[CERT-daily] Tageszusammenfassung - 03.08.2021
Daily end-of-shift report
team at cert.at
Tue Aug 3 18:13:15 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Montag 02-08-2021 18:00 − Dienstag 03-08-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Supply-Chain-Angriffe: EU-Behörde empfiehlt Code-Checks für Abhängigkeiten ∗∗∗
---------------------------------------------
Als Reaktion auf Angriffe wie bei Solarwinds hat die zuständige EU-Behörde einen einfachen Rat. Doch entsprechende Maßnahmen kann offenbar nicht mal Microsoft umsetzen.
---------------------------------------------
https://www.golem.de/news/supply-chain-angriffe-eu-behoerde-empfiehlt-code-checks-fuer-abhaengigkeiten-2108-158595-rss.html
∗∗∗ Do You Trust Your Smart TV? ∗∗∗
---------------------------------------------
Did you ever stop to think that the office smart TV used for company presentations, Zoom meetings, and other work-related activities may not be so trustworthy?
---------------------------------------------
https://securityaffairs.co/wordpress/120752/iot/smart-tv-security.html
∗∗∗ Android-Patchday: Google bessert unter anderem beim Media Framework nach ∗∗∗
---------------------------------------------
Updates für das mobile Betriebssystem zielen wieder einmal auf das Media Framework, beseitigen aber etwa auch kritische Lücken aus Qualcomm-Komponenten.
---------------------------------------------
https://heise.de/-6154130
∗∗∗ RDP brute force attacks explained ∗∗∗
---------------------------------------------
A simple and straightforward explanation of what RDP brute force attacks are, why they are so dangerous, and what you can do about them.
---------------------------------------------
https://blog.malwarebytes.com/explained/2021/08/rdp-brute-force-attacks-explained/
∗∗∗ Gefälschte A1-Rechnung führt zu Schadsoftware ∗∗∗
---------------------------------------------
Aktuell werden gefälschte A1-E-Mails mit dem Betreff "Rechnung vom 04.07.2021" versendet. Im E-Mail wird behauptet, dass eine Zahlung nicht bearbeitet werden konnte.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-a1-rechnung-fuehrt-zu-schadsoftware/
∗∗∗ Raccoon stealer-as-a-service will now try to grab your cryptocurrency ∗∗∗
---------------------------------------------
The malware has been upgraded to target even more financial information.
---------------------------------------------
https://www.zdnet.com/article/raccoon-stealer-as-a-service-will-now-try-to-steal-your-cryptocurrency/
∗∗∗ CISA and NSA Release Kubernetes Hardening Guidance ∗∗∗
---------------------------------------------
The National Security Agency (NSA) and CISA have released Kubernetes Hardening Guidance, a cybersecurity technical report detailing the complexities of securely managing Kubernetes—an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized applications.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/08/02/cisa-and-nsa-release-kubernetes-hardening-guidance
∗∗∗ Positive Technologies: APT group targeting government agencies around the world detected in Russia for the first time ∗∗∗
---------------------------------------------
Positive Technologies Expert Security Center (PT ESC) revealed new attacks by APT31 and analyzed its new tool—a malicious software that allows criminals to control a victim’s computer or network by using remote access.
---------------------------------------------
https://www.ptsecurity.com/ww-en/about/news/positive-technologies-apt-group-targeting-government-agencies-around-the-world-detected-in-russia-for-the-first-time
∗∗∗ PetitPotam-Angriffe auf Windows durch RPC-Filter blocken ∗∗∗
---------------------------------------------
Sicherheitsforscher haben kürzlich einen neuen Angriffsvektor namens PetitPotam offen gelegt. Mittels eines NTLM-Relay-Angriffs kann jeder Windows Domain Controller übernommen werden.
