[CERT-daily] Tageszusammenfassung - 19.05.2021
Daily end-of-shift report
team at cert.at
Wed May 19 18:10:42 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 18-05-2021 18:00 − Mittwoch 19-05-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ MountLocker ransomware uses Windows API to worm through networks ∗∗∗
---------------------------------------------
The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-uses-windows-api-to-worm-through-networks/
∗∗∗ Transparent Tribe APT Infrastructure Mapping ∗∗∗
---------------------------------------------
Transparent Tribe (APT36, Mythic Leopard, ProjectM, Operation C-Major) is the name given to a threat actor group largely targeting Indian entities and assets.
---------------------------------------------
https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/
∗∗∗ May 2021 Forensic Contest: Answers and Analysis, (Wed, May 19th) ∗∗∗
---------------------------------------------
You can still find the pcap for our May 2021 forensic contest at this Github repository.
---------------------------------------------
https://isc.sans.edu/diary/rss/27430
∗∗∗ When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar ∗∗∗
---------------------------------------------
The purpose behind this investigative anecdote on the “water watering hole” is educational and highlights how sometimes two intrusions just don’t line up together no matter how much coincidence there is.
---------------------------------------------
https://www.dragos.com/blog/industry-news/a-new-water-watering-hole/
∗∗∗ Instagram-NutzerInnen aufgepasst: Unseriöse Shops locken mit angeblicher Kooperation! ∗∗∗
---------------------------------------------
Auf Instagram tauchen immer wieder unseriöse Online-Shops auf. Die BetreiberInnen dieser Shops wenden unterschiedliche Maschen an, um ihre Produkte zu bewerben.
---------------------------------------------
https://www.watchlist-internet.at/news/instagram-nutzerinnen-aufgepasst-unserioese-shops-locken-mit-angeblicher-kooperation/
∗∗∗ Crypto-mining gangs are running amok on free cloud computing platforms ∗∗∗
---------------------------------------------
Over the course of the last few months, some crypto-mining gangs have switched their modus operandi from attacking and hijacking unpatched servers to abusing the free tiers of cloud computing platforms.
---------------------------------------------
https://therecord.media/crypto-mining-gangs-are-running-amok-on-free-cloud-computing-platforms/
=====================
= Vulnerabilities =
=====================
∗∗∗ Pega Infinity patches authentication vulnerability ∗∗∗
---------------------------------------------
Pega Infinity is a popular enterprise software and researchers found a flaw in the authentication process by using a password reset weakness.
---------------------------------------------
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/05/pega-infinity-patches-authentication-vulnerability/
∗∗∗ Over 600,000 Sites Impacted by WP Statistics Patch ∗∗∗
---------------------------------------------
On March 13, 2021, the Wordfence Threat Intelligence team initiated responsible disclosure for a vulnerability in WP Statistics, a plugin installed on over 600,000 WordPress sites.
---------------------------------------------
https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (cacti, cacti-spine, exif, and hivex), Red Hat (bash, bind, bluez, brotli, container-tools:rhel8, cpio, curl, dotnet3.1, dotnet5.0, dovecot, evolution, exiv2, freerdp, ghostscript, glibc, GNOME, go-toolset:rhel8, grafana, gssdp and gupnp, httpd:2.4, idm:DL1, idm:DL1 and idm:client, ipa, kernel, kernel-rt, krb5, libdb, libvncserver, libxml2, linux-firmware, mailman:2.1, mingw packages, NetworkManager and libnma, opensc, p11-kit, pandoc, perl, [...]
---------------------------------------------
https://lwn.net/Articles/856649/
∗∗∗ Researchers Find Exploitable Bugs in Mercedes-Benz Cars ∗∗∗
---------------------------------------------
Following an eight-month audit of the code in the latest infotainment system in Mercedes-Benz cars, security researchers with Tencent Security Keen Lab identified five vulnerabilities, four of which could be exploited for remote code execution.
---------------------------------------------
https://www.securityweek.com/researchers-find-exploitable-bugs-mercedes-benz-cars
∗∗∗ Security Advisory - Denial of Service Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210519-02-dos-en
∗∗∗ Security Advisory - Resource Management Error Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210519-01-resource-en
∗∗∗ Security Advisory - Denial of Service Vulnerability in Huawei Smartphone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210519-04-dos-en
∗∗∗ Security Advisory - Out of Bounds Write Vulnerability in Huawei CloudEngine Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210519-01-cloudengine-en
∗∗∗ Security Bulletin: Client-side HTTP Parameter Pollution in WAS Intelligent Management Admin console ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-client-side-http-parameter-pollution-in-was-intelligent-management-admin-console/
∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/
∗∗∗ Security Bulletin: Access Control Security Vulnerability Exists in Dashboard User Interface of IBM Sterling B2B Integrator (CVE-2020-4646) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-access-control-security-vulnerability-exists-in-dashboard-user-interface-of-ibm-sterling-b2b-integrator-cve-2020-4646/
∗∗∗ Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-14782) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-java-se-cve-2020-14782/
∗∗∗ Security Bulletin: A vulnerability in Java affects IBM Cloud Pak for Multicloud Management Monitoring ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-affects-ibm-cloud-pak-for-multicloud-management-monitoring-3/
∗∗∗ Security Bulletin: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-7-0-8-0-8-5-9-0-and-liberty-could-allow-a-remote-attacker-to-obtain-sensitive-information-when-a-stack-trace-is-returned-in-the-browser/
∗∗∗ Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator-2/
∗∗∗ Security Bulletin: Vulnerablities in IBM SDK, Java Technology Edition Quarterly. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerablities-in-ibm-sdk-java-technology-edition-quarterly/
∗∗∗ Security Bulletin: A vulnerability in Java affects IBM Cloud Pak for Multicloud Management Monitoring ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-affects-ibm-cloud-pak-for-multicloud-management-monitoring-2/
∗∗∗ Security Bulletin: A vulnerability in IBM Java affects IBM Developer for z Systems. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-affects-ibm-developer-for-z-systems/
∗∗∗ Gdk-pixbuf vulnerability CVE-2017-2862 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K36984830
∗∗∗ Linux kernel vulnerability CVE-2019-20811 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K52525232
∗∗∗ BIND vulnerability CVE-2021-25215 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K96223611
∗∗∗ BIND vulnerability CVE-2021-25214 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K11426315
∗∗∗ BOSCH-SA-350374: Vulnerability in the routing protocol of the PLC runtime ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-350374.html
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list