[CERT-daily] Tageszusammenfassung - 08.10.2021
Daily end-of-shift report
team at cert.at
Fri Oct 8 18:09:20 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 07-10-2021 18:00 − Freitag 08-10-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Rapid RYUK Ransomware Attack Group Christened as FIN12 ∗∗∗
---------------------------------------------
Prolific ransomware cybercrime groups approach underscores a complicated, layered model of cybercrime.
---------------------------------------------
https://www.darkreading.com/attacks-breaches/rapid-ryuk-ransomware-attack-group-christened-as-fin12
∗∗∗ Sorting Things Out - Sorting Data by IP Address, (Fri, Oct 8th) ∗∗∗
---------------------------------------------
One thing that is huge in making sense of large volumes of data is sorting. Which makes having good sorting tools and methods a big deal when you are working through findings in a security assessment of pentest.
---------------------------------------------
https://isc.sans.edu/diary/rss/27916
∗∗∗ Free BrewDog beer, with a side order of shareholder PII? ∗∗∗
---------------------------------------------
BrewDog exposed the details of over 200,000 ‘Equity for Punks’ shareholders for over 18 months plus many more customers.
---------------------------------------------
https://www.pentestpartners.com/security-blog/free-brewdog-beer-with-a-side-order-of-shareholder-pii/
∗∗∗ FontOnLake: Previously unknown malware family targeting Linux ∗∗∗
---------------------------------------------
ESET researchers discover a malware family with tools that show signs they’re used in targeted attacks.
---------------------------------------------
https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/
∗∗∗ NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques ∗∗∗
---------------------------------------------
The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security (TLS) certificates and the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA).
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/10/08/nsa-releases-guidance-avoiding-dangers-wildcard-tls-certificates
∗∗∗ Microsoft to disable Excel 4.0 macros, one of the most abused Office features ∗∗∗
---------------------------------------------
Microsoft plans to disable a legacy feature known as Excel 4.0 macros, also XLM macros, for all Microsoft 365 users by the end of the year [...]
---------------------------------------------
https://therecord.media/microsoft-to-disable-excel-4-0-macros-one-of-the-most-abused-office-features/
∗∗∗ Malicious PowerPoint Files Constantly Being Distributed ∗∗∗
---------------------------------------------
On April 2021, the ASEC analysis team introduced the malware delivered via PowerPoint files attached to email in the ASEC blog. The team has found continuous malicious activities that use PPAM files in the form of PowerPoint and thus is sharing them.
---------------------------------------------
https://asec.ahnlab.com/en/26597/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (libssh), Mageia (firefox), Slackware (httpd), SUSE (xen), and Ubuntu (firefox and mysql-5.7).
---------------------------------------------
https://lwn.net/Articles/872267/
∗∗∗ Google Patches Four Severe Vulnerabilities in Chrome ∗∗∗
---------------------------------------------
Google this week announced the release of an updated Chrome version for Windows, Mac and Linux, to address a total of four high-severity vulnerabilities in the browser.
---------------------------------------------
https://www.securityweek.com/google-patches-four-severe-vulnerabilities-chrome
∗∗∗ Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation ∗∗∗
---------------------------------------------
On October 7, 2021, the Apache Software Foundation released Apache HTTP Server version 2.4.51 to address Path Traversal and Remote Code Execution vulnerabilities (CVE-2021-41773, CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50. These vulnerabilities have been exploited in the wild.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/10/07/apache-releases-http-server-version-2451-address-vulnerabilities
∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container Designers may be vulnerable to arbitrary code execution via CVE-2021-23436 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-designers-may-be-vulnerable-to-arbitrary-code-execution-via-cve-2021-23436/
∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors (CVE-2021-29906) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-could-disclose-sensitive-information-to-a-local-user-when-it-is-configured-to-use-an-ibm-cloud-api-key-to-connect-to-cloud-based-conne/
∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to a symlink attack due to CVE-2021-39135 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-integration-servers-may-be-vulnerable-to-a-symlink-attack-due-to-cve-2021-39135/
∗∗∗ Security Bulletin: Access Control Vulnerability Affects the User Interface of IBM Sterling File Gateway (CVE-2020-4654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-access-control-vulnerability-affects-the-user-interface-of-ibm-sterling-file-gateway-cve-2020-4654/
∗∗∗ Security Bulletin: Node.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251, CVE-2020-8277) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-node-js-as-used-by-ibm-security-qradar-packet-capture-contains-multiple-vulnerabilities-cve-2020-8201-cve-2020-8252-cve-2020-8251-cve-2020-8277/
∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to a symlink attack due to CVE-2021-39134 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-integration-servers-may-be-vulnerable-to-a-symlink-attack-due-to-cve-2021-39134/
∗∗∗ Security Bulletin: Multiple Apache PDFBox security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-apache-pdfbox-security-vulnerabilities/
∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container images may be vulnerable to Denial of Service attacks due to CVE-2021-23362 and CVE-2021-27290 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-images-may-be-vulnerable-to-denial-of-service-attacks-due-to-cve-2021-23362-and-cve-2021-27290/
∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a sensitive information disclosure vulnerability (CVE-2020-5008) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-sensitive-information-disclosure-vulnerability-cve-2020-5008/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-http-server-affect-ibm-netezza-performance-portal/
∗∗∗ Kyocera Drucker: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-1049
∗∗∗ Johnson Controls exacqVision Server Bundle ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-01
∗∗∗ Mobile Industrial Robots Vehicles and MiR Fleet Software ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
∗∗∗ Johnson Controls exacqVision ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-03
∗∗∗ Mitsubishi Electric MELSEC iQ-R Series C Controller Module ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04
∗∗∗ InHand Networks IR615 Router ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05
∗∗∗ FATEK Automation WinProladder ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-06
∗∗∗ FATEK Automation Communication Server ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-07
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list