[CERT-daily] Tageszusammenfassung - 12.05.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 11-05-2021 18:00 − Mittwoch 12-05-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Number of industrial control systems on the internet is lower then in 2020...but still far from zero, (Wed, May 12th) ∗∗∗
---------------------------------------------
With the recent ransomware attack that impacted operation of one of the major US pipelines, I thought it might be a good time to revisit the old topic of internet-connected industrial systems.
---------------------------------------------
https://isc.sans.edu/diary/rss/27412


∗∗∗ Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks ∗∗∗
---------------------------------------------
Three design and multiple implementation flaws have been disclosed in IEEE 802.11 technical standard that undergirds Wi-Fi, potentially enabling an adversary to take control over a system and plunder confidential data.
---------------------------------------------
https://thehackernews.com/2021/05/nearly-all-wifi-devices-are-vulnerable.html


∗∗∗ Shining a Light on DARKSIDE Ransomware Operations ∗∗∗
---------------------------------------------
Since initially surfacing in August 2020, the creators of DARKSIDE ransomware and their affiliates have launched a global crime spree affecting organizations in more than 15 countries and multiple industry verticals.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html


∗∗∗ Lebenslauf-Erstellung auf cvmaker.de führt zu Abo-Vertrag! ∗∗∗
---------------------------------------------
Sie sind auf Arbeitssuche und wollen einen professionellen Lebenslauf erstellen? Die Suche danach könnte Sie auf die Seite cvmaker.de führen. Dort können Sie schnell und unkompliziert den benötigten Lebenslauf erstellen und das für nur 2,95 Euro. Aber Achtung: Sieben Tage nachdem Sie bezahlt haben, schließen Sie automatisch ein Abo ab.
---------------------------------------------
https://www.watchlist-internet.at/news/lebenslauf-erstellung-auf-cvmakerde-fuehrt-zu-abo-vertrag/


∗∗∗ „Ihre Lieferung befindet sich in unserem Zollzentrum“: Vorsicht vor betrügerischer SMS! ∗∗∗
---------------------------------------------
Zahlreiche LeserInnen der Watchlist Internet melden uns derzeit eine betrügerische SMS, die die EmpfängerInnen in eine Abo-Falle locken soll. Darin wird behauptet, dass sich eine Lieferung im Zollzentrum befindet und Importgebühren bezahlt werden müssen.
---------------------------------------------
https://www.watchlist-internet.at/news/ihre-lieferung-befindet-sich-in-unserem-zollzentrum-vorsicht-vor-betruegerischer-sms/


∗∗∗ Conti Ransomware ∗∗∗
---------------------------------------------
First seen in May 2020, Conti ransomware has quickly become one of the most common ransomware variants, according to Coveware.
---------------------------------------------
https://thedfirreport.com/2021/05/12/conti-ransomware/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Send My: Arbitrary data transmission via Apples Find My network ∗∗∗
---------------------------------------------
Its possible to upload arbitrary data from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices that then upload the data for you.
---------------------------------------------
https://positive.security/blog/send-my


∗∗∗ Microsoft-Patchday: Windows-Trojaner könnte sich wurmartig auf PCs verbreiten ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für Windows & Co. Mehrere Lücken sind bereits öffentlich bekannt. Attacken gibt es wohl noch nicht.
---------------------------------------------
https://heise.de/-6044412


∗∗∗ Adobe-Patchday: Attacken auf Adobe Acrobat und Reader ∗∗∗
---------------------------------------------
Adobe hat Sicherheitsupdates für verschiedene Anwendungen veröffentlicht. Vor allem Nutzer von Acrobat und Reader sollten die Patches zügig installieren.
---------------------------------------------
https://heise.de/-6044528


∗∗∗ SAP-Patchday: Angreifer könnten Daten von SAP-Software leaken ∗∗∗
---------------------------------------------
SAP hat Sicherheitsupdates für unter anderem Business One und NetWeaver AS ABAP veröffentlicht.
---------------------------------------------
https://heise.de/-6044570


∗∗∗ WLAN-Sicherheitslücken FragAttacks: Erste Updates ∗∗∗
---------------------------------------------
Für Windows, Linux, Router und WLAN-Adapter es bereits Patches oder zumindest Hinweise zum Schutz gegen die WLAN-Schwachstellen "FragAttacks".
---------------------------------------------
https://heise.de/-6045116


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (composer, hivex, lz4, and rails), Fedora (chromium, community-mysql, djvulibre, dom4j, firefox, php, php-phpmailer6, python-django, and redis), Mageia (mariadb, nagios, and pngcheck), openSUSE (opera, syncthing, and vlc), SUSE (kernel, openvpn, openvpn-openssl1, shim, and xen), and Ubuntu (flatpak, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4,[...]
---------------------------------------------
https://lwn.net/Articles/856086/


∗∗∗ Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for RedHat OpenShift (CVE-2020-5258) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-financial-transaction-manager-for-redhat-openshift-cve-2020-5258/


∗∗∗ Security Bulletin: A security vulnerability in Node.js glob-parent module affects IBM Cloud Automation Manager. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-glob-parent-module-affects-ibm-cloud-automation-manager/


∗∗∗ Security Bulletin: Security Bypass Vulnerability in PostgreSQL Affect IBM Connect:Direct Web Service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-bypass-vulnerability-in-postgresql-affect-ibm-connectdirect-web-service/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager/


∗∗∗ Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-automation-manager-5/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in PostgreSQL Affect IBM Connect:Direct Web Service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-postgresql-affect-ibm-connectdirect-web-service-2/


∗∗∗ Security Bulletin: A security vulnerability in Node.js Lodash module affects IBM Cloud Automation Manager. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-lodash-module-affects-ibm-cloud-automation-manager-2/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in PostgreSQL Affect IBM Connect:Direct Web Service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-postgresql-affect-ibm-connectdirect-web-service/


∗∗∗ Security Bulletin: Security vulnerabilities in Ansible affect IBM Cloud Pak for Multicloud Management Hybrid GRC ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ansible-affect-ibm-cloud-pak-for-multicloud-management-hybrid-grc/


∗∗∗ May 10, 2021   TNS-2021-09   [R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2021-09


∗∗∗ Synology-SA-21:20 FragAttacks ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_21_20


∗∗∗ BlackBerry Workspaces Server: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0503


∗∗∗ Red Hat OpenShift: Mehrere Schwachstellen ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0510


∗∗∗ BlackBerry UEM Management Console: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0517


∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0515


∗∗∗ Omron CX-One ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-01


∗∗∗ Mitsubishi Electric GOT and Tension Controller ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-02


∗∗∗ Siemens Mendix Database Replication Module ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-05


∗∗∗ Siemens Tecnomatix Plant Simulation ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-08


∗∗∗ SA44790 - HTTP Request Smuggling vulnerability with Virtual Traffic Manager (vTM) ∗∗∗
---------------------------------------------
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44790

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily