[CERT-daily] Tageszusammenfassung - 14.07.2021
Daily end-of-shift report
team at cert.at
Wed Jul 14 18:15:42 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 13-07-2021 18:00 − Mittwoch 14-07-2021 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Updated Joker Malware Floods into Android Apps ∗∗∗
---------------------------------------------
The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners.
---------------------------------------------
https://threatpost.com/updated-joker-malware-android-apps/167776/
∗∗∗ Cybercrime-Bande REvil von der Bildfläche verschwunden ∗∗∗
---------------------------------------------
Die Kriminellen erpressten über 1000 Firmen, deren Daten sie mit dem Kaseya-Lieferketten-Angriff verschlüsselten. Jetzt sind ihre Server nicht mehr erreichbar.
---------------------------------------------
https://heise.de/-6137119
∗∗∗ Identitätsdiebstahl statt Darlehen: Schließen Sie keinen Kredit auf 1superkredit.com und kredit-united.com ab! ∗∗∗
---------------------------------------------
Sind Sie auf der Suche nach einem Kredit? Dann stoßen Sie womöglich auf die Webseiten 1superkredit.com oder kredit-united.com. Zwei Webseiten, die einiges gemeinsam haben: Die Webseiten sehen sehr ähnlich aus, bewerben Kredite zu günstigen Bedingungen und hinter beiden Seiten stecken BetrügerInnen.
---------------------------------------------
https://www.watchlist-internet.at/news/identitaetsdiebstahl-statt-darlehen-schliessen-sie-keinen-kredit-auf-1superkreditcom-und-kredit-unit/
∗∗∗ CISA Releases Analysis of FY20 Risk and Vulnerability Assessments ∗∗∗
---------------------------------------------
CISA has released an analysis and infographic detailing the findings from the Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year (FY) 2020 across multiple sectors.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/07/08/cisa-releases-analysis-fy20-risk-and-vulnerability-assessments
=====================
= Vulnerabilities =
=====================
∗∗∗ SonicWall warns of critical ransomware risk to SMA 100 VPN appliances ∗∗∗
---------------------------------------------
SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-ransomware-risk-to-sma-100-vpn-appliances/
∗∗∗ Authentication bypass & Remote code Execution bei Schneider Electric EVlink Ladestationen ∗∗∗
---------------------------------------------
Schneider Electric Ladestationen für E-Autos der "EVlink" Serie sind von zwei Schwachstellen betroffen die es einem Angreifer ermöglichen das System zu übernehmen und dort beliebige Befehle auszuführen.
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/authentication-bypass-remote-code-execution-bei-schneider-electric-evlink-ladestationen/
∗∗∗ Microsoft-Patchday: Angreifer nutzen vier Sicherheitslücken in Windows aus ∗∗∗
---------------------------------------------
Microsoft schließt unter anderem kritische Schadcode-Lücken in der Schutzlösung Windows Defender. Neben aktiven Angriffen könnten weitere Attacken bevorstehen.
---------------------------------------------
https://heise.de/-6137050
∗∗∗ Patchday: Adobe schließt kritische Lücken in Bridge, Illustrator & Co. ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für verschiedene Adobe-Anwendungen. Angreifer könnten Schadcode ausführen.
---------------------------------------------
https://heise.de/-6137110
∗∗∗ Patchday SAP: Angreifer könnten unberechtigt auf NetWeaver zugreifen ∗∗∗
---------------------------------------------
Der Softwarehersteller SAP schließt mehrere Sicherheitslücken in seinem Portfolio.
---------------------------------------------
https://heise.de/-6137467
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (xstream), Debian (linuxptp), Fedora (glibc and krb5), Gentoo (pillow and thrift), Mageia (ffmpeg and libsolv), openSUSE (kernel and qemu), SUSE (kernel), and Ubuntu (php5, php7.0).
---------------------------------------------
https://lwn.net/Articles/862855/
∗∗∗ ICS Patch Tuesday: Siemens and Schneider Electric Address 100 Vulnerabilities ∗∗∗
---------------------------------------------
Industrial giants Siemens and Schneider Electric on Tuesday released a total of two dozen advisories covering roughly 100 vulnerabilities affecting their products.
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-siemens-and-schneider-electric-address-100-vulnerabilities
∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210714-01-pe-en
∗∗∗ Security Advisory - Privilege Escalation Vulnerability in some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210714-01-privilege-en
∗∗∗ Security Advisory - Logic Error Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210714-01-smartphone-en
∗∗∗ Security Bulletin: Unrestricted document type definition vulnerability affects IBM Sterling Secure Proxy ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-unrestricted-document-type-definition-vulnerability-affects-ibm-sterling-secure-proxy/
∗∗∗ Security Bulletin: A security vulnerability was fixed in IBM Security Access Manager and IBM Security Verify Access Docker containers ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-was-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-docker-containers/
∗∗∗ Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access Docker container ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/
∗∗∗ Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-were-detected-in-ibm-secure-external-authentication-server-2/
∗∗∗ Security Bulletin: Apache PDFBox Vulnerabilities Affect IBM Control Center (CVE-2021-31811, CVE-2021-31812) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-pdfbox-vulnerabilities-affect-ibm-control-center-cve-2021-31811-cve-2021-31812/
∗∗∗ Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-were-detected-in-ibm-secure-external-authentication-server/
∗∗∗ Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-were-detected-in-ibm-secure-proxy/
∗∗∗ VMSA-2021-0015 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0015.html
∗∗∗ Schneider Electric C-Bus Toolkit ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-01
∗∗∗ Schneider Electric SCADApack RTU, Modicon Controllers, and Software ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-02
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list