[CERT-daily] Tageszusammenfassung - 21.05.2021

Daily end-of-shift report team at cert.at
Fri May 21 18:35:37 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 20-05-2021 18:00 − Freitag 21-05-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Mail-Verschlüsselung: Thunderbird schlampte mit PGP-Schlüsseln ∗∗∗
---------------------------------------------
Die OpenPGP-Implementierung des Open-Source-Mailers Thunderbird speicherte die geheimen Schlüssel im Klartext.
---------------------------------------------
https://heise.de/-6051767


∗∗∗ QNAP confirms Qlocker ransomware used HBS backdoor account ∗∗∗
---------------------------------------------
QNAP is advising customers to update the HBS 3 disaster recovery app to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage (NAS) devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qnap-confirms-qlocker-ransomware-used-hbs-backdoor-account/


∗∗∗ Locking Kernel32.dll As Anti-Debugging Technique, (Fri, May 21st) ∗∗∗
---------------------------------------------
For bad guys, the implementation of techniques to prevent Security Analysts to perform their job is key! The idea is to make our life more difficult (read: "frustrating"). There are plenty of techniques that can be implemented but it's an ever-ongoing process.
---------------------------------------------
https://isc.sans.edu/diary/rss/27444


∗∗∗ Double-Encrypting Ransomware ∗∗∗
---------------------------------------------
This seems to be a new tactic: Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a “side-by-side encryption” attack, in which attacks encrypt some of an organization’s systems with ransomware A and others with ransomware B. In that case, data is only encrypted once, but a victim would need both decryption keys to unlock everything.
---------------------------------------------
https://www.schneier.com/blog/archives/2021/05/double-encrypting-ransomware.html


∗∗∗ 21nails: Reporting on Vulnerable SMTP/Exim Servers ∗∗∗
---------------------------------------------
We have recently started to perform a full IPv4 Internet-wide scan for accessible SMTP services and will report out possible vulnerabilities that have been observed, with a current focus on Exim (in the future non-Exim vulnerabilities may be added). We scan by performing a connection to port 25, recognizing an SMTP response and collecting the banner served. These connections look just like a normal SMTP connection, there is not any attempt to exploit the port, only to collect the banner [...]
---------------------------------------------
https://www.shadowserver.org/news/21nails-reporting-on-vulnerable-smtp-exim-servers/


∗∗∗ Project Zero: Fuzzing iOS code on macOS at native speed ∗∗∗
---------------------------------------------
This short post explains how code compiled for iOS can be run natively on Apple Silicon Macs.
---------------------------------------------
https://googleprojectzero.blogspot.com/2021/05/fuzzing-ios-code-on-macos-at-native.html


∗∗∗ Microsoft Unveils SimuLand: Open Source Attack Techniques Simulator ∗∗∗
---------------------------------------------
Microsoft this week announced the availability of SimuLand, an open source tool that enables security researchers to reproduce attack techniques in lab environments.
---------------------------------------------
https://www.securityweek.com/microsoft-unveils-simuland-open-source-attack-techniques-simulator


∗∗∗ Getting a persistent shell on a 747 IFE ∗∗∗
---------------------------------------------
TL:DR The Coronavirus pandemic has hit the airline industry hard. One sad consequence was early retirement of most of the 747 passenger fleet. This does however create opportunities for aviation security research, [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/getting-a-persistent-shell-on-a-747-ife/


∗∗∗ New YouTube Video Series: Everything you ever wanted to know about DNS and more!, (Thu, May 20th) ∗∗∗
---------------------------------------------
[...] I planned this video series a couple months ago, and figured that this would be easy. I know DNS... but each time I look at DNS, I learn something new, so it has taken a while to get the first episodes together, and today I am releasing the first one.
---------------------------------------------
https://isc.sans.edu/diary/rss/27440



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerability Spotlight: Heap-based buffer overflow in Google Chrome could lead to code execution ∗∗∗
---------------------------------------------
Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Google Chrome.
---------------------------------------------
https://blog.talosintelligence.com/2021/05/vuln-spotlight-google-chrome-heap.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (ceph, chromium, firefox, gitlab, hedgedoc, keycloak, libx11, mariadb, opendmarc, prosody, python-babel, python-flask-security-too, redmine, squid, and vivaldi), Debian (lz4), Fedora (ceph and python-pydantic), and openSUSE (cacti, cacti-spine).
---------------------------------------------
https://lwn.net/Articles/856902/


∗∗∗ Security Advisory - Improper Authorization Vulnerability in Huawei Products ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210519-02-cgp-en


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2021 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-april-2021-cpu/


∗∗∗ Security Bulletin: A security vulnerabilitiy has been fixed in IBM Security Identity Manager Virtual Appliance(CVE-2019-17006) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitiy-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2019-17006/


∗∗∗ Security Bulletin: IBM InfoSphere Information Server is affected by an Information disclosure vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-an-information-disclosure-vulnerability-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-6/


∗∗∗ Security Bulletin: Vulnerabilities in XStream, Java, OpenSSL, WebSphere Application Server Liberty and Node.js affect IBM Spectrum Control ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-java-openssl-websphere-application-server-liberty-and-node-js-affect-ibm-spectrum-control/


∗∗∗ Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability which could allow access to sensitive information ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-transparent-cloud-tiering-is-affected-by-a-vulnerability-which-could-allow-access-to-sensitive-information/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-5/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list