[CERT-daily] Tageszusammenfassung - 06.07.2021
Daily end-of-shift report
team at cert.at
Tue Jul 6 18:04:58 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Montag 05-07-2021 18:00 − Dienstag 06-07-2021 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ How to protect your site against lethal unauthorized code injections ∗∗∗
---------------------------------------------
Lethal unauthorized code injections like XXS (cross site scripting) attacks are some of the most dynamic cyber-attacks. They are often very difficult to detect and can result in credit card theft, fraud, and endpoint data breaches, having a huge impact on small to medium sized businesses.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/how-to-protect-your-site-against-lethal-unauthorized-code-injections
∗∗∗ Python DLL Injection Check, (Tue, Jul 6th) ∗∗∗
---------------------------------------------
They are many security tools that inject DLL into processes running on a Windows system. The classic examples are anti-virus products.
---------------------------------------------
https://isc.sans.edu/diary/rss/27608
∗∗∗ Kaseya VSA: Wie die Lieferketten-Angriffe abliefen und was sie für uns bedeuten ∗∗∗
---------------------------------------------
Auch wer nicht davon betroffen ist, sollte sich klarmachen, was da gerade geschieht. Denn Angriffe wie der aktuelle REvil-Coup werden die IT-Welt verändern.
---------------------------------------------
https://heise.de/-6129656
∗∗∗ Kaseya Case Update 3 ∗∗∗
---------------------------------------------
Since the first signs of an incident last Friday evening the DIVD has continued to monitor the internet for instances of Kaseya VSA that remained online. We are happy to report a steady decrease in the number of online servers.
---------------------------------------------
https://csirt.divd.nl/2021/07/06/Kaseya-Case-Update-3/
=====================
= Vulnerabilities =
=====================
∗∗∗ Authentified RFI to RCE Nagios/NagiosXI exploitation ∗∗∗
---------------------------------------------
An authenticated attacker may remotely inject and execute arbitrary code in Nagios and Nagios XI products.
---------------------------------------------
https://github.com/ArianeBlow/NagiosXI-EmersonFI
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (python-django), Debian (libuv1, libxstream-java, and php7.3), Fedora (rabbitmq-server), Gentoo (glibc, google-chrome, libxml2, and postsrsd), openSUSE (libqt5-qtwebengine and roundcubemail), SUSE (python-rsa), and Ubuntu (djvulibre).
---------------------------------------------
https://lwn.net/Articles/861972/
∗∗∗ [20210705] - Core - XSS in com_media imagelist ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/860-20210705-core-xss-in-com-media-imagelist.html
∗∗∗ [20210704] - Core - Privilege escalation through com_installer ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/859-20210704-core-privilege-escalation-through-com-installer.html
∗∗∗ [20210703] - Core - Lack of enforced session termination ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/858-20210703-core-lack-of-enforced-session-termination.html
∗∗∗ [20210702] - Core - DoS through usergroup table manipulation ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/857-20210702-core-dos-through-usergroup-table-manipulation.html
∗∗∗ [20210701] - Core - XSS in JForm Rules field ∗∗∗
---------------------------------------------
https://developer.joomla.org:443/security-centre/856-20210701-core-xss-in-jform-rules-field.html
∗∗∗ Paessler PRTG: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0719
∗∗∗ MediaWiki: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0718
∗∗∗ QNAP NAS HBS 3: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0717
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list