Tageszusammenfassung - 07.06.2021

End-of-Day report

Timeframe: Freitag 04-06-2021 18:00 - Montag 07-06-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

Jetzt patchen! Angreifer attackieren VMware vCenter Server

Sicherheitsforscher warnen davor, dass Angreifer es auf eine kritische Lücke in vCenter Server abgesehen haben.

https://heise.de/-6063523

Exploit für kritische Lücke in Rocket.Chat veröffentlicht

Wer die im Mai geschlossene kritische Lücke in Rocket.Chat noch nicht gefixt hat, sollte das schleunigst nachholen.

https://heise.de/-6063795

Malware family naming hell is our own fault

EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The way we name malware does not work. Why does it happen and how can we solve it?

https://www.gdatasoftware.com/blog/malware-family-naming-hell

Gootkit: the cautious Trojan

Gootkit is complex multi-stage banking malware capable of stealing data from the browser, performing man-in-the-browser attacks, keylogging, taking screenshots and lots of other malicious actions. Its loader performs various virtual machine and sandbox checks and uses sophisticated persistence algorithms.

https://securelist.com/gootkit-the-cautious-trojan/102731/

OSX/Hydromac

In this guest blog post, the security researcher Taha Karim of ConfiantIntel, dives into a new macOS adware specimen: Hydromac.

https://objective-see.com/blog/blog_0x65.html

WordPress Redirect Hack via Test0.com/Default7.com

Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it-s some malicious resource, scam site or a commercial site that buys traffic from cyber criminals (e.g. counterfeit drugs or replica merchandise). Types of Malicious Redirects There are two major types of malicious redirects: server-side redirects and client-side redirects.

https://blog.sucuri.net/2021/06/wordpress-redirect-hack-via-test0-com-default7-com.html

Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments

The main purpose of Siloscape is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers.

https://unit42.paloaltonetworks.com/siloscape/

This phishing email is pushing password-stealing malware to Windows PCs

An old form of trojan malware has been updated with new abilities, warn cybersecurity researchers.

https://www.zdnet.com/article/this-phishing-email-is-pushing-password-stealing-malware-to-windows-pcs/

Hacking space: How to pwn a satellite

Hacking an orbiting satellite is not light years away - here-s how things can go wrong in outer space

https://www.welivesecurity.com/2021/06/07/hacking-space-how-pwn-satellite/

Vulnerabilities

Security updates for Monday

Security updates have been issued by Debian (libwebp, python-django, ruby-nokogiri, and thunderbird), Fedora (dhcp, polkit, transfig, and wireshark), openSUSE (chromium, inn, kernel, redis, and umoci), Oracle (pki-core:10.6), Red Hat (libwebp, nginx:1.18, rh-nginx118-nginx, and thunderbird), SUSE (gstreamer-plugins-bad), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle).

https://lwn.net/Articles/858561/

Security Bulletin: cURL libcurl vulnerabilites impacting Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint 4.0 and earlier (CVE-2020-8284, CVE-2020-8286, CVE-2020-8285)

https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-4-0-and-earlier-cve-2020-8284-cve-2020-8286-cve-2020-8285/

Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0 and earlier (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)

https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2021-23839-cve-2021-23840-cve-2/

Security Bulletin: Multiple vulnerabilities may affect JRE in IBM DataPower Gateway

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-jre-in-ibm-datapower-gateway/

Security Bulletin: Multiple vulnerabilities affect the IBM Elastic Storage Server GUI

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-elastic-storage-server-gui/

Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-12/

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-5/

Security Bulletin: IBM DataPower Gateway vulnerable to a DoS attack

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-a-dos-attack/

Security Bulletin: OpenSSL vulnerability impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0, and earlier (CVE-2020-1971)

https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-1971/

Security Bulletin: IBM DataPower Gateway GUI permits use of GET

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-gui-permits-use-of-get/

Security Bulletin: WebSphere Application Server ND is vulnerable to Directory Traversal vulnerability (CVE-2021-20517)

https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-nd-is-vulnerable-to-directory-traversal-vulnerability-cve-2021-20517/