[CERT-daily] Tageszusammenfassung - 28.06.2021

Daily end-of-shift report team at cert.at
Mon Jun 28 18:07:19 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 25-06-2021 18:00 − Montag 28-06-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Using VMs To Hide Ransomware Attacks is Becoming More Popular ∗∗∗
---------------------------------------------
In early 2020, security researchers were baffled to discover that a ransomware gang had come up with an innovative trick that allowed it to run its payload inside virtual machines on infected hosts as a technical solution that bypassed security software. One year later, that technique has spread among the cybercrime underground and is now used by multiple ransomware operators.
---------------------------------------------
https://it.slashdot.org/story/21/06/28/1521220/using-vms-to-hide-ransomware-attacks-is-becoming-more-popular


∗∗∗ Sicherheitsforscher der TU Wien warnen vor vergessenen Subdomains auf Webseiten ∗∗∗
---------------------------------------------
Vor einer Online-Sicherheitslücke durch sozusagen vergessene Unterseiten einer Website warnen Forscher der Technischen Universität (TU) Wien. Unter bestimmten Umständen kann man sich über derartige lose Enden bei Subdomains über die Hintertür Zugang zu Hauptseiten verschaffen, berichtet ein Team aus Wien und Italien im Rahmen einer Fachkonferenz.
---------------------------------------------
https://www.derstandard.at/story/2000127773220/sicherheitsforscher-der-tu-wien-warnen-vor-vergessenen-subdomains-auf-webseiten


∗∗∗ Jetzt patchen! Angreifer attackieren Cisco Adaptive Security Appliance ∗∗∗
---------------------------------------------
Es ist Exploit-Code für eine Sicherheitslücke in Cisco ASA und FTD in Umlauf.
---------------------------------------------
https://heise.de/-6120956



=====================
=  Vulnerabilities  =
=====================

∗∗∗ CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability, (Sat, Jun 26th) ∗∗∗
---------------------------------------------
This XML External Entity injection (XXE) vulnerability disclosed in March 2019 is still actively scanned for a vulnerable mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10. This exploit attempts to read the Zimbra configuration file that contains an LDAP password for the zimbra account.
---------------------------------------------
https://isc.sans.edu/diary/rss/27570


∗∗∗ Western Digital My Book: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode und Löschung der Daten ∗∗∗
---------------------------------------------
Western Digital hat eine Schwachstelle in seinen My Book NAS Geräten bekanntgegeben. Ein Angreifer kann diese Schwachstelle ausnutzen, um Schadcode auszuführen und unter Umständen die Geräte in Werkseinstellung zu bringen und alle Daten zu löschen. Dazu ist keine Anmeldung am Gerät erforderlich. ... Das BürgerCERT empfiehlt als Abhilfe, den Herstellerempfehlungen folgend, die Trennung des Gerätes vom Internet.
---------------------------------------------
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/TW/2021/06/warnmeldung_tw-t21-0124.html;jsessionid=7E953CAFA5397551D40B917B580A02AD.internet082?nn=520060


∗∗∗ Vulnerability Spotlight: Memory corruption vulnerability in PowerISO’s DMG handler ∗∗∗
---------------------------------------------
(CVE-2021-21871) is a memory corruption vulnerability in PowerISO that could result in the attacker gaining the ability to execute code on the victim machine. An attacker can exploit this vulnerability by tricking a user into opening a specially crafted DMG file. Cisco Talos worked with PowerISO to ensure that this issue is resolved and an update is available for affected customers
---------------------------------------------
https://blog.talosintelligence.com/2021/06/vulnerability-spotlight-memory-.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bluez, intel-microcode, tiff, and xmlbeans), Fedora (openssh and php-phpmailer6), openSUSE (freeradius-server, java-1_8_0-openjdk, live555, openexr, roundcubemail, tor, and tpm2.0-tools), SUSE (bouncycastle and zziplib), and Ubuntu (linux-kvm and thunderbird).
---------------------------------------------
https://lwn.net/Articles/861221/


∗∗∗ ImageMagick: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann. Ein lokaler Angreifer kann eine Schwachstelle in ImageMagick ausnutzen, um Informationen offenzulegen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0698


∗∗∗ Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe


∗∗∗ ABB - Amnesia:33 – Impact on B&R Products ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1621259206587-en-original-1.0.pdf


∗∗∗ ABB - Multiple Vulnerabilities in Automation Runtime NTP Service ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1621259206592-en-original-1.0.pdf


∗∗∗ Security Bulletin: Incorrect authorization in IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2021-29751 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-authorization-in-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2021-29751/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2020-27221, CVE-2020-14782) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments-4/


∗∗∗ Security Bulletin: Stack-based Buffer Overflow vulnerabilities in IBM Spectrum Protect Back-up Archive Client and IBM Spectrum Protect for Space Management (CVE-2021-29672, CVE-2021-20546) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-stack-based-buffer-overflow-vulnerabilities-in-ibm-spectrum-protect-back-up-archive-client-and-ibm-spectrum-protect-for-space-management-cve-2021-29672-cve-2021-20546-3/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) (CVE-2017-18214, CVE-2016-4055, CVE-2021-20413) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-cve-2017-18214-cve-2016-4055-cve-2021-20413/


∗∗∗ Security Bulletin: Vulnerability in lpd affects AIX (CVE-2021-29693) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-lpd-affects-aix-cve-2021-29693/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak for Automation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-pak-for-automation-3/


∗∗∗ Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability (CVE-2021-26296) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-cve-2021-26296/


∗∗∗ Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-sdk-for-node-js-might-affect-the-configuration-editor-used-by-ibm-business-automation-workflow-and-business-process-manager-bpm/


∗∗∗ Security Bulletin: Vulnerability in Jasper, Version 8 Service Refresh 5 Fix Pack 33, used in Jetty Server 9.4.14 where Rational Synergy is deployed. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jasper-version-8-service-refresh-5-fix-pack-33-used-in-jetty-server-9-4-14-where-rational-synergy-is-deployed/


∗∗∗ Security Bulletin: Vulnerability found in Apache Log4j V1.x may affect IBM Enterprise Records ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-found-in-apache-log4j-v1-x-may-affect-ibm-enterprise-records/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list