[CERT-daily] Tageszusammenfassung - 26.07.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 23-07-2021 18:00 − Montag 26-07-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Windows-Netze verwundbar für Relay-Angriff PetitPotam ∗∗∗
---------------------------------------------
Forscher demonstrieren einen neuen Weg, sich zum König einer Windows-Domäne aufzuschwingen. Microsoft zuckt mit den Achseln und verweist auf Härtungsmaßnahmen.
---------------------------------------------
https://heise.de/-6147467


∗∗∗ GitLab schickt Package Hunter auf die Jagd nach Schadcode ∗∗∗
---------------------------------------------
Das neue Open-Source-Tool Package Hunter soll Schadcode in Dependencies erkennen können.
---------------------------------------------
https://heise.de/-6147526


∗∗∗ No More Ransom: We Prevented Ransomware Operators From Earning $1 Billion ∗∗∗
---------------------------------------------
No More Ransom is celebrating its 5th anniversary and the project says it has helped more than 6 million ransomware victims recover their files and prevented cybercriminals from earning roughly $1 billion.
No More Ransom is a joint effort of law enforcement and cybersecurity companies whose goal is to help victims of ransomware attacks recover their files without having to pay the ransom demanded by criminals.
---------------------------------------------
https://www.securityweek.com/no-more-ransom-we-prevented-ransomware-operators-earning-1-billion


∗∗∗ Microsoft warns of weeks-long malspam campaign abusing HTML smuggling ∗∗∗
---------------------------------------------
The Microsoft security team said it detected a weeks-long email spam campaign abusing a technique known as “HTML smuggling” to bypass email security systems and deliver malware to user devices.
HTML smugging, as explained by SecureTeam and Outflank, is a technique that allows threat actors to assemble malicious files on users’ device by clever use of HTML5 and JavaScript code.
---------------------------------------------
https://therecord.media/microsoft-warns-of-weeks-long-malspam-campaign-abusing-html-smuggling/


∗∗∗ RemotePotato0: Privilege Escalation-Schwachstelle im Windows RPC Protocol ∗∗∗
---------------------------------------------
Jedes Windows-System ist anfällig für eine bestimmte NTLM-Relay-Attacke, die es Angreifern ermöglichen könnte, die Privilegien vom Benutzer zum Domain-Admin zu erweitern. Diese Schwachstelle besitzt den Status „wird nicht behoben“ und war Gegenstand des PetitPotam-Ansatzes, den ich am Wochenende thematisiert hatte. Nun hat Antonio Cocomazzi  auf die RemotePotato0 genannte Schwachstelle hingewiesen. Diese verwendet das Windows RPC Protocol für eine Privilegien-Ausweitung.
---------------------------------------------
https://www.borncity.com/blog/2021/07/26/remotepotato0-privilege-escalation-schwachstelle-im-windows-rpc-protocol/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Collabora Online: Update schützt vor unbefugten Dateizugriffen aus der Ferne ∗∗∗
---------------------------------------------
Das Collabora Online-Team rät zur Aktualisierung der Online-Officeanwendung, um eine als "kritisch" eingestufte Remote-Angriffsmöglichkeit zu beseitigen.
---------------------------------------------
https://heise.de/-6147967


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (aspell, intel-microcode, krb5, rabbitmq-server, and ruby-actionpack-page-caching), Fedora (chromium, containernetworking-plugins, containers-common, crun, fossil, podman, skopeo, varnish-modules, and vmod-uuid), Gentoo (leptonica, libsdl2, and libyang), Mageia (golang, lib3mf, nodejs, python-pip, redis, and xstream), openSUSE (containerd, crmsh, curl, icinga2, and systemd), Oracle (containerd), and Red Hat (thunderbird).
---------------------------------------------
https://lwn.net/Articles/864346/


∗∗∗ OTRS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in OTRS ausnutzen, um Sicherheitsvorkehrungen zu umgehen und einen Cross-Site-Scripting-Angriff durchzuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0805


∗∗∗ Security Bulletin: FasterXML Vulnerability in Jackson-Databind Affects IBM Sterling Connect:Direct File Agent (CVE-2018-7489) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-fasterxml-vulnerability-in-jackson-databind-affects-ibm-sterling-connectdirect-file-agent-cve-2018-7489/


∗∗∗ Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Sterling Connect:Direct File Agent (CVE-2020-1953) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-configuration-vulnerability-affects-ibm-sterling-connectdirect-file-agent-cve-2020-1953/


∗∗∗ Security Bulletin: IBM i2 Analyze missing security header (CVE-2021-29769) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-missing-security-header-cve-2021-29769/


∗∗∗ Security Bulletin: IBM i2 Analyze and i2 Analyst's Notebook Premium has session handling vulnerability (CVE-2021-20431) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-and-i2-analysts-notebook-premium-has-session-handling-vulnerability-cve-2021-20431/


∗∗∗ Security Bulletin: Apache PDFBox as used by IBM QRadar Incident Forensics is vulnerable to denial of service (CVE-2021-27807, CVE-2021-27906) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-pdfbox-as-used-by-ibm-qradar-incident-forensics-is-vulnerable-to-denial-of-service-cve-2021-27807-cve-2021-27906/


∗∗∗ Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29767) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-premium-has-an-information-disclosure-vulnerability-cve-2021-29767/


∗∗∗ Security Bulletin: IBM i2 iBase vulnerable to DLL highjacking (CVE-2020-4623) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-ibase-vulnerable-to-dll-highjacking-cve-2020-4623/


∗∗∗ Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29784) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-premium-has-an-information-disclosure-vulnerability-cve-2021-29784/


∗∗∗ Security Bulletin: IBM QRadar SIEM uses weaker than expected cryptographic algorithms (CVE-2021-20337) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-uses-weaker-than-expected-cryptographic-algorithms-cve-2021-20337/


∗∗∗ Security Bulletin: IBM i2 Analyze has an information disclosure vulnerability (CVE-2021-20430) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-has-an-information-disclosure-vulnerability-cve-2021-20430/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily