[CERT-daily] Tageszusammenfassung - 06.09.2021

Daily end-of-shift report team at cert.at
Mon Sep 6 18:09:17 CEST 2021 

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 03-09-2021 18:00 − Montag 06-09-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Exchange-Server-Attacken reißen nicht ab - Angreifer installieren 7 Hintertüren ∗∗∗
---------------------------------------------
Wenn nicht längst geschehen, sollten Admins die ProxyShell-Lücken in Exchange Server durch die Installation von Sicherheitsupdates schließen.
---------------------------------------------
https://heise.de/-6182364


∗∗∗ Patch me if you can: Ransomware 3.0 - der Widerstand wächst ∗∗∗
---------------------------------------------
ITler jonglieren gern mit Zahlen, vor allem beim Reifegrad von Software. Bei Ransomware hat ein Versionssprung aber nichts Gutes zu bedeuten - oder doch?
---------------------------------------------
https://heise.de/-6071696


∗∗∗ Sourcecode von Erpressungstrojaner "Babuk Locker" geleakt ∗∗∗
---------------------------------------------
In einem russischen Hacker-Forum sind alle Bauteile für die Ransomware "Babuk Locker" aufgetaucht. Darunter könnten auch für Opfer interessante Schlüssel sein.
---------------------------------------------
https://heise.de/-6182385


∗∗∗ Ransomware gangs target companies using these criteria ∗∗∗
---------------------------------------------
Ransomware gangs increasingly purchase access to a victims network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ransomware-gangs-target-companies-using-these-criteria/


∗∗∗ The State of Incident Response: Measuring Risk and Evaluating Your Preparedness ∗∗∗
---------------------------------------------
Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster.
---------------------------------------------
https://threatpost.com/incident-response-risk-preparedness/169211/


∗∗∗ Traffic Exchange Networks Distributing Malware Disguised as Cracked Software ∗∗∗
---------------------------------------------
An ongoing campaign has been found to leverage a network of websites acting as a "dropper as a service" to deliver a bundle of malware payloads to victims looking for "cracked" versions of popular business and consumer applications. "These malware included an assortment of click fraud bots, other information stealers, and even ransomware," researchers from cybersecurity firm Sophos said [...]
---------------------------------------------
https://thehackernews.com/2021/09/traffic-exchange-networks-distributing.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Proxies are complicated: RCE vulnerability in a 3 million downloads/week NPM package ∗∗∗
---------------------------------------------
Pac-Resolver, a widely used NPM dependency, had a high-severity RCE (Remote Code Execution) vulnerability that could allow network administrators or other malicious actors on your local network to remotely run arbitrary code inside your Node.js process whenever you tried to send an HTTP request.
---------------------------------------------
https://httptoolkit.tech/blog/npm-pac-proxy-agent-vulnerability/


∗∗∗ ‘Demon’s Cries’ authentication bypass patched in Netgear switches ∗∗∗
---------------------------------------------
Networking equipment vendor Netgear has patched three vulnerabilities in several of its smart switches that can allow threat actors to bypass authentication and take over devices.
---------------------------------------------
https://therecord.media/demons-cries-authentication-bypass-patched-in-netgear-switches/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (btrbk, pywps, and squashfs-tools), Fedora (libguestfs, libss7, ntfs-3g, ntfs-3g-system-compression, partclone, testdisk, wimlib, and xen), Mageia (exiv2, golang, libspf2, and ruby-addressable), openSUSE (apache2, dovecot23, gstreamer-plugins-good, java-11-openjdk, libesmtp, mariadb, nodejs10, opera, python39, sssd, and xerces-c), and SUSE (apache2, java-11-openjdk, libesmtp, mariadb, nodejs10, python39, sssd, xen, and xerces-c).
---------------------------------------------
https://lwn.net/Articles/868464/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Helm vulnerabilities ( CVE-2021-21303) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-helm-vulnerabilities-cve-2021-21303/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2020-1971 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-openssl-vulnerabilities-cve-2020-1971/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL and Node.js vulnerabilities (CVE-2020-1971, CVE-2020-8287, CVE-2020-8265) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-openssl-and-node-js-vulnerabilities-cve-2020-1971-cve-2020-8287-cve-2020-8265/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8554) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-kubernetes-vulnerabilities-cve-2020-8554/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Java vulnerabilities (CVE-2020-14781) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-java-vulnerabilities-cve-2020-14781/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Docker vulnerabilities (CVE-2021-21285, CVE-2021-21284) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-docker-vulnerabilities-cve-2021-21285-cve-2021-21284/


∗∗∗ Security Bulletin: Multiple vulnerabilities in VMware affect IBM Cloud Pak System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-affect-ibm-cloud-pak-system-2/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Node.js lodash vulnerabilities (CVE-2021-23337) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-node-js-lodash-vulnerabilities-cve-2021-23337/


∗∗∗ Security Bulletin: A Privilege Escalation vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool and its Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-privilege-escalation-vulnerability-in-pivotal-spring-framework-affects-ibm-lks-administration-reporting-tool-and-its-agent/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2020-1968 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-openssl-vulnerabilities-cve-2020-1968/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-3121) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-go-vulnerability-cve-2021-3121/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8569) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-kubernetes-vulnerabilities-cve-2020-8569/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2020-25649) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-fasterxml-jackson-databind-vulnerabilities-cve-2020-25649/


∗∗∗ Security Bulletin: A security vulnerability has been identified in Oracle Oct 2020 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14781) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-oracle-oct-2020-cpu-for-java-8-shipped-with-ibm-intelligent-operations-center-cve-2020-14781/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Elastic vulnerabilities (CVE-2020-7020 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-elastic-vulnerabilities-cve-2020-7020/


∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Java vulnerabilities (CVE-2020-2773) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-java-vulnerabilities-cve-2020-2773/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list