[CERT-daily] Tageszusammenfassung - 21.06.2021
Daily end-of-shift report
team at cert.at
Mon Jun 21 18:13:51 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 18-06-2021 18:00 − Montag 21-06-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Easy Access to the NIST RDS Database, (Sat, Jun 19th) ∗∗∗
---------------------------------------------
When you're facing some suspicious files while performing forensic investigations or analyzing malware components, it's always interesting to know these files are legit or malicious/modified. One of the key sources to verify hashes is provided by NIST and is called the NSLR project ("National Software Reference Library"). [...] CIRCL, the Luxembourg CERT, has a good reputation to offer/participate in services like MISP, a passive DNS service, etc. They are now offering an API to query the NIST RDS via HTTP or DNS requests!
---------------------------------------------
https://isc.sans.edu/diary/rss/27544
∗∗∗ 5 Critical Steps to Recovering From a Ransomware Attack ∗∗∗
---------------------------------------------
Businesses must prepare for the possibility of a ransomware attack affecting their data, services, and business continuity. What steps are involved in recovering from a ransomware attack?
---------------------------------------------
https://thehackernews.com/2021/06/5-critical-steps-to-recovering-from.html
∗∗∗ ∗∗∗ In eigener Sache: CERT.at sucht Verstärkung: IT-Security Analyst/Analystin (m/w/d - Vollzeit - Wien) ∗∗∗ ∗∗∗
---------------------------------------------
Zur Verstärkung unseres Analysis-Teams suchen wir nach einem/einer IT-Security Analysten/Analystin.
---------------------------------------------
https://cert.at/de/ueber-uns/jobs/
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4932 tor - security update ∗∗∗
---------------------------------------------
Multiple security vulnerabilities were discovered in Tor, aconnection-based low-latency anonymous communication system, whichcould result in denial of service or spoofing.
---------------------------------------------
https://www.debian.org/security/2021/dsa-4932
∗∗∗ Autodesk schließt Schadcode-Schlupflöcher in AutoCAD-Anwendungen ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für verschiedene Produkte der AutoCAD-Familie.
---------------------------------------------
https://heise.de/-6112990
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (connman, go, and grub), Debian (nettle, prosody, and tor), Fedora (iaito, mingw-ilmbase, mingw-openexr, mingw-python-urllib3, mosquitto, nettle, polkit, and radare2), Mageia (puddletag, python-babel, python-eventlet, and python-pikepdf), openSUSE (htmldoc), SUSE (go1.15, go1.16, gupnp, and libgcrypt), and Ubuntu (apache2 and dovecot).
---------------------------------------------
https://lwn.net/Articles/860418/
∗∗∗ CVE-2021-3609: Race condition in net/can/bcm.c leads to local privilege escalation ∗∗∗
---------------------------------------------
this is an announcement for the recently reported bug (CVE-2021-3609) in the CAN BCM networking protocol in the Linux kernel ranging from version 2.6.25 to mainline 5.13-rc6. The vulnerability is a race condition in net/can/bcm.c allowing for local privilege escalation to root.
---------------------------------------------
https://seclists.org/oss-sec/2021/q2/225
∗∗∗ SYSS-2021-032: Admin Columns Free & Pro – Persistent Cross-Site Scripting (XSS) in Custom Field (CVE-2021-24365) ∗∗∗
---------------------------------------------
Das WordPress-Plug-in “Admin Columns” ermöglicht bis Version 5.5.1 (Pro) bzw. 4.3 (Free) Persistent Cross-Site Scripting (XSS)-Angriffe.
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-032-admin-columns-free-pro-persistent-cross-site-scripting-xss-in-custom-field-cve-2021-24365
∗∗∗ Security Advisory - Deserialization Vulnerability in Huawei AnyOffice Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210619-01-injection-en
∗∗∗ Security Bulletin: RabbitMQ as used by IBM QRadar SIEM is vulnerable to unsafe deserialization (CVE-2020-36282) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rabbitmq-as-used-by-ibm-qradar-siem-is-vulnerable-to-unsafe-deserialization-cve-2020-36282-2/
∗∗∗ Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js lodash vulnerability (CVE-2020-28500) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-lodash-vulnerability-cve-2020-28500/
∗∗∗ Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js lodash vulnerability (CVE-2021-23337) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-lodash-vulnerability-cve-2021-23337/
∗∗∗ Security Bulletin: WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2021-20492) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-java-batch-is-vulnerable-to-an-xml-external-entity-injection-xxe-vulnerability-cve-2021-20492-3/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list