[CERT-daily] Tageszusammenfassung - 22.07.2021

Daily end-of-shift report team at cert.at
Thu Jul 22 18:15:29 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 21-07-2021 18:00 − Donnerstag 22-07-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Cisco: Wichtiges Sicherheitsupdate für Intersight Virtual Appliance verfügbar ∗∗∗
---------------------------------------------
Für die virtuelle Cisco Intersight-Appliance, aber auch für weitere Produkte des Netzwerkausrüsters stehen sicherheitsrelevante Aktualisierungen bereit.
---------------------------------------------
https://heise.de/-6144993


∗∗∗ HP, Samsung & Xerox: Lücke in Windows-Druckertreibern gefixt – nach 16 Jahren ∗∗∗
---------------------------------------------
Wer die seit Mitte Mai verfügbaren Druckertreiber-Updates noch nicht installiert hat, sollte dies zügig nachholen: Angreifer könnten Systeme übernehmen.
---------------------------------------------
https://heise.de/-6145114


∗∗∗ Recovery Scams: Weitere Schäden statt Geld zurück! ∗∗∗
---------------------------------------------
Wer Opfer einer betrügerischen Investitionsplattform wird, erleidet mitunter beträchtlichen finanziellen Schaden. Damit nicht genug, folgen wenig später E-Mails oder Anrufe der Kriminellen, die hinter dem Investitionsbetrug steckten. Diesmal geben sie sich jedoch nicht als InvestmentberaterInnen aus, sondern Schlüpfen in eine andere Rolle: Gegen Vorabzahlung versprechen sie Hilfe beim Zurückholen des verlorenen Geldes.
---------------------------------------------
https://www.watchlist-internet.at/news/recovery-scams-weitere-schaeden-statt-geld-zurueck/


∗∗∗ MITRE updates list of top 25 most dangerous software bugs ∗∗∗
---------------------------------------------
MITRE has shared this years top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mitre-updates-list-of-top-25-most-dangerous-software-bugs/


∗∗∗ Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug ∗∗∗
---------------------------------------------
A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems.
---------------------------------------------
https://threatpost.com/win-10-serioussam/168034/


∗∗∗ Compromising a Network Using an "Info" Level Finding ∗∗∗
---------------------------------------------
Anyone who has ever read a vulnerability scan report will know that scanners often include a large number of findings they classify as "Info". Typically this is meant to convey general information about the target systems which does not pose any risk.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/compromising-a-network-using-an-info-level-finding/


∗∗∗ Vulnerable Plugin Exploited in Spam Redirect Campaign ∗∗∗
---------------------------------------------
Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we have been seeing the infections start. This plugin has over 400,000 installations so we have seen a sustained campaign to infect sites with this plugin installed. In this post I will review a common infection seen as a result of this vulnerability in the wp-user-avatar plugin.
---------------------------------------------
https://blog.sucuri.net/2021/07/vulnerable-plugin-exploited-in-spam-redirect-campaign.html


∗∗∗ Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws ∗∗∗
---------------------------------------------
Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services thats remotely exploitable without authentication. It's worth noting that the weakness was originally addressed as part of an out-of-band security update in June 2019.
---------------------------------------------
https://thehackernews.com/2021/07/oracle-warns-of-critical-remotely.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (pillow and redis), Fedora (kernel-headers, kernel-tools, kernelshark, libbpf, libtraceevent, libtracefs, nextcloud, and trace-cmd), Gentoo (chromium and singularity), Mageia (kernel, kernel-linus, and systemd), openSUSE (caribou, chromium, curl, and qemu), Oracle (java-1.8.0-openjdk, java-11-openjdk, kernel, and systemd), Slackware (curl), SUSE (curl, kernel, linuxptp, python-pip, and qemu), and Ubuntu (ruby2.3, ruby2.5, ruby2.7).
---------------------------------------------
https://lwn.net/Articles/863997/


∗∗∗ Atlassian Patches Critical Vulnerability in Jira Data Center Products ∗∗∗
---------------------------------------------
Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products.
---------------------------------------------
https://www.securityweek.com/atlassian-patches-critical-vulnerability-jira-data-center-products


∗∗∗ IDEMIA fixed biometric identification devices vulnerabilities discovered by Positive Technologies ∗∗∗
---------------------------------------------
https://www.ptsecurity.com/ww-en/about/news/idemia-fixed-biometric-identification-devices-vulnerabilities-discovered-by-positive-technologies


∗∗∗ July 22, 2021   TNS-2021-14   [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2021-14


∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0793


∗∗∗ cURL: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0797


∗∗∗ MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24, mymbCONNECT24 <= 2.8.0 ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2021-031


∗∗∗ MB connect line: two vulnerabilities in mymbCONNECT24, mbCONNECT24 <= 2.8.0 ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2021-030


∗∗∗ MB connect line: Privilege escalation in mbDIALUP <= 3.9R0.0 ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2021-017


∗∗∗ ZDI-21-893: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-893/


∗∗∗ ZDI-21-892: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-892/


∗∗∗ ZDI-21-891: (0Day) Apple macOS ImageIO TIFF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-891/


∗∗∗ ZDI-21-890: (0Day) Apple macOS AudioToolboxCore LOAS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-890/


∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK (April 2021) affects IBM InfoSphere Information Server (CVE-2021-2161) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-april-2021-affects-ibm-infosphere-information-server-cve-2021-2161/


∗∗∗ Security Bulletin: Addressing the Sqlite Vulnerability CVE-2021-20227 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-addressing-the-sqlite-vulnerability-cve-2021-20227/


∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-11/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL injection ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-sql-injection-2/


∗∗∗ Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Directory Server (CVE-2020-5258) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-security-directory-server-cve-2020-5258/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list