[CERT-daily] Tageszusammenfassung - 07.06.2021

Daily end-of-shift report team at cert.at
Mon Jun 7 18:17:54 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 04-06-2021 18:00 − Montag 07-06-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Jetzt patchen! Angreifer attackieren VMware vCenter Server ∗∗∗
---------------------------------------------
Sicherheitsforscher warnen davor, dass Angreifer es auf eine kritische Lücke in vCenter Server abgesehen haben.
---------------------------------------------
https://heise.de/-6063523


∗∗∗ Exploit für kritische Lücke in Rocket.Chat veröffentlicht ∗∗∗
---------------------------------------------
Wer die im Mai geschlossene kritische Lücke in Rocket.Chat noch nicht gefixt hat, sollte das schleunigst nachholen.
---------------------------------------------
https://heise.de/-6063795


∗∗∗ Malware family naming hell is our own fault ∗∗∗
---------------------------------------------
EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The way we name malware does not work. Why does it happen and how can we solve it?
---------------------------------------------
https://www.gdatasoftware.com/blog/malware-family-naming-hell


∗∗∗ Gootkit: the cautious Trojan ∗∗∗
---------------------------------------------
Gootkit is complex multi-stage banking malware capable of stealing data from the browser, performing man-in-the-browser attacks, keylogging, taking screenshots and lots of other malicious actions. Its loader performs various virtual machine and sandbox checks and uses sophisticated persistence algorithms.
---------------------------------------------
https://securelist.com/gootkit-the-cautious-trojan/102731/


∗∗∗ OSX/Hydromac ∗∗∗
---------------------------------------------
In this guest blog post, the security researcher Taha Karim of ConfiantIntel, dives into a new macOS adware specimen: Hydromac.
---------------------------------------------
https://objective-see.com/blog/blog_0x65.html


∗∗∗ WordPress Redirect Hack via Test0.com/Default7.com ∗∗∗
---------------------------------------------
Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or a commercial site that buys traffic from cyber criminals (e.g. counterfeit drugs or replica merchandise). Types of Malicious Redirects There are two major types of malicious redirects: server-side redirects and client-side redirects.
---------------------------------------------
https://blog.sucuri.net/2021/06/wordpress-redirect-hack-via-test0-com-default7-com.html


∗∗∗ Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments ∗∗∗
---------------------------------------------
The main purpose of Siloscape is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers.
---------------------------------------------
https://unit42.paloaltonetworks.com/siloscape/


∗∗∗ This phishing email is pushing password-stealing malware to Windows PCs ∗∗∗
---------------------------------------------
An old form of trojan malware has been updated with new abilities, warn cybersecurity researchers.
---------------------------------------------
https://www.zdnet.com/article/this-phishing-email-is-pushing-password-stealing-malware-to-windows-pcs/


∗∗∗ Hacking space: How to pwn a satellite ∗∗∗
---------------------------------------------
Hacking an orbiting satellite is not light years away - here’s how things can go wrong in outer space
---------------------------------------------
https://www.welivesecurity.com/2021/06/07/hacking-space-how-pwn-satellite/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libwebp, python-django, ruby-nokogiri, and thunderbird), Fedora (dhcp, polkit, transfig, and wireshark), openSUSE (chromium, inn, kernel, redis, and umoci), Oracle (pki-core:10.6), Red Hat (libwebp, nginx:1.18, rh-nginx118-nginx, and thunderbird), SUSE (gstreamer-plugins-bad), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle).
---------------------------------------------
https://lwn.net/Articles/858561/


∗∗∗ Microsoft Edge: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0612


∗∗∗ Apache HTTP Server: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0611


∗∗∗ QNAP NAS: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0613


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-24/


∗∗∗ Security Bulletin: cURL libcurl vulnerabilites impacting Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint 4.0 and earlier (CVE-2020-8284, CVE-2020-8286, CVE-2020-8285) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-4-0-and-earlier-cve-2020-8284-cve-2020-8286-cve-2020-8285/


∗∗∗ Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0 and earlier (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2021-23839-cve-2021-23840-cve-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities may affect JRE in IBM DataPower Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-jre-in-ibm-datapower-gateway/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect the IBM Elastic Storage Server GUI ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-elastic-storage-server-gui/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-12/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-5/


∗∗∗ Security Bulletin: IBM DataPower Gateway vulnerable to a DoS attack ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-a-dos-attack/


∗∗∗ Security Bulletin: OpenSSL vulnerability impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0, and earlier (CVE-2020-1971) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-1971/


∗∗∗ Security Bulletin: IBM DataPower Gateway GUI permits use of GET ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-gui-permits-use-of-get/


∗∗∗ Security Bulletin: WebSphere Application Server ND is vulnerable to Directory Traversal vulnerability (CVE-2021-20517) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-nd-is-vulnerable-to-directory-traversal-vulnerability-cve-2021-20517/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list