[CERT-daily] Tageszusammenfassung - 02.06.2021
Daily end-of-shift report
team at cert.at
Wed Jun 2 18:16:49 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 01-06-2021 18:00 − Mittwoch 02-06-2021 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Producing a trustworthy x86-based Linux appliance ∗∗∗
---------------------------------------------
Lets say youre building some form of appliance on top of general purpose x86 hardware. You want to be able to verify the software its running hasnt been tampered with. Whats the best approach with existing technology?
---------------------------------------------
https://mjg59.dreamwidth.org/57199.html
∗∗∗ Cobalt Strike, a penetration testing tool abused by criminals ∗∗∗
---------------------------------------------
Cobalt Strike is a pen-testing tool that often ends up in the hands of cybercriminals. Are we providing them with the tools to attack us?
...
If you were to compose a list of tools and software developed by security and privacy defenders that ended up being abused by the bad guys, then Cobalt Strike would unfortunately be near the top of the list. Maybe only Metasploit could give it a run for the first place ranking.
---------------------------------------------
https://blog.malwarebytes.com/researchers-corner/2021/06/cobalt-strike-a-penetration-testing-tool-popular-among-criminals/
∗∗∗ Jugendliche im Visier von Online‑Betrügern: 5 gängige Tricks ∗∗∗
---------------------------------------------
Von gefälschten Designerprodukten bis hin zu verlockenden Jobangeboten – wir stellen fünf verbreitete Betrugsmethoden vor, mit denen Kriminelle es auf Geld und Daten von Teenagern abgesehen haben
---------------------------------------------
https://www.welivesecurity.com/deutsch/2021/06/01/jugendliche-im-visier-von-online-betruegern/
∗∗∗ Webseiten-BetreiberInnen aufgepasst: TM Österreich versendet betrügerische Mail! ∗∗∗
---------------------------------------------
Webseiten-BetreiberInnen melden uns ein betrügerisches E-Mail der TM Österreich. Dort wird behauptet, dass jemand Ihre Domain mit einer anderen Endung registrieren möchte. TM Österreich bietet Ihnen an, diese zusätzliche Domain zu registrieren, um so Probleme wie Umsatzeinbußen oder Imageschäden zu vermeiden. Vorsicht: TM Österreich ist Fake. Nehmen Sie daher das Angebot auf keinen Fall an!
---------------------------------------------
https://www.watchlist-internet.at/news/webseiten-betreiberinnen-aufgepasst-tm-oesterreich-versendet-betruegerische-mail/
∗∗∗ Shodan Verified Vulns 2021-06-01 ∗∗∗
---------------------------------------------
Mit Stand 2021-06-01 boten unsere Shodan-Daten folgendes Bild der Schwachstellen in Österreich: Wie zu erwarten war, ist die Anzahl der verwundbaren Microsoft Exchange Server (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) weiter zurückgegangen; laut unseren aktuellsten Scans ist die Zahl mittlerweile sogar unter 100.
---------------------------------------------
https://cert.at/de/aktuelles/2021/6/shodan-verified-vulns-2021-06-01
=====================
= Vulnerabilities =
=====================
∗∗∗ Revisiting Realtek – A New Set of Critical Wi-Fi Vulnerabilities Discovered by Automated Zero-Day Analysis ∗∗∗
---------------------------------------------
On February 3rd we responsibly disclosed six critical issues in the Realtek RTL8195A Wi-Fi module...
Following that successful detection and disclosure, we expanded our analysis to additional modules. This new analysis resulted in two new critical vulnerabilities discovered by scanning the modules in Vdoo’s product security platform, which contains a unique proprietary capability of detecting potential zero-days automatically. The new vulnerabilities werefixed by Realtek, following another responsible disclosure.
---------------------------------------------
https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day/
∗∗∗ Overview of F5 vulnerabilities (June 2021) ∗∗∗
---------------------------------------------
On June 1, 2021, F5 announced the following security issues.
High CVEs
* K08503505: BIG-IP Edge Client for Windows vulnerability CVE-2021-23022, CVSS score: 7.0 (High)
* K33757590: BIG-IP Edge Client for Windows vulnerability CVE-2021-23023, CVSS score: 7.0 (High)
Medium CVEs
* K06024431: BIG-IQ vulnerability CVE-2021-23024, CVSS score: 6.5 (Medium)
---------------------------------------------
https://support.f5.com/csp/article/K67501282
∗∗∗ Critical 0-day in Fancy Product Designer Under Active Attack ∗∗∗
---------------------------------------------
On May 31, 2021, the Wordfence Threat Intelligence team discovered a critical file upload vulnerability being actively exploited in Fancy Product Designer, a WordPress plugin installed on over 17,000 sites.
...
Due to this vulnerability being actively attacked, we are publicly disclosing with minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected.
---------------------------------------------
https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (squid), Fedora (dhcp), openSUSE (gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly and slurm), Oracle (glib2 and kernel), Red Hat (kernel, kernel-rt, perl, and tcpdump), Scientific Linux (glib2), SUSE (bind, dhcp, lz4, and shim), and Ubuntu (dnsmasq, lasso, and python-django).
---------------------------------------------
https://lwn.net/Articles/857978/
∗∗∗ Synology DiskStation Manager: Schwachstelle ermöglichen Codeausführung ∗∗∗
---------------------------------------------
CVE-2021-29088
Ein lokaler Angreifer kann eine Schwachstellen in Synology DiskStation Manager ausnutzen, um beliebigen Programmcode auszuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0596
∗∗∗ XSS vulnerability found in popular WYSIWYG website editor [Froala] ∗∗∗
---------------------------------------------
...the bug, tracked as CVE-2021-28114, impacts Froala version 3.2.6 and earlier. Froala is a lightweight What-You-See-Is-What-You-Get (WYSIWYG) HTML rich text editor for developers and content creators.
---------------------------------------------
https://www.zdnet.com/article/xss-vulnerability-found-in-popular-wysiwyg-website-editor/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4590) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4590/
∗∗∗ Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2021-22696) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-vulnerability-identified-in-ibm-tivoli-application-dependency-discovery-manager-cve-2021-22696/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-17006, CVE-2019-17023, CVE-2020-12403) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403/
∗∗∗ Security Bulletin: Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-4/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-11868, CVE-2020-13817) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-11868-cve-2020-13817/
∗∗∗ Security Bulletin: Embedded WebSphere Application Server is vulnerable to Server-side Request Forgery and affects Content Collector for Email ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-server-side-request-forgery-and-affects-content-collector-for-email/
∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache HttpComponents and HttpCommons affect embedded WebSphere Application Server, which affects Content Collector for Email ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-httpcomponents-and-httpcommons-affect-embedded-websphere-application-server-which-affects-content-collector-for-email/
∗∗∗ Security Bulletin: Embedded WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection attack and affects Content Collector for Email ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-attack-and-affects-content-collector-for-email-2/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-14579, CVE-2020-14578, CVE-2020-14577) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-14579-cve-2020-14578-cve-2020-14577/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-14782) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-14782/
∗∗∗ Hillrom Medical Device Management ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list