[CERT-daily] Tageszusammenfassung - 22.06.2021

Daily end-of-shift report team at cert.at
Tue Jun 22 18:15:15 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 21-06-2021 18:00 − Dienstag 22-06-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Darkside RaaS in Linux version ∗∗∗
---------------------------------------------
Unlike the Windows version of the malware that targets any Windows endpoint, Darkside Linux version is mostly targeting ESXi servers. Its default configuration includes the root path of ESX server machines.  Targeted extensions are 'vmdk', 'log', 'vmem', 'vmsn' that are used in ESX servers for saving virtual machines information, data, and logs.
---------------------------------------------
https://cybersecurity.att.com/blogs/labs-research/darkside-raas-in-linux-version


∗∗∗ Wormable DarkRadiation Ransomware Targets Linux and Docker Instances ∗∗∗
---------------------------------------------
Cybersecurity researchers have disclosed a new ransomware strain called "DarkRadiation" thats implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. "The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers from Trend Micro said [..]
---------------------------------------------
https://thehackernews.com/2021/06/wormable-darkradiation-ransomware.html


∗∗∗ Paketmanager: Kryptomining-Schadcode auf PyPI zielt auf Data-Science-Projekte ∗∗∗
---------------------------------------------
Mit Namen wie mplatlib setzen die Pakete auf Verwechslung zu matplotlib. Sie laden ein Bash-Skript herunter, das versucht einen Kryptominer zu installieren.
---------------------------------------------
https://heise.de/-6113470


∗∗∗ Shadow Credentials: Abusing Key Trust Account Mapping for Takeover ∗∗∗
---------------------------------------------
The techniques for DACL-based attacks against User and Computer objects in Active Directory have been established for years. [..] These techniques have their shortcomings [..]
Tl;dr: It is possible to add “Key Credentials” to the attribute msDS-KeyCredentialLink of the target user/computer object and then perform Kerberos authentication as that account using PKINIT.
In plain English: this is a much easier and more reliable takeover primitive against Users and Computers.
A tool to operationalize this technique has been released alongside this post.
---------------------------------------------
https://posts.specterops.io/shadow-credentials-abusing-key-trust-account-mapping-for-takeover-8ee1a53566ab



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Tor Browser fixes vulnerability that tracks you using installed apps ∗∗∗
---------------------------------------------
The Tor Project has released Tor Browser 10.0.18 to fix numerous bugs, including a vulnerability that allows sites to track users by fingerprinting the applications installed on their devices. 
---------------------------------------------
https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/


∗∗∗ Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft ∗∗∗
---------------------------------------------
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.
---------------------------------------------
https://threatpost.com/nvidia-jetson-chipset-dos-data-theft/167093/


∗∗∗ Zephyr OS Bluetooth vulnerabilities left smart devices open to attack ∗∗∗
---------------------------------------------
The S in IoT stands for security. Vulnerabilities in the Zephyr real-time operating systems Bluetooth stack have been identified, leaving a wide variety of Internet of Things devices open to attack – unless upgraded to a patched version of the OS.…
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2021/06/22/zephyr_os_bluetooth_vulnerabilities/


∗∗∗ VMSA-2021-0012 ∗∗∗
---------------------------------------------
CVE(s): CVE-2021-21998
The VMware Carbon Black App Control management server has an authentication bypass. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.4.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0012.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (audacity), openSUSE (chromium), Oracle (glib2), SUSE (Salt and salt), and Ubuntu (apache2 and openexr).
---------------------------------------------
https://lwn.net/Articles/860559/


∗∗∗ Security Advisory - Improper Permission Assignment Vulnerability in Some USB Dongle Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210602-01-permission-en


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-7/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-6/


∗∗∗ Security Bulletin: A Security Vulnerability in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and its Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-ibm-java-runtime-affect-ibm-license-key-server-administration-and-reporting-tool-and-its-agent/


∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects Power Hardware Management Console (CVE-2021-3449). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-power-hardware-management-console-cve-2021-3449/


∗∗∗ Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in cyrus-sasl (CVE-2019-19906) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-a-vulnerability-in-cyrus-sasl-cve-2019-19906/


∗∗∗ Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-2/


∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-CVE-2021-3449) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-messagegateway-cve-cve-2021-3449/


∗∗∗ Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in GNU cpio (CVE-2019-14866) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-a-vulnerability-in-gnu-cpio-cve-2019-14866/


∗∗∗ Security Bulletin: A vulnerability in IBM WebSphere Liberty affects IBM WIoTP MessageGateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-liberty-affects-ibm-wiotp-messagegateway-2/


∗∗∗ Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in libxml2 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-vulnerabilities-in-libxml2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list