[CERT-daily] Tageszusammenfassung - 01.07.2021

Daily end-of-shift report team at cert.at
Thu Jul 1 18:14:59 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 30-06-2021 18:00 − Donnerstag 01-07-2021 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ "Drucker-Albtraum": Offene Sicherheitslücke erlaubt die Übernahme gesamter Windows-Netzwerke ∗∗∗
---------------------------------------------
Sicherheitsforscher veröffentlichen versehentlich passenden Schadcode, nun herrscht akuter Handlungsbedarf für Windows-Administratoren
---------------------------------------------
https://www.derstandard.at/story/2000127868579/drucker-albtraum-offene-sicherheitsluecke-erlaubt-die-uebernahme-gesamter-windows-netzwerke


∗∗∗ Vorschussbetrug mit Krediten auf befinax.com ∗∗∗
---------------------------------------------
Auf der Suche nach Krediten, Hypotheken oder Versicherungen stoßen Sie womöglich auf befinax.com. Die Seite ist schön aufgebaut, verspricht schnelle Kreditvergaben und wirbt mit den Logos und Namen großer und bekannter Banken. Doch Vorsicht: Hier werden Sie betrogen! Vorab zu bezahlende Gebühren landen direkt in den Händen Krimineller und Kredit gibt es keinen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorschussbetrug-mit-krediten-auf-befinaxcom/


∗∗∗ The Most Prolific Ransomware Families: A Defenders Guide ∗∗∗
---------------------------------------------
In this article, DomainTools researchers provide a look at the three most prolific ransomware families and their toolsets.
---------------------------------------------
https://www.domaintools.com/resources/blog/the-most-prolific-ransomware-families-a-defenders-guide


∗∗∗ Linux: RPM prüft Signaturen nicht richtig ∗∗∗
---------------------------------------------
Eigentlich werden RPM-Pakte unter Linux signiert. Viele wichtige Teile der Signaturprüfung sind bisher aber gar nicht implementiert.
---------------------------------------------
https://www.golem.de/news/linux-rpm-prueft-signaturen-nicht-richtig-2107-157800-rss.html


∗∗∗ Another Exploit Hits WD My Book Live Owners ∗∗∗
---------------------------------------------
While it will come as no comfort to those who had their Western Digital My Book Live NAS drives wiped last week, it seems they were attacked by a combination of two exploits, and possibly caught in the fallout of a rivalry between two different teams of hackers. Toms Hardware reports: Initially, after the news broke on Friday, it was thought a known exploit from 2018 was to blame, allowing attackers to gain root access to the devices. However, it now seems that a previously unknown exploit was [...]
---------------------------------------------
https://hardware.slashdot.org/story/21/06/30/2319243/another-exploit-hits-wd-my-book-live-owners


∗∗∗ We Infiltrated a Counterfeit Check Ring! Now What? ∗∗∗
---------------------------------------------
Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and youve shared this information in advance with the authorities each day for a year with no outward indication that they are doing anything about it. How frustrated would you be? Such is the curse of the fraud fighter known online by the handles “Brianna Ware” and [...]
---------------------------------------------
https://krebsonsecurity.com/2021/06/we-infiltrated-a-counterfeit-check-ring-now-what/


∗∗∗ Becoming Elon Musk - the Danger of Artificial Intelligence ∗∗∗
---------------------------------------------
A Tel Aviv, Israel-based artificial intelligence (AI) firm, with a mission to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents, has developed the opposite: an attack against facial recognition systems that can fool the algorithm into misinterpreting the image.
---------------------------------------------
https://www.securityweek.com/becoming-elon-musk-%E2%80%93-danger-artificial-intelligence


∗∗∗ CISA’s CSET Tool Sets Sights on Ransomware Threat ∗∗∗
---------------------------------------------
CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform a comprehensive evaluation of their cybersecurity [...]
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/cisas-cset-tool-sets-sights-ransomware-threat


∗∗∗ Two years later, the NSABuffMiner botnet is still alive and kicking ∗∗∗
---------------------------------------------
A crypto-mining botnet named NSABuffMiner (or Indexsinas) is still active and infecting Windows systems using three leaked NSA exploits, security firm Guardicore said today.
---------------------------------------------
https://therecord.media/two-years-later-the-nsabuffminer-botnet-is-still-alive-and-kicking/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#383432: Microsoft Windows Print Spooler RpcAddPrinterDriverEx() function allows for RCE ∗∗∗
---------------------------------------------
The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.
---------------------------------------------
https://kb.cert.org/vuls/id/383432


∗∗∗ Sicherheitsupdate: Microsoft entdeckt kritische Lücke in Netgear-Router ∗∗∗
---------------------------------------------
Es gibt ein wichtiges Sicherheitsupdate für den WLAN Router DGN2200v1 von Netgear.
---------------------------------------------
https://heise.de/-6126662


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (htmldoc, ipmitool, and node-bl), Fedora (libgcrypt and libtpms), Mageia (dhcp, glibc, p7zip, sqlite3, systemd, and thunar), openSUSE (arpwatch, go1.15, and kernel), SUSE (curl, dbus-1, go1.15, and qemu), and Ubuntu (xorg-server).
---------------------------------------------
https://lwn.net/Articles/861521/


∗∗∗ EC-CUBE fails to restrict access permissions ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN57942445/


∗∗∗ Block Content Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-022 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2021-022


∗∗∗ Linky Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-021 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2021-021


∗∗∗ Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2021-020 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2021-020


∗∗∗ Security Advisory - Path Traversal Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210630-01-pathtraversal-en


∗∗∗ Security Notice – Statement About the Media Report on the Use of GEA-1 Weak Algorithm in Certain Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2021/huawei-sn-20210618-01-gea1-en


∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2021 CPU plus affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2021-cpu-plus-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology/


∗∗∗ Security Bulletin: Using XSS attack, an attacker may inject Javascript code by modifying input fields in Datacap Navigator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-using-xss-attack-an-attacker-may-inject-javascript-code-by-modifying-input-fields-in-datacap-navigator/


∗∗∗ Security Bulletin: IBM MQ Appliance vulnerability in TLS (CVE-2020-4831) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-vulnerability-in-tls-cve-2020-4831/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-go-4/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability (CVE-2021-3449) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-openssl-vulnerability-cve-2021-3449/


∗∗∗ Security Bulletin: SQL injection from various input fields may affect Datacap Navigator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-from-various-input-fields-may-affect-datacap-navigator/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list