End-of-Day report
Timeframe: Montag 10-05-2021 18:00 - Dienstag 11-05-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
BSI aktualisiert den Mindeststandard zur Verwendung von Transport Layer Security (TLS)
Die neue Version 2.2 des Mindeststandards berücksichtigt die aktuellen Empfehlungen der technischen Richtlinien des BSI (TR 02102-2, TR 03116-4) und thematisiert den Umgang mit TLS-Protokoll-Versionen und kryptografischen Verfahren, die nicht den Vorgaben des Mindeststandards entsprechen.
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Mindeststandard_TLS_aktualisiert_100521.html
Gefälschtes E-Mail der bank99 im Umlauf
Ihr bank99-Konto wurde angeblich gesperrt, weil Sie Ihre Identität nicht bestätigt haben? Vorsicht, diese Kundenmitteilung ist gefälscht. Kriminelle fälschen bank99-E-Mails, um an Ihre Zugangsdaten zu kommen. Klicken Sie keinesfalls auf den "Vorgang starten"-Link. Sie werden auf eine nachgebaute Login-Website geleitet.
https://www.watchlist-internet.at/news/gefaelschtes-e-mail-der-bank99-im-umlauf/
US and Australia warn of escalating Avaddon ransomware attacks
The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide.
https://www.bleepingcomputer.com/news/security/us-and-australia-warn-of-escalating-avaddon-ransomware-attacks/
TeaBot: a new Android malware emerged in Italy, targets banks in Europe
[...] At the beginning of January 2021, a new Android banker started appearing and it was discovered and analysed by our Threat Intelligence and Incident Response (TIR) team. Since lack of information and the absence of a proper nomenclature of this Android banker family, we decide to dub it as TeaBot to better track this family inside our internal Threat Intelligence taxonomy.
https://www.cleafy.com/documents/teabot
Beware of Applications Misusing Root Stores
We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla-s root store is curated for. [...] Applications that use Mozilla-s root store for a purpose other than that have a critical security vulnerability.
https://blog.mozilla.org/security/2021/05/10/beware-of-applications-misusing-root-stores/
DarkSide Malware Profile
The following report provides X-Force Threat Intelligences analysis of the DarkSide ransomware family based on publicly available samples. Summary: DarkSide, like other ransomware used in targeted attacks, encrypts user data in compromised computers. Recent variants of DarkSide ransomware enumerates various system properties of the victim and beacons them in an encoded POST request to its C2 address. DarkSide also executes an encoded PowerShell command to delete volume shadow copies. It deletes [...]
https://exchange.xforce.ibmcloud.com/collection/06d0917405c36ca91f5db1fe0c01d1ad
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by Debian (hivex), Fedora (djvulibre and thunderbird), openSUSE (monitoring-plugins-smart and perl-Image-ExifTool), Oracle (kernel and kernel-container), Red Hat (kernel and kpatch-patch), SUSE (drbd-utils, java-11-openjdk, and python3), and Ubuntu (exiv2, firefox, libxstream-java, and pyyaml).
https://lwn.net/Articles/855995/
Synology-SA-21:19 SRM
A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of Synology Router Manager (SRM).
https://www.synology.com/en-global/support/security/Synology_SA_21_19
Citrix Workspace App Security Update
A vulnerability has been identified that could result in a local user escalating their privilege level to SYSTEM on the computer running Citrix Workspace app for Windows.
https://support.citrix.com/article/CTX307794
Google Releases Security Updates for Chrome
Google has released Chrome version 90.0.4430.212 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
https://us-cert.cisa.gov/ncas/current-activity/2021/05/11/google-releases-security-updates-chrome
Reflected XSS Vulnerability in SIS Infromatik - Rewe Go
https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go-cve-2021-31537/
SAP Patchday Mai
https://www.cert-bund.de/advisoryshort/CB-K21-0496
2020-10Password Change Authentication Bypass Vulnerability in HiOS & HiSecOS
https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=12914&mediaformatid=50063&destinationid=10016
Security Bulletin: IBM OpenPages with Watson has addressed an information disclosure vulnerability (CVE-2020-4536)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson-has-addressed-an-information-disclosure-vulnerability-cve-2020-4536/
Security Bulletin: IBM OpenPages with Watson has addressed a cross-site scripting vulnerability (CVE-2020-4535)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson-has-addressed-a-cross-site-scripting-vulnerability-cve-2020-4535/
SSA-854248: Information Disclosure Vulnerability in Mendix Excel Importer Module
https://cert-portal.siemens.com/productcert/txt/ssa-854248.txt
SSA-752103: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
https://cert-portal.siemens.com/productcert/txt/ssa-752103.txt
SSA-723417: Multiple Vulnerabilities in SCALANCE W1750D
https://cert-portal.siemens.com/productcert/txt/ssa-723417.txt
SSA-678983: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
https://cert-portal.siemens.com/productcert/txt/ssa-678983.txt
SSA-676775: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices
https://cert-portal.siemens.com/productcert/txt/ssa-676775.txt
SSA-594364: Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime
https://cert-portal.siemens.com/productcert/txt/ssa-594364.txt
SSA-501073: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)
https://cert-portal.siemens.com/productcert/txt/ssa-501073.txt
SSA-324955: SAD DNS Attack in Linux Based Products
https://cert-portal.siemens.com/productcert/txt/ssa-324955.txt
SSA-286838: Multiple Vulnerabilities in SINAMICS Medium Voltage Products
https://cert-portal.siemens.com/productcert/txt/ssa-286838.txt
SSA-116379: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
https://cert-portal.siemens.com/productcert/txt/ssa-116379.txt