[CERT-daily] Tageszusammenfassung - 13.07.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 12-07-2021 18:00 − Dienstag 13-07-2021 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Trickbot Activity Increases; new VNC Module On the Radar ∗∗∗
---------------------------------------------
Despite the takedown attempt, Trickbot is more active than ever. In May 2021, our systems started to pick up an updated version of the vncDll module that Trickbot uses against select high-profile targets.
---------------------------------------------
https://www.bitdefender.com/blog/labs/trickbot-activity-increases-new-vnc-module-on-the-radar


∗∗∗ Buchen Sie Ihre Unterkunft nicht auf fewolio.de ∗∗∗
---------------------------------------------
fewolio.de ist eine unseriöse Buchungsplattform für luxuriöse Ferienhäuser in Deutschland. Die betrügerische Plattform sticht vor allem durch ihre günstigen Preise und kurzfristigen Verfügbarkeiten hervor.
---------------------------------------------
https://www.watchlist-internet.at/news/buchen-sie-ihre-unterkunft-nicht-auf-fewoliode/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ IT-Sicherheit: Neue Sicherheitslücke bei Solarwinds ∗∗∗
---------------------------------------------
Bei einer Dateiaustausch-Software von Solarwinds gab es Probleme. Ein Angreifer hat die Sicherheitslücke offenbar aktiv ausgenutzt.
---------------------------------------------
https://www.golem.de/news/it-sicherheit-neue-sicherheitsluecke-bei-solarwinds-2107-158086-rss.html


∗∗∗ ModiPwn ∗∗∗
---------------------------------------------
Armis researchers discover a critical vulnerability in Schneider Electric Modicon PLCs. The vulnerability can allow attackers to bypass authentication mechanisms which can lead to native remote-code-execution on vulnerable PLCs.
---------------------------------------------
https://www.armis.com/research/modipwn/


∗∗∗ Siemens Security Advisories 2021-07-13 ∗∗∗
---------------------------------------------
Siemens hat 18 neue und 5 aktualisierte Security Advisories veröffentlicht. (CVSS Scores von 5.3 bis 9.8)
---------------------------------------------
https://new.siemens.com/de/de/produkte/services/cert.html


∗∗∗ Citrix Virtual Apps and Desktops Security Update ∗∗∗
---------------------------------------------
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
---------------------------------------------
https://support.citrix.com/article/CTX319750


∗∗∗ Examining Crypto and Bypassing Authentication in Schneider Electric PLCs (M340/M580) ∗∗∗
---------------------------------------------
What you see in the picture above is similar to what you might see at a factory, plant, or inside a machine. At the core of it is Schneider Electric’s Modicon M340 programmable logic controller (PLC).
---------------------------------------------
https://medium.com/tenable-techblog/examining-crypto-and-bypassing-authentication-in-schneider-electric-plcs-m340-m580-f37cf9f3ff34


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (sogo), Fedora (libvirt), Gentoo (polkit), Mageia (binutils, freeradius, guile1.8, kernel, kernel-linus, libgrss, mediawiki, mosquitto, php-phpmailer, and webmin), openSUSE (bluez and jdom2), Oracle (kernel and xstream), Scientific Linux (xstream), and SUSE (kernel and python-pip).
---------------------------------------------
https://lwn.net/Articles/862767/


∗∗∗ Recently Patched ForgeRock AM Vulnerability Exploited in Attacks ∗∗∗
---------------------------------------------
Government agencies in the United States and Australia warn organizations that a recently patched vulnerability affecting ForgeRock Access Management has been exploited in the wild.
---------------------------------------------
https://www.securityweek.com/recently-patched-forgerock-am-vulnerability-exploited-attacks


∗∗∗ ZDI-21-786: Trend Micro Apex One Incorrect Permission Assignment Denial-of-Service Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-786/


∗∗∗ ZDI-21-789: (0Day) GoPro Player MOV File Parsing Use-After-Free Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-789/


∗∗∗ ZDI-21-788: (0Day) GoPro Player MOV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-788/


∗∗∗ ZDI-21-787: (0Day) GoPro Player MOV File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-787/


∗∗∗ SAP Software: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0734


∗∗∗ Security Bulletin: A vulnerability was found in Oniguruma 6.9.2 that would result in a NULL Pointer Dereference, affecting IBM Cloud Pak for Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-found-in-oniguruma-6-9-2-that-would-result-in-a-null-pointer-dereference-affecting-ibm-cloud-pak-for-applications/


∗∗∗ Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 where insecure http communications is used ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-found-in-ibm-cloud-pak-for-applications-v4-3-where-insecure-http-communications-is-used/


∗∗∗ Security Bulletin: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator, affecting IBM Cloud Pak for Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-out-of-bounds-read-vulnerability-was-found-in-the-slirp-networking-implementation-of-the-qemu-emulator-affecting-ibm-cloud-pak-for-applications/


∗∗∗ Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 where an error message may disclose implementation details ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-found-in-ibm-cloud-pak-for-applications-v4-3-where-an-error-message-may-disclose-implementation-details/


∗∗∗ Security Bulletin: IBM Cloud Pak for Applications v4.3 does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-applications-v4-3-does-not-properly-assign-modify-track-or-check-privileges-for-an-actor-creating-an-unintended-sphere-of-control-for-that-actor/


∗∗∗ Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 that exposes a cross-site scripting attack due to target blank set in HTML anchor tags ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-found-in-ibm-cloud-pak-for-applications-v4-3-that-exposes-a-cross-site-scripting-attack-due-to-target-blank-set-in-html-anchor-tags/


∗∗∗ Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 which may allow a malicious attacker to obtain sensitive user information from memory ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-found-in-ibm-cloud-pak-for-applications-v4-3-which-may-allow-a-malicious-attacker-to-obtain-sensitive-user-information-from-memory/


∗∗∗ Security Bulletin: A vulnerabilty has been found in x/test pacakge before 0.3.3 for Go that could lead to an infinite loop, affecting IBM Cloud Pak for Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerabilty-has-been-found-in-x-test-pacakge-before-0-3-3-for-go-that-could-lead-to-an-infinite-loop-affecting-ibm-cloud-pak-for-applications/


∗∗∗ Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 that exposes the possibility of a cross-site scripting attack. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-found-in-ibm-cloud-pak-for-applications-v4-3-that-exposes-the-possibility-of-a-cross-site-scripting-attack/


∗∗∗ Security Bulletin: A vulnerability has been identified in IBM Cloud Pak for Applications v4.3 that exposes a cross-site scripting attack. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-cloud-pak-for-applications-v4-3-that-exposes-a-cross-site-scripting-attack/


∗∗∗ VMSA-2021-0014 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0014.html


∗∗∗ glibc vulnerability CVE-2020-27618 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K08641512


∗∗∗ Apache Cassandra vulnerability CVE-2020-13946 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K36212405


∗∗∗ Apache Tomcat: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0733


∗∗∗ Icinga: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0732


∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/07/13/adobe-releases-security-updates-multiple-products


∗∗∗ Security Advisories SYSS-2021-022, SYSS-2021-023, SYSS-2021-025 und SYSS-2021-026 zu P&I-Software LOGA3 ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/security-advisories-syss-2021-022-syss-2021-023-syss-2021-025-und-syss-2021-026-zu-pi-software-loga3


∗∗∗ SYSS-2021-020, SYSS-2021-021, SYSS-2021-027: Mehrere Schwachstellen in Element-IT HTTP Commander ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-020-syss-2021-021-syss-2021-027-mehrere-schwachstellen-in-element-it-http-commander

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily