[CERT-daily] Tageszusammenfassung - 30.06.2021

Daily end-of-shift report team at cert.at
Wed Jun 30 18:09:33 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 29-06-2021 18:00 − Mittwoch 30-06-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Lorenz ransomware decryptor recovers victims files for free ∗∗∗
---------------------------------------------
Dutch cybersecurity firm Tesorion has released a free decryptor for the Lorenz ransomware, allowing victims to recover some of their files for free without paying a ransom.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lorenz-ransomware-decryptor-recovers-victims-files-for-free/


∗∗∗ An EPYC escape: Case-study of a KVM breakout ∗∗∗
---------------------------------------------
In this blog post I describe a vulnerability in KVM’s AMD-specific code and discuss how this bug can be turned into a full virtual machine escape.
---------------------------------------------
https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html


∗∗∗ MITRE ATT&CK® mappings released for built-in Azure security controls ∗∗∗
---------------------------------------------
Microsoft is pleased to announce the publication of the Security Stack Mappings for Azure project in partnership with the Center for Threat-Informed Defense.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/06/29/mitre-attck-mappings-released-for-built-in-azure-security-controls/


∗∗∗ June 2021 Forensic Contest: Answers and Analysis, (Wed, Jun 30th) ∗∗∗
---------------------------------------------
Thanks to everyone who participated in our June 2021 forensic contest originally posted two weeks ago.
---------------------------------------------
https://isc.sans.edu/diary/rss/27582


∗∗∗ Babuk ransomware builder leaked following muddled “retirement” ∗∗∗
---------------------------------------------
Heads are being scratched after the Babuk ransomware builder appears on VirusTotal, adding to the gangs reputation for confusion.
---------------------------------------------
https://blog.malwarebytes.com/reports/2021/06/babuk-ransomware-builder-leaked-following-muddled-retirement/


∗∗∗ Unseriöse Online-Shops verkaufen Mystery-Box mit Produkten aus unzustellbaren Amazon-Paketen ∗∗∗
---------------------------------------------
Einen Gaming Laptop oder eine PlayStation um 16 Euro? Zahlreiche Online-Shops verkaufen derzeit eine Mystery-Box, mit der das möglich sein soll. Die Box beinhaltet laut den HändlerInnen nicht zustellbare Amazon-Produkte wie Laptops, Computer, Kameras oder teure Kopfhörer.
---------------------------------------------
https://www.watchlist-internet.at/news/unserioese-online-shops-verkaufen-mystery-box-mit-produkten-aus-unzustellbaren-amazon-paketen/


∗∗∗ FIRST Challenge 2021 Writeup ∗∗∗
---------------------------------------------
Due to the COVID-19 pandemic the FIRST conference 2021 moved online and so did the annual CTF organized by the FIRST Security Lounge SIG. Thomas Pribitzer, Dimitri Robl, and Sebastian Waldbauer from CERT.at participated as a team, scoring the 9. place out of 42 teams.
---------------------------------------------
https://cert.at/en/blog/2021/6/first-challenge-2021-writeup


∗∗∗ Gozi malware gang member arrested in Colombia ∗∗∗
---------------------------------------------
Authorities in Colombia have arrested this week a Romanian national named Mihai Ionut Paunescu, one of the three suspects charged in 2013 for creating and operating the infamous Gozi banking trojan.
---------------------------------------------
https://therecord.media/gozi-malware-gang-member-arrested-in-colombia/


∗∗∗ REvil Twins ∗∗∗
---------------------------------------------
Deep Dive Into Prolific RaaS Affiliates’ TTPs
---------------------------------------------
https://blog.group-ib.com/revil_raas



=====================
=  Vulnerabilities  =
=====================

∗∗∗ DHCP Flood: Googles Cloud-VMs lassen sich per DHCP übernehmen ∗∗∗
---------------------------------------------
Angreifer könnten Root-Rechte in fremden VMs der Google-Cloud erhalten. Praktische Angriffe sind unwahrscheinlich, Updates gibt es nicht.
---------------------------------------------
https://www.golem.de/news/dhcp-flood-googles-cloud-vms-lassen-sich-per-dhcp-uebernehmen-2106-157764-rss.html


∗∗∗ CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit, (Wed, Jun 30th) ∗∗∗
---------------------------------------------
On June 21st, Microsoft modified the description of the vulnerability upgrading it to a remote code execution vulnerability. Earlier this week, an RCE exploit was posted to GitHub.
---------------------------------------------
https://isc.sans.edu/diary/rss/27588


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (fluidsynth), Fedora (libgcrypt and tpm2-tools), Mageia (nettle, nginx, openvpn, and re2c), openSUSE (kernel, roundcubemail, and tor), Oracle (edk2, lz4, and rpm), Red Hat (389-ds:1.4, edk2, fwupd, kernel, kernel-rt, libxml2, lz4, python38:3.8 and python38-devel:3.8, rpm, ruby:2.5, ruby:2.6, and ruby:2.7), and SUSE (kernel and lua53).
---------------------------------------------
https://lwn.net/Articles/861420/


∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2021-3449, CVE-2021-3450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-rational-clearquest-cve-2021-3449-cve-2021-3450/


∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-ibm-mobilefirst-platform-foundation/


∗∗∗ Security Bulletin: IBM® Db2® could allow an authenticated user to overwrite arbitrary files due to improper group permissions. (CVE-2020-4945) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-an-authenticated-user-to-overwrite-arbitrary-files-due-to-improper-group-permissions-cve-2020-4945/


∗∗∗ Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-4/


∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-rational-clearquest/


∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase (CVE-2020-27221, CVE-2020-14782, CVE-2020-2773, CVE-2020-14781) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-java-runtime-affect-ibm-rational-clearcase-cve-2020-27221-cve-2020-14782-cve-2020-2773-cve-2020-14781/


∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-rational-clearcase-cve-2020-1971-cve-2021-23839-cve-2021-23840-cve-2021-23841-cve-2021-23839-cve-2021-23840-cve-2021-23841/


∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-java-runtime-affect-ibm-rational-clearquest-2/


∗∗∗ Security Bulletin: Apache Commons Codec Vulnerability affects IBM Rational ClearQuest (177835) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-codec-vulnerability-affects-ibm-rational-clearquest-177835/


∗∗∗ Drupal 8 end-of-life on November 2, 2021 (four months from now) - PSA-2021-2021-06-29 ∗∗∗
---------------------------------------------
https://www.drupal.org/psa-2021-2021-06-29


∗∗∗ Exacq Technologies exacqVision Web Service ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-01


∗∗∗ Exacq Technologies exacqVision Enterprise Manager ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-02


∗∗∗ Panasonic FPWIN Pro ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03


∗∗∗ JTEKT TOYOPUC PLC ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-04


∗∗∗ AVEVA System Platform ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-05


∗∗∗ Claroty Secure Remote Access Site ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-06

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list