[CERT-daily] Tageszusammenfassung - 08.06.2021

Daily end-of-shift report team at cert.at
Tue Jun 8 18:27:23 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 07-06-2021 18:00 − Dienstag 08-06-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Microsoft Office MSGraph vulnerability could lead to code execution ∗∗∗
---------------------------------------------
Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-office-msgraph-vulnerability-could-lead-to-code-execution/


∗∗∗ Picture this: Malware Hides in Steam Profile Images ∗∗∗
---------------------------------------------
SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam. The developers seem to have a few more ambitious goals.
---------------------------------------------
https://www.gdatasoftware.com/blog/steamhide-malware-in-profile-images


∗∗∗ Sicherheitslücke FragAttacks: FritzOS-Updates für alte Fritzboxen ∗∗∗
---------------------------------------------
Der Mittelklasse-Router Fritzbox 3490 aus dem Jahr 2014 bekommt das aktuelle FritzOS 7.27 spendiert. Weitere Altmodelle könnten folgen.
---------------------------------------------
https://heise.de/-6065367


∗∗∗ Patchday Android: Kritische System- und Qualcomm-Lücken geschlossen ∗∗∗
---------------------------------------------
Angreifer könnten Android-Geräte attackieren und unter anderem Informationen leaken oder sogar Schadcode ausführen.
---------------------------------------------
https://heise.de/-6064923


∗∗∗ Organizations Warned About DoS Flaws in Popular Open Source Message Brokers ∗∗∗
---------------------------------------------
Organizations have been warned about denial of service (DoS) vulnerabilities found in RabbitMQ, EMQ X and VerneMQ, three widely used open source message brokers.
---------------------------------------------
https://www.securityweek.com/organizations-warned-about-dos-flaws-popular-open-source-message-brokers


∗∗∗ Vorsicht vor Werbung unseriöser Online-Shops! ∗∗∗
---------------------------------------------
Egal ob Facebook, Instagram, Tiktok oder Google: All diese Plattformen sind für Unternehmen attraktive Kanäle, um ihre Werbung zu platzieren. Das gilt allerdings nicht nur für seriöse, sondern auch für unseriöse Unternehmen. Immer wieder melden LeserInnen der Watchlist Internet, dass sie durch Werbeeinschaltungen auf einen problematischen Online-Shop gestoßen sind. Eine aktuelle Untersuchung der Arbeiterkammer Wien in Zusammenarbeit mit der Watchlist Internet [...]
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-werbung-unserioeser-online-shops/


∗∗∗ TeamTNT Using WatchDog TTPs to Expand Its Cryptojacking Footprint ∗∗∗
---------------------------------------------
We have identified indicators traditionally pointing to WatchDog operations being used by the TeamTNT cryptojacking group.
---------------------------------------------
https://unit42.paloaltonetworks.com/teamtnt-cryptojacking-watchdog-operations/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Wago: Updates fixen gefährliche Lücken in industriellen Steuerungssystemen ∗∗∗
---------------------------------------------
Seit Mai veröffentlicht Wago nach und nach wichtige Firmware-Updates gegen kritische Lücken in speicherprogrammierbaren Steuerungen (PLC) der Serie 750.
---------------------------------------------
https://heise.de/-6065199


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (nginx), Fedora (musl), Mageia (dnsmasq, firefox, graphviz, libebml, libpano13, librsvg, libxml2, lz4, mpv, tar, and vlc), openSUSE (csync2, python-py, and snakeyaml), Oracle (qemu), Red Hat (container-tools:2.0, kernel, kpatch-patch, nettle, nginx:1.16, and rh-nginx116-nginx), Slackware (httpd and polkit), SUSE (389-ds, gstreamer-plugins-bad, shim, and snakeyaml), and Ubuntu (gnome-autoar and isc-dhcp).
---------------------------------------------
https://lwn.net/Articles/858644/


∗∗∗ SAP Patchday Juni ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0616


∗∗∗ Citrix Cloud Connector Security Update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX316690


∗∗∗ Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX297155


∗∗∗ SSA-133038: Multiple Modfem File Parsing Vulnerabilities in Simcenter Femap ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-133038.txt


∗∗∗ SSA-200951: Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-200951.txt


∗∗∗ SSA-208356: DFT File Parsing Vulnerabilities in Solid Edge ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-208356.txt


∗∗∗ SSA-211752: Multiple NTP-Client Related Vulnerabilities in SIMATIC NET CP 443-1 OPC ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-211752.txt


∗∗∗ SSA-419820: Denial-of-Service Vulnerability in TIM 1531 IRC ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-419820.txt


∗∗∗ SSA-522654: Privilege Escalation Vulnerability in Mendix SAML Module ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-522654.txt


∗∗∗ SSA-645530: TIFF File Parsing Vulnerability in JT2Go and Teamcenter Visualization ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-645530.txt
---------------------------------------------
https://new.siemens.com/global/en/products/services/cert.html


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-19/


∗∗∗ Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Oracle MySQL ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-oracle-mysql/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-cve-2020-25705-cve-2020-28374/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Privilege Escalation vulnerability (CVE-2020-4952) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-privilege-escalation-vulnerability-cve-2020-4952-3/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-18/


∗∗∗ Security Bulletin: IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-applications-4-3-nodejs-and-nodejs-express-appsody-stacks-is-vulnerable-to-information-disclosure-buffer-overflow-and-prototype-pollution-exposures/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Oracle MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-oracle-mysql-vulnerabilities/


∗∗∗ Security Bulletin: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-se-related-to-the-libraries-component-could-allow-an-unauthenticated-attacker/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list