End-of-Day report
Timeframe: Freitag 04-06-2021 18:00 - Montag 07-06-2021 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Jetzt patchen! Angreifer attackieren VMware vCenter Server
Sicherheitsforscher warnen davor, dass Angreifer es auf eine kritische Lücke in vCenter Server abgesehen haben.
https://heise.de/-6063523
Exploit für kritische Lücke in Rocket.Chat veröffentlicht
Wer die im Mai geschlossene kritische Lücke in Rocket.Chat noch nicht gefixt hat, sollte das schleunigst nachholen.
https://heise.de/-6063795
Malware family naming hell is our own fault
EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The way we name malware does not work. Why does it happen and how can we solve it?
https://www.gdatasoftware.com/blog/malware-family-naming-hell
Gootkit: the cautious Trojan
Gootkit is complex multi-stage banking malware capable of stealing data from the browser, performing man-in-the-browser attacks, keylogging, taking screenshots and lots of other malicious actions. Its loader performs various virtual machine and sandbox checks and uses sophisticated persistence algorithms.
https://securelist.com/gootkit-the-cautious-trojan/102731/
OSX/Hydromac
In this guest blog post, the security researcher Taha Karim of ConfiantIntel, dives into a new macOS adware specimen: Hydromac.
https://objective-see.com/blog/blog_0x65.html
WordPress Redirect Hack via Test0.com/Default7.com
Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it-s some malicious resource, scam site or a commercial site that buys traffic from cyber criminals (e.g. counterfeit drugs or replica merchandise). Types of Malicious Redirects There are two major types of malicious redirects: server-side redirects and client-side redirects.
https://blog.sucuri.net/2021/06/wordpress-redirect-hack-via-test0-com-default7-com.html
Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments
The main purpose of Siloscape is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers.
https://unit42.paloaltonetworks.com/siloscