[CERT-daily] Tageszusammenfassung - 23.07.2021

Daily end-of-shift report team at cert.at
Fri Jul 23 18:16:07 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 22-07-2021 18:00 − Freitag 23-07-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Nach Lieferkettenangriff: Kaseya will Daten retten dank Entschlüsselungs-Tool ∗∗∗
---------------------------------------------
Fast drei Wochen nach dem verheerenden LIeferkettenangriff auf Kunden von Kaseya gibt es Hoffnung für die Opfer. Die US-Firma hat einen Generalschlüssel.
---------------------------------------------
https://heise.de/-6145950


∗∗∗ The NSO “Surveillance List”: What It Is and Isn’t ∗∗∗
---------------------------------------------
A series of blockbuster stories published this week around a leaked list of 50,000 phone numbers have created confusion about whether the owners of those numbers were targets of surveillance or not.
---------------------------------------------
https://zetter.substack.com/p/the-nso-surveillance-list-what-it


∗∗∗ Phish Swims Past Email Security With Milanote Pages ∗∗∗
---------------------------------------------
The “Evernote for creatives” is anchoring a rapidly spiking phishing campaign, evading SEGs with ease.
---------------------------------------------
https://threatpost.com/phish-email-security-milanote/168021/


∗∗∗ When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure ∗∗∗
---------------------------------------------
LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/


∗∗∗ Uncovering Shenanigans in an IP Address Block via Hurricane Electrics BGP Toolkit (II), (Fri, Jul 23rd) ∗∗∗
---------------------------------------------
Today's diary revisits hunting for dodgy domains via Hurricane Electric's BGP Toolkit [1]. This was previously done in an earlier diary [2], and I plan to do this occasionally to share potential or identified threats so that readers can be aware of them.
---------------------------------------------
https://isc.sans.edu/diary/rss/27664


∗∗∗ Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software ∗∗∗
---------------------------------------------
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics."
---------------------------------------------
https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html


∗∗∗ Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code ∗∗∗
---------------------------------------------
After more than 20 years in the making, now its official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies.
---------------------------------------------
https://thehackernews.com/2021/07/wake-up-identify-api-vulnerabilities.html


∗∗∗ This Week in Security: NSO, Print Spooler, and a Mysterious Decryptor ∗∗∗
---------------------------------------------
The NSO Group has been in the news again recently, with multiple stories reporting on their Pegasus spyware product. The research and reporting spearheaded by Amnesty International is collectively known [...]
---------------------------------------------
https://hackaday.com/2021/07/23/this-week-in-security-nso-print-spooler-and-a-mysterious-decryptor/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute [...]
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-xss-yvE6L8Zq


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, curl, impacket, jdk11-openjdk, jre-openjdk, jre-openjdk-headless, jre11-openjdk-headless, kernel, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, libpano13, linux-hardened, linux-lts, linux-zen, nvidia-utils, opera, systemd, and virtualbox), CentOS (java-11-openjdk and kernel), Debian (lemonldap-ng), Fedora (curl and podman), Gentoo (icedtea-web and velocity), openSUSE (bluez, go1.15, go1.16, [...]
---------------------------------------------
https://lwn.net/Articles/864158/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2021-0004 ∗∗∗
---------------------------------------------
Date Reported: July 23, 2021   Advisory ID: WSA-2021-0004   CVE identifiers: CVE-2021-1817, CVE-2021-1820,CVE-2021-1825, CVE-2021-1826,CVE-2021-21775, CVE-2021-21779,CVE-2021-21806, CVE-2021-30661,CVE-2021-30663, CVE-2021-30665,CVE-2021-30666, CVE-2021-30682,CVE-2021-30689, CVE-2021-30720,CVE-2021-30734, CVE-2021-30744,CVE-2021-30749, CVE-2021-30758,CVE-2021-30761, CVE-2021-30762,CVE-2021-30795, CVE-2021-30797,CVE-2021-30799. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
---------------------------------------------
https://webkitgtk.org/security/WSA-2021-0004.html


∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Smartphones ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210721-01-phones-en


∗∗∗ Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-supplier-lifecycle-management/


∗∗∗ Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise v11 are affected by vulnerabilities in Node.js (CVE-2021-3450, CVE-2021-3449) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-3450-cve-2021-3449-2/


∗∗∗ Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-2207) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-2207/


∗∗∗ Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2207) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-contract-management-cve-2021-2207/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-2/


∗∗∗ Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-2207) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-2207/


∗∗∗ Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Sourcing (CVE-2021-2207) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-2207/


∗∗∗ Microsoft Chrome Based Edge: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0800


∗∗∗ Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0799

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list