[CERT-daily] Tageszusammenfassung - 20.07.2021
Daily end-of-shift report
team at cert.at
Tue Jul 20 18:11:44 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Montag 19-07-2021 18:00 − Dienstag 20-07-2021 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ New MosaicLoader malware targets software pirates via online ads ∗∗∗
---------------------------------------------
An ongoing worldwide campaign is pushing new malware dubbed MosaicLoader advertising camouflaged as cracked software via search engine results to infect wannabe software pirates systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-mosaicloader-malware-targets-software-pirates-via-online-ads/
∗∗∗ Summer of SAM - incorrect permissions on Windows 10/11 hives, (Tue, Jul 20th) ∗∗∗
---------------------------------------------
If you opened Twitter today you were probably flooded with news about the latest security issue with Windows.
---------------------------------------------
https://isc.sans.edu/diary/rss/27652
∗∗∗ 6 typische Phishing-Attacken ∗∗∗
---------------------------------------------
Phishing, Smishing, Vishing - kennen Sie den Unterschied?
---------------------------------------------
https://sec-consult.com/de/blog/detail/6-common-types-of-phishing-attacks/
∗∗∗ Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware ∗∗∗
---------------------------------------------
The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771).
---------------------------------------------
https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/
∗∗∗ Don’t Wanna Pay Ransom Gangs? Test Your Backups. ∗∗∗
---------------------------------------------
Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only theyd had proper data backups.
---------------------------------------------
https://krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-backups/
∗∗∗ Vorsicht vor gefälschtem „Voicemail“ SMS ∗∗∗
---------------------------------------------
„Sie haben eine neue Voicemail“: Dieses lästige Fake-SMS mit einem Link zu einer angeblichen Sprachnachricht erhalten momentan unzählige HandynutzerInnen. Klicken Sie keinesfalls auf den Link.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschtem-voicemail-sms/
∗∗∗ AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department ∗∗∗
---------------------------------------------
This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40.
---------------------------------------------
https://us-cert.cisa.gov/ncas/alerts/aa21-200a
∗∗∗ Significant Historical Cyber-Intrusion Campaigns Targeting ICS ∗∗∗
---------------------------------------------
CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/significant-historical-cyber-intrusion-campaigns-targeting-ics
=====================
= Vulnerabilities =
=====================
∗∗∗ TYPO3 Security Advisories for 2021-07-20 ∗∗∗
---------------------------------------------
TYPO3-CORE-SA-2021-009 - TYPO3-CORE-SA-2021-012
---------------------------------------------
https://typo3.org/help/security-advisories
∗∗∗ Forensischer Bericht: iMessage-Lücke für Pegasus Spyware wird weiterhin genutzt ∗∗∗
---------------------------------------------
Amnesty International geht davon aus, dass eine iMessage-Lücke zur Installation von Spyware der Überwachungsfirma NSO Group bis heute ausgenutzt wird.
---------------------------------------------
https://heise.de/-6141467
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel, libjdom1-java, rabbitmq-server, and systemd), Fedora (glibc), Gentoo (libpano13, libslirp, mpv, pjproject, pycharm-community, and rpm), Mageia (glibc, libuv, mbedtls, rvxt-unicode, mxrvt, eterm, tomcat, and zziplib), openSUSE (dbus-1, firefox, go1.15, lasso, nodejs10, nodejs12, nodejs14, and sqlite3), SUSE (go1.15), and Ubuntu (containerd).
---------------------------------------------
https://lwn.net/Articles/863617/
∗∗∗ Oracle Releases July 2021 Critical Patch Update ∗∗∗
---------------------------------------------
Oracle has released its Critical Patch Update for July 2021 to address 327 vulnerabilities across multiple products.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/oracle-releases-july-2021-critical-patch-update
∗∗∗ Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug ∗∗∗
---------------------------------------------
Security experts have found a severe vulnerability in a common printer driver used by HP, Xerox, and Samsung.
---------------------------------------------
https://therecord.media/hundreds-of-millions-of-hp-xerox-and-samsung-printers-vulnerable-to-new-bug/
∗∗∗ New Sequoia bug gives you root access on most Linux systems ∗∗∗
---------------------------------------------
Security auditing firm Qualys said today it discovered a new vulnerability in the Linux operating system that can grant attackers root access on most distros, such as Ubuntu, Debian, and Fedora.
---------------------------------------------
https://therecord.media/new-sequoia-bug-gives-you-root-access-on-most-linux-systems/
∗∗∗ Sicherheitsupdates: Root-Lücke bedroht FortiManager und FortiAnalyzer ∗∗∗
---------------------------------------------
https://heise.de/-6142498
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect OS Images for Red Hat Linux Systems used by IBM Cloud Pak System (Jan2021 updates) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-os-images-for-red-hat-linux-systems-used-by-ibm-cloud-pak-system-jan2021-updates/
∗∗∗ Security Bulletin: IBM App Connect Enterprise v11 is affected by vulnerabilities in Node.js (CVE-2021-23358) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-v11-is-affected-by-vulnerabilities-in-node-js-cve-2021-23358-2/
∗∗∗ Security Bulletin: Vulnerability in self-service console affects IBM Cloud Pak System (CVE-2021-20478) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-self-service-console-affects-ibm-cloud-pak-system-cve-2021-20478/
∗∗∗ Security Bulletin: A vulnerability in IBM Spectrum Scale could allow an authenticated user to gain elevated privileges (CVE-2020-9492) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spectrum-scale-could-allow-an-authenticated-user-to-gain-elevated-privileges-cve-2020-9492/
∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Pak System (CVE-2020-1971) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-cloud-pak-system-cve-2020-1971/
∗∗∗ Security Bulletin: Vulnerabilities in Docker affect IBM Cloud Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-docker-affect-ibm-cloud-pak-system/
∗∗∗ Security Bulletin: Vulnerabilities in Python affect OS Image for RedHat bundled with Cloud Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-python-affect-os-image-for-redhat-bundled-with-cloud-pak-system/
∗∗∗ Security Bulletin: Watson Explorer is affected by Apache PDFBox vulnerabilities (CVE-2021-27807, CVE-2021-27906, CVE-2021-31811, CVE-2021-31812) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-watson-explorer-is-affected-by-apache-pdfbox-vulnerabilities-cve-2021-27807-cve-2021-27906-cve-2021-31811-cve-2021-31812/
∗∗∗ Security Bulletin: Vulnerability in jackson-databind affects Cloud Pak System (CVE-2020-25649) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-databind-affects-cloud-pak-system-cve-2020-25649/
∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in node.js and OpenSSL (CVE-2021-23840, CVE-2021-22884, CVE-2021-22883) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-node-js-and-openssl-cve-2021-23840-cve-2021-22884-cve-2021-22883/
∗∗∗ Vulnerabilities in CODESYS V2 runtime systems ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-670099.html
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list