[CERT-daily] Tageszusammenfassung - 15.07.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 14-07-2021 18:00 − Donnerstag 15-07-2021 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ IT-Sicherheit: Immer mehr Zero-Day-Exploits bei Angriffen entdeckt ∗∗∗
---------------------------------------------
Sicherheitsforscher verzeichnen immer mehr Angriffe, für die zuvor unbekannte Sicherheitslücken ausgenutzt werden. Das müsse jedoch kein schlechtes Zeichen sein, sagen die Forscher. 
---------------------------------------------
https://www.golem.de/news/it-sicherheit-immer-mehr-zero-day-exploits-bei-angriffen-entdeckt-2107-158173-rss.html


∗∗∗ Attacken auf nicht mehr unterstützte Fernzugriff-Produkte von Sonicwall ∗∗∗
---------------------------------------------
Angreifer attackieren derzeit nicht mehr im Support befindliche Sonicwall Secure Mobile Access und Secure Remote Access mit Ransomware.
---------------------------------------------
https://heise.de/-6139330


∗∗∗ Grüner Pass – worauf Sie achten müssen! ∗∗∗
---------------------------------------------
Seit Kurzem kann man mit dem "Grünen Pass" digital nachweisen, dass man geimpft, getestet oder genesen ist. Aber was ist der "Grüne Pass" und wie kann dieser genutzt werden? Der "Grüne Pass" kann in unterschiedlichen Formen genutzt werden: ausgedruckt, via App, als Foto etc. Wir zeigen Ihnen, wie Sie zu diesem kommen und worauf Sie achten sollten.
---------------------------------------------
https://www.watchlist-internet.at/news/gruener-pass-worauf-sie-achten-muessen/


∗∗∗ Ransomware: Interpol warnt vor exponentiellen Wachstum ∗∗∗
---------------------------------------------
Cyberkriminelle agieren laut Interpol über Grenzen hinweg und bleiben dabei meist ungestraft. Die Polizeibehörde befürchtet ohne eine Zusammenarbeit zwischen Ermittlern und Privatwirtschaft eine "Ransomware-Pandemie".
---------------------------------------------
https://www.zdnet.de/88395786/ransomware-interpol-warnt-vor-exponentiellen-wachstum/


∗∗∗ BazarBackdoor sneaks in through nested RAR and ZIP archives ∗∗∗
---------------------------------------------
Security researchers caught a new phishing campaign that tried to deliver the BazarBackdoor malware by using the multi-compression technique and masking it as an image file.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/bazarbackdoor-sneaks-in-through-nested-rar-and-zip-archives/


∗∗∗ Linux version of HelloKitty ransomware targets VMware ESXi servers ∗∗∗
---------------------------------------------
​The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMwares ESXi virtual machine platform for maximum damage.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/


∗∗∗ USPS Phishing Using Telegram to Collect Data, (Tue, Jul 13th) ∗∗∗
---------------------------------------------
Phishing... at least they don't understand security any better than most kids. The latest example is a simple USPS phish. The lure is an email claiming that a package can not be delivered until I care to update my address. Urgency... and obvious action. They learned something in their phishing 101 class.
---------------------------------------------
https://isc.sans.edu/diary/rss/27630


∗∗∗ An Overview of Basic WordPress Hardening ∗∗∗
---------------------------------------------
We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. While there are a plethora of different ways that site owners can lock down their website, in this post we are going to review the most basic hardening mechanisms that WordPress website owners can employ to improve their security. We will also review the pros and cons of these different tactics.
---------------------------------------------
https://blog.sucuri.net/2021/07/basic-wordpress-hardening.html


∗∗∗ macOS: Bashed Apples of Shlayer and Bundlore ∗∗∗
---------------------------------------------
The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. Though these scripts have slight variations, they mostly belong to a plague of adware strains—Shlayer and Bundlore. These malware are the most predominant malware in macOS, also with a history of evading and bypassing the built-in Xprotect, Gatekeeper, Notarization and File Quarantine security features of macOS.
---------------------------------------------
https://www.uptycs.com/blog/macos-bashed-apples-of-shlayer-and-bundlore


