[CERT-daily] Tageszusammenfassung - 07.07.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 06-07-2021 18:00 − Mittwoch 07-07-2021 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ WildPressure targets the macOS platform ∗∗∗
---------------------------------------------
We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.
---------------------------------------------
https://securelist.com/wildpressure-targets-macos/103072/


∗∗∗ Why I Love (Breaking Into) Your Security Appliances ∗∗∗
---------------------------------------------
David "moose" Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to "pick one lock" to invade an enterprise through them.
---------------------------------------------
https://threatpost.com/breaking-into-security-appliances/167584/


∗∗∗ Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform ∗∗∗
---------------------------------------------
An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process.
---------------------------------------------
https://thehackernews.com/2021/07/dozens-of-vulnerable-nuget-packages.html


∗∗∗ Fake-Shops für Fahrräder und E-Bikes haben Saison! ∗∗∗
---------------------------------------------
Auf bike-heller.de und mister24bike.de wird ein riesiges Sortiment an Fahrrädern und E-Bikes lagernd und sofort lieferbar angeboten. Allein das sollte stutzig machen, da viele seriöse Händler mitten in der Saison schon ausverkauft sind.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-shops-fuer-fahrraeder-und-e-bikes-haben-saison/


∗∗∗ Understanding REvil: The Ransomware Gang Behind the Kaseya Attack ∗∗∗
---------------------------------------------
Ransomware cases worked by Unit 42 consultants in the first six months of 2021 reveal insights into the preferred tactics of REvil threat actors.
---------------------------------------------
https://unit42.paloaltonetworks.com/revil-threat-actors/


∗∗∗ Update - Kaseya VSA Ransomwarevorfall: Sicht auf Österreich ∗∗∗
---------------------------------------------
In Folge dieses Vorfalls ist nun auch eine Spam-Kampagne, welche Schadsoftware (Cobalt Strike) im Anhang ausliefert und vorgibt, ein legitimes Update für Kaseya VSA zu sein, in Erscheinung getreten.
---------------------------------------------
https://cert.at/de/aktuelles/2021/7/kaseya-vsa-ransomwarevorfall


∗∗∗ How to Tighten IoT Security for Healthcare Organization ∗∗∗
---------------------------------------------
This post will first explore some of the ways IoT is revolutionizing medical care, then identify some of the potential problems posed by connected devices in a medical setting.
---------------------------------------------
https://blog.checkpoint.com/2021/06/21/how-to-tighten-iot-security-for-healthcare-organization/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Printnightmare: Erste Patches für Windows-Sicherheitslücke ∗∗∗
---------------------------------------------
Durch ein Problem mit dem Windows-Druck-Spooler können Angreifer Code aus der Ferne ausführen. Erste Patches stehen bereit, aber noch nicht für alles. (Windows, Drucker)
---------------------------------------------
https://www.golem.de/news/printnightmare-erste-patches-fuer-windows-sicherheitsluecke-2107-157931-rss.html


∗∗∗ Kasperskys Passwort-Manager gefährdete Benutzer mit ratbaren Passwörtern ∗∗∗
---------------------------------------------
Wegen einer gründlich verpatzten Umsetzung ließen sich die vom Kaspersky Passwort-Manager vorgeschlagenen, scheinbar zufälligen Passwörter einfach erraten.
---------------------------------------------
https://heise.de/-6130796


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (glibc), Gentoo (doas, firefox, glib, schismtracker, and tpm2-tss), Mageia (httpcomponents-client), openSUSE (virtualbox), Red Hat (linuxptp), Scientific Linux (linuxptp), and Ubuntu (libuv1 and php7.2, php7.4).
---------------------------------------------
https://lwn.net/Articles/862044/


∗∗∗ This serious Wi-Fi bug can break your iPhone, but heres how to protect yourself ∗∗∗
---------------------------------------------
Walking past a Wi-Fi hotspot with a specific name can cause big problems for your iPhone. And the scary thing is that its easy to do.
---------------------------------------------
https://www.zdnet.com/article/serious-wi-fi-bug-can-break-your-iphone-but-heres-how-to-protect-yourself/


∗∗∗ Security Advisory - Bluetooth Function Denial of Service Vulnerability in Some Huawei Smartphone Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210707-03-dos-en


∗∗∗ Security Bulletin: Netty Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-21409) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-netty-vulnerability-affects-ibm-watson-machine-learning-on-cp4d-cve-2021-21409/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache JSON Small and Fast Parser (json-smart) and Underscore affect IBM Spectrum Symphony ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-json-small-and-fast-parser-json-smart-and-underscore-affect-ibm-spectrum-symphony/


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container could allow a privileged user to obtain sensitive information from internal log files (CVE-2021-29759) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-could-allow-a-privileged-user-to-obtain-sensitive-information-from-internal-log-files-cve-2021-29759/


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by a ReDoS flaw when processing URLs (CVE-2021-33502) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-affected-by-a-redos-flaw-when-processing-urls-cve-2021-33502/


∗∗∗ Security Bulletin: Castor Vulnerability Affects IBM Control Center (CVE-2014-3004) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-castor-vulnerability-affects-ibm-control-center-cve-2014-3004/


∗∗∗ Security Bulletin: Golang Go Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2020-29652) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-golang-go-vulnerability-affects-ibm-watson-machine-learning-on-cp4d-cve-2020-29652/


∗∗∗ Security Bulletin: Vulnerabilities in the Python, Python cryptography , and Urllib3 affect IBM Spectrum Discover. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-python-python-cryptography-and-urllib3-affect-ibm-spectrum-discover/


∗∗∗ Security Bulletin: IBM Cloud Pak for Integration is vulnerable to underscore vulnerability (CVE-2021-23358) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-underscore-vulnerability-cve-2021-23358/


∗∗∗ Security Bulletin: Apache Log4j Vulnerability Affects IBM Control Center (CVE-2020-9488) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-control-center-cve-2020-9488/


∗∗∗ Philips Vue PACS ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01


∗∗∗ Moxa NPort IAW5000A-I/O Series Serial Device Server ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-187-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily