[CERT-daily] Tageszusammenfassung - 27.07.2021
Daily end-of-shift report
team at cert.at
Tue Jul 27 18:08:16 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Montag 26-07-2021 18:00 − Dienstag 27-07-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Failed Malspam: Recovering The Password, (Mon, Jul 26th) ∗∗∗
---------------------------------------------
Jan's diary entry "One way to fail at malspam - give recipients the wrong password for an encrypted attachment" got my attention: it's an opportunity for me to do some password cracking.
---------------------------------------------
https://isc.sans.edu/diary/rss/27674
∗∗∗ Hiding Malware in ML Models ∗∗∗
---------------------------------------------
“EvilModel: Hiding Malware Inside of Neural Network Models”.
---------------------------------------------
https://www.schneier.com/blog/archives/2021/07/hiding-malware-in-ml-models.html
∗∗∗ OSX.XLoader hides little except its main purpose: What we learned in the installation process ∗∗∗
---------------------------------------------
We dig into OSX.XLoader, also known as X Loader, which is the latest threat to macOS that bears some similarities to novice malware.
---------------------------------------------
https://blog.malwarebytes.com/mac/2021/07/osx-xloader-hides-little-except-its-main-purpose-what-we-learned-in-the-installation-process/
∗∗∗ Malware developers turn to exotic programming languages to thwart researchers ∗∗∗
---------------------------------------------
They are focused on exploiting pain points in code analysis and reverse-engineering.
---------------------------------------------
https://www.zdnet.com/article/malware-developers-turn-to-exotic-programming-languages-to-thwart-researchers/
∗∗∗ Wie MSPs am besten mit der Ransomware-Krise umgehen können ∗∗∗
---------------------------------------------
Managed Service Provider (MSPs) spielen eine kritische Rolle im Kampf gegen Schadsoftware. Allerdings traf die Ransomware-Attacke auf Kaseya dutzende von MSPs mit voller Wucht und dadurch mittelbar auch deren Kunden.
---------------------------------------------
https://www.zdnet.de/88395971/wie-msps-am-besten-mit-der-ransomware-krise-umgehen-koennen/
∗∗∗ Praying Mantis APT targets IIS servers with ASP.NET exploits ∗∗∗
---------------------------------------------
A new advanced persistent threat (APT) group has been seen carrying out attacks against Microsoft IIS web servers using old exploits in ASP.NET applications in order to plant a backdoor and then pivot to companys internal networks.
---------------------------------------------
https://therecord.media/praying-mantis-apt-targets-iis-servers-with-asp-net-exploits/
=====================
= Vulnerabilities =
=====================
∗∗∗ Apple fixes zero-day affecting iPhones and Macs, exploited in the wild ∗∗∗
---------------------------------------------
Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs.
---------------------------------------------
https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-day-affecting-iphones-and-macs-exploited-in-the-wild/
∗∗∗ Researchers warn of unpatched Kaseya Unitrends backup vulnerabilities ∗∗∗
---------------------------------------------
Security researchers warn of new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/researchers-warn-of-unpatched-kaseya-unitrends-backup-vulnerabilities/
∗∗∗ Moodle: Neue Versionen beseitigen Remote-Angriffsmöglichkeit via Shibboleth ∗∗∗
---------------------------------------------
Mehrere Versionen der Lernplattform sind, allerdings nur bei aktivierter Shibboleth-Authentifizierung, aus der Ferne angreifbar. Updates stehen bereit.
---------------------------------------------
https://heise.de/-6148879
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (drupal7), Fedora (linux-firmware), openSUSE (qemu), Oracle (kernel and thunderbird), Red Hat (thunderbird), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird), SUSE (dbus-1, libvirt, linuxptp, qemu, and slurm), and Ubuntu (aspell and mysql-5.7, mysql-8.0).
---------------------------------------------
https://lwn.net/Articles/864439/
∗∗∗ Vulnerabilities Allow Hacking of Zimbra Webmail Servers With Single Email ∗∗∗
---------------------------------------------
Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization’s sent and received email messages, software security firm SonarSource reveals.
---------------------------------------------
https://www.securityweek.com/vulnerabilities-allow-hacking-zimbra-webmail-servers-single-email
∗∗∗ Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-golang-go-affects-ibm-cloud-pak-for-multicloud-management-managed-services/
∗∗∗ Security Bulletin: XSS Security Vulnerabilty Affects Mailbox UI of IBM Sterling B2B Integrator (CVE-2021-20562) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-xss-security-vulnerabilty-affects-mailbox-ui-of-ibm-sterling-b2b-integrator-cve-2021-20562/
∗∗∗ Security Bulletin: A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-ruby-on-rails-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management/
∗∗∗ Security Bulletin: GRUB2 as used by IBM QRadar SIEM is vulnerable to arbitrary code execution ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-grub2-as-used-by-ibm-qradar-siem-is-vulnerable-to-arbitrary-code-execution/
∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2021-20399) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-an-xml-external-entity-injection-xxe-attack-cve-2021-20399/
∗∗∗ MIT Kerberos: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0809
∗∗∗ VLC: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0807
∗∗∗ Foxit Reader: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0812
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list