∗∗∗ Gasket and MagicSocks Tools Install Mespinoza Ransomware ∗∗∗
---------------------------------------------
As cyber extortion flourishes, ransomware gangs are constantly changing tactics and business models to increase the chances that victims will pay increasingly large ransoms. As these criminal organizations become more sophisticated, they are increasingly taking on the appearance of professional enterprises.
---------------------------------------------
https://unit42.paloaltonetworks.com/gasket-and-magicsocks-tools-install-mespinoza-ransomware/


∗∗∗ CISA Insights: Guidance for MSPs and Small- and Mid-sized Businesses ∗∗∗
---------------------------------------------
Original release date: July 14, 2021CISA has released CISA Insights: Guidance for Managed Service Providers (MSPs) and Small- and Mid-sized Businesses, which provides mitigation and hardening guidance to help these organizations strengthen their defenses against cyberattacks. Many small- and mid-sized businesses use MSPs to manage IT systems, store data, or support sensitive processes, making MSPs valuable targets for malicious cyber actors. Compromises of MSPs—such as with the recent [...]
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/07/14/cisa-insights-guidance-msps-and-small-and-mid-sized-businesses



=====================
=  Vulnerabilities  =
=====================

∗∗∗ SA44846 - OpenSSL Security Advisory CVE-2021-23841 ∗∗∗
---------------------------------------------
On February 16 2021, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. [...] Pulse Secure is currently evaluating the following issues reported by OpenSSL: As the investigation continues, we recommend subscribing to this advisory as it will be periodically updated to reflect the current status.
---------------------------------------------
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846


∗∗∗ Juniper Security Advisories ∗∗∗
---------------------------------------------
Juniper hat am 14.7.2021 32 Security Advisories mit folgenden Severity Levels veröffentlicht: 12x Medium, 15x High, 5x Critical
---------------------------------------------
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES&cat=SIRT_1&actp=&sort=documentid&dir=descending&max=32&batch=32&itData.offset=0


∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet ∗∗∗
---------------------------------------------
Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software. R-SeeNet is the software system used for monitoring Advantech routers. [...] Talos is disclosing these vulnerabilities despite no official update from Advantech inside the 90-day deadline, as outlined in Cisco’s vulnerability disclosure policy.
---------------------------------------------
https://blog.talosintelligence.com/2021/07/vuln-spotlight-r-see-net.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and php7.0), Fedora (firefox, mingw-djvulibre, and seamonkey), Gentoo (fluidsynth, openscad, and urllib3), openSUSE (ffmpeg, nodejs12, and sqlite3), Red Hat (firefox), and SUSE (ffmpeg, kernel, nodejs10, nodejs12, nodejs14, and sqlite3).
---------------------------------------------
https://lwn.net/Articles/863001/


∗∗∗ Lenovo Working on Patches for BIOS Vulnerabilities Affecting Many Laptops ∗∗∗
---------------------------------------------
Lenovo this week published information on three vulnerabilities that impact the BIOS of two of its desktop products and approximately 60 laptop and notebook models.
---------------------------------------------
https://www.securityweek.com/lenovo-working-patches-bios-vulnerabilities-affecting-many-laptops


∗∗∗ Kubernetes: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0751


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® WebSphere Application Server Liberty affect IBM LKS Administration and Reporting Tool and its Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-lks-administration-and-reporting-tool-and-its-agent/


∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by vulnerability in Java SE (CVE-2020-14579)( CVE-2020-14578)(CVE-2020-14577) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-vulnerability-in-java-se-cve-2020-14579-cve-2020-14578cve-2020-14577/


∗∗∗ Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/


∗∗∗ Security Bulletin: IBM Watson Compare and Comply for IBM Cloud Pak for Data affected by vulnerability in Apache PDFBox ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-compare-and-comply-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-pdfbox/


∗∗∗ Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities – Apache Commons ( CVE-2021-29425) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-using-a-component-with-known-vulnerabilities-apache-commons-cve-2021-29425/


∗∗∗ Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities – Eclipse Jetty ( CVE-2021-28163, CVE-2021-28165, CVE-2020-27223) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-using-a-component-with-known-vulnerabilities-eclipse-jetty-cve-2021-28163-cve-2021-28165-cve-2020-27223/


∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by a specially-crafted sequence of serialized objects(CVE-2020-4576) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-a-specially-crafted-sequence-of-serialized-objectscve-2020-4576/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily