[CERT-daily] Tageszusammenfassung - 17.09.2021
Daily end-of-shift report
team at cert.at
Fri Sep 17 18:19:52 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 16-09-2021 18:00 − Freitag 17-09-2021 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ OMIGOD: Microsoft lässt Azure-Admins mit Linux-Lücke allein ∗∗∗
---------------------------------------------
Kritische Lücken in der Microsoft-Cloud ermöglichen Root-Angriffe auf Linux-VMs. Microsoft weist die Verantwortung für wichtige Updates allerdings von sich.
---------------------------------------------
https://heise.de/-6194618
∗∗∗ US-Heimatschutz warnt vor weitreichenden Angriffen über Zoho ADSelfService Plus ∗∗∗
---------------------------------------------
Über eine kritische Sicherheitslücke haben sich APT-Gruppen Zugang zu den Netzwerken mehrerer Organisationen verschafft.
---------------------------------------------
https://heise.de/-6194780
∗∗∗ Exploitation of the CVE-2021-40444 vulnerability in MSHTML ∗∗∗
---------------------------------------------
Last week, Microsoft reported the RCE vulnerability CVE-2021-40444 in the MSHTML browser engine. Kaspersky is aware of targeted attacks using this vulnerability, and our products protect against attacks leveraging it.
---------------------------------------------
https://securelist.com/exploitation-of-the-cve-2021-40444-vulnerability-in-mshtml/104218/
∗∗∗ Malicious Calendar Subscriptions Are Back?, (Fri, Sep 17th) ∗∗∗
---------------------------------------------
Did this threat really disappear? This isnt a brand new technique to deliver malicious content to mobile devices but it seems that attackers started new waves of spam campaigns based on malicious calendar subscriptions.
---------------------------------------------
https://isc.sans.edu/diary/rss/27846
∗∗∗ A Cheat-Sheet on Internet Cookies – (Who, What, When, Why & How) ∗∗∗
---------------------------------------------
What are internet cookies, how should you feel about them? Are they helpful, harmless, dangerous? Cookies are key to our modern online experience with targeted website ads and predictive search text that seems to read our minds. Cookies help us gain a customized online experience, but what do we lose? Are we being manipulated by our own data?
---------------------------------------------
https://blog.sucuri.net/2021/09/a-cheat-sheet-on-internet-cookies-who-what-when-why-how.html
∗∗∗ AMD Chipset Driver Vulnerability Can Allow Hackers to Obtain Sensitive Data ∗∗∗
---------------------------------------------
Chipmaker AMD has patched a driver vulnerability that could allow an attacker to obtain sensitive information from the targeted system.
---------------------------------------------
https://www.securityweek.com/amd-chipset-driver-vulnerability-can-allow-hackers-obtain-sensitive-data
∗∗∗ DDoS botnets, cryptominers target Azure systems after OMIGOD exploit goes public ∗∗∗
---------------------------------------------
Threat actors are attacking Azure Linux-based servers using a recently disclosed security flaw named OMIGOD in order to hijack vulnerable systems into DDoS or crypto-mining botnets.
---------------------------------------------
https://therecord.media/ddos-botnets-cryptominers-target-azure-systems-after-omigod-exploit-goes-public/
=====================
= Vulnerabilities =
=====================
∗∗∗ Analysis of CVE-2021-30860 ∗∗∗
---------------------------------------------
In this guest blog post, the security researcher Tom McGuire details the flaw and fix of CVE-2021-30860, a zero-click vulnerability, exploited in the wild.
---------------------------------------------
https://objective-see.com/blog/blog_0x67.html
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox and thunderbird), Fedora (haproxy, wordpress, and xen), openSUSE (apache2-mod_auth_openidc, fail2ban, ghostscript, haserl, libcroco, nextcloud, and wireshark), Oracle (kernel and kernel-container), Slackware (httpd), SUSE (crmsh, gtk-vnc, libcroco, Mesa, postgresql12, postgresql13, and transfig), and Ubuntu (libgcrypt20, linux-gcp, linux-gcp-4.15, linux-hwe-5.4, linux-oem-5.13, python3.4, python3.5, and qtbase-opensource-src).
---------------------------------------------
https://lwn.net/Articles/869521/
∗∗∗ Siemens RUGGEDCOM ROX ∗∗∗
---------------------------------------------
This advisory contains mitigations for Exposure of Sensitive Information to an Unauthorized Actor, Execution with Unnecessary Privileges, and Improper Handling of Insufficient Permissions or Privileges vulnerabilities in Siemens RUGGEDCOM ROX devices.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01
∗∗∗ Schneider Electric EcoStruxure and SCADAPack ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Path Traversal vulnerability in Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect software designed for the x70 SCADAPack system.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-259-02
∗∗∗ Siemens Teamcenter ∗∗∗
---------------------------------------------
This advisory contains mitigations for Privilege Defined with Unsafe Actions, Authorization Bypass Through User-Controlled Key, and Improper Restriction of XML External Entity Reference vulnerabilities in the Siemens Teamcenter virtualization platform.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-08
∗∗∗ Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-nginx-ffects-ibm-cloud-automation-manager/
∗∗∗ Security Bulletin: A security vulnerability in Node.js pac-resolver module affects IBM Cloud Automation Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-pac-resolver-module-affects-ibm-cloud-automation-manager/
∗∗∗ Security Bulletin: A security vulnerability in Golang GO affects IBM Cloud Automation Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-golang-go-affects-ibm-cloud-automation-manager-2/
∗∗∗ Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Automation Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-golang-go-affects-ibm-cloud-automation-manager/
∗∗∗ Security Bulletin: IBM® Db2® could allow a local user to read and write specific files due to weak file permissions (CVE-2020-4976) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-a-local-user-to-read-and-write-specific-files-due-to-weak-file-permissions-cve-2020-4976-2/
∗∗∗ Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in IBM Http server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-ibm-http-server/
∗∗∗ Security Bulletin: A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-xmlhttprequest-ssl-module-affects-ibm-cloud-automation-manager-2/
∗∗∗ Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-automation-manager-3/
∗∗∗ Security Bulletin: September 2021 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-september-2021-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/
∗∗∗ Security Bulletin: A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-xmlhttprequest-ssl-module-affects-ibm-cloud-automation-manager/
∗∗∗ Security Bulletin: September 2021 : A vulnerability in IBM Java Runtime affects CICS Transaction Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-september-2021-a-vulnerability-in-ibm-java-runtime-affects-cics-transaction-gateway/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list