, um eine als "kritisch" eingestufte Remote-Angriffsmöglichkeit zu beseitigen. --------------------------------------------- https://heise.de/-6147967
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (aspell, intel-microcode, krb5, rabbitmq-server, and ruby-actionpack-page-caching), Fedora (chromium, containernetworking-plugins, containers-common, crun, fossil, podman, skopeo, varnish-modules, and vmod-uuid), Gentoo (leptonica, libsdl2, and libyang), Mageia (golang, lib3mf, nodejs, python-pip, redis, and xstream), openSUSE (containerd, crmsh, curl, icinga2, and systemd), Oracle (containerd), and Red Hat (thunderbird). --------------------------------------------- https://lwn.net/Articles/864346/
∗∗∗ OTRS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in OTRS ausnutzen, um Sicherheitsvorkehrungen zu umgehen und einen Cross-Site-Scripting-Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0805
∗∗∗ Security Bulletin: FasterXML Vulnerability in Jackson-Databind Affects IBM Sterling Connect:Direct File Agent (CVE-2018-7489) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-fasterxml-vulnerability-in...
∗∗∗ Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Sterling Connect:Direct File Agent (CVE-2020-1953) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-configurati...
∗∗∗ Security Bulletin: IBM i2 Analyze missing security header (CVE-2021-29769) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-missing-sec...
∗∗∗ Security Bulletin: IBM i2 Analyze and i2 Analyst's Notebook Premium has session handling vulnerability (CVE-2021-20431) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-and-i2-anal...
∗∗∗ Security Bulletin: Apache PDFBox as used by IBM QRadar Incident Forensics is vulnerable to denial of service (CVE-2021-27807, CVE-2021-27906) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-pdfbox-as-used-by-i...
∗∗∗ Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29767) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-p...
∗∗∗ Security Bulletin: IBM i2 iBase vulnerable to DLL highjacking (CVE-2020-4623) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-ibase-vulnerable-to...
∗∗∗ Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-p...
∗∗∗ Security Bulletin: IBM QRadar SIEM uses weaker than expected cryptographic algorithms (CVE-2021-20337) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-uses-weake...
∗∗∗ Security Bulletin: IBM i2 Analyze has an information disclosure vulnerability (CVE-2021-20430) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-has-an-info...