---------------------------------------------
https://www.borncity.com/blog/2021/08/03/petitpotam-angriffe-auf-windows-durch-filter-blocken/
=====================
= Vulnerabilities =
=====================
∗∗∗ VU#405600: Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks ∗∗∗
---------------------------------------------
Microsoft Windows Active Directory Certificate Services (AD CS) by default can be used as a target for NTLM relay attacks, which can allow a domain-joined computer to take over the entire Active Directory.
---------------------------------------------
https://kb.cert.org/vuls/id/405600
∗∗∗ PwnedPiper: Rohrpostsysteme in US-Krankenhäusern über Firmware-Lücken angreifbar ∗∗∗
---------------------------------------------
Sicherheitslücken erlaubten Forschern die komplette Übernahme von "Translogic"-Rohrpostsystemen. Hersteller Swisslog Healthcare hat Updates veröffentlicht.
---------------------------------------------
https://heise.de/-6153319
∗∗∗ Chrome: Browser-Update für den Desktop schließt Sicherheitslücken ∗∗∗
---------------------------------------------
Für die Windows-, Linux- und macOS-Ausgaben des Chrome-Browsers ist ein Update mit insgesamt zehn Security-Fixes verfügbar.
---------------------------------------------
https://heise.de/-6153994
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, nodejs, nodejs-lts-erbium, and nodejs-lts-fermium), Debian (pyxdg, shiro, and vlc), openSUSE (qemu), Oracle (lasso), Red Hat (glibc, lasso, rh-php73-php, rh-varnish6-varnish, and varnish:6), Scientific Linux (lasso), SUSE (dbus-1, lasso, python-Pillow, and qemu), and Ubuntu (exiv2, gnutls28, and qpdf).
---------------------------------------------
https://lwn.net/Articles/865029/
∗∗∗ Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software ∗∗∗
---------------------------------------------
Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that could be exploited to gain code execution on vulnerable devices.
---------------------------------------------
https://www.securityweek.com/code-execution-flaw-found-cisco-firepower-device-manager-box-software
∗∗∗ Bypassing Authentication on Arcadyan Routers with CVE-2021–20090 and rooting some Buffalo ∗∗∗
---------------------------------------------
In the following sections we will look at how I took the Buffalo devices apart, did a not-so-great solder job, and used a shell offered up on UART to help find a couple of bugs that could let users bypass authentication to the web interface and enable a root BusyBox shell on telnet.
---------------------------------------------
https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
∗∗∗ Spyware-ähnliche Funktionen in China-App Bejing One Pass gefunden ∗∗∗
---------------------------------------------
Ausländische Firmen, die in China tätig sind, benötigen die App Beijing One Pass, um Zugang zu einer digitalen Plattform für die Verwaltung der staatlichen Leistungen für Arbeitnehmer zu erhalten. Nun haben Sicherheitsspezialisten in dieser App Spyware ähnliche Funktionen gefunden.
---------------------------------------------
https://www.borncity.com/blog/2021/08/02/spyware-hnliche-funktionen-in-china-app-bejing-one-pass-gefunden/
∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2021-20227) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2021-20227-2/
∗∗∗ Security Bulletin: A vulnerabilty in encoding/unicode in the UTF-16 decoder has been found in x/text package before v0.3.3 for Go that could lead to an infinite loop and denial of service, affecting IBM Cloud Pak for Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerabilty-in-encoding-unicode-in-the-utf-16-decoder-has-been-found-in-x-text-package-before-v0-3-3-for-go-that-could-lead-to-an-infinite-loop-and-denial-of-service-affecting/
∗∗∗ Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2021-20227) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2021-20227/
∗∗∗ Security Bulletin: Vulnerability in ksh affects AIX (CVE-2021-29741) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ksh-affects-aix-cve-2021-29741/
∗∗∗ JSA11209 ∗∗∗
---------------------------------------------
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11209
∗∗∗ Linux kernel vulnerability CVE-2021-33909 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K75133288?utm_source=f5support&utm_medium=RSS
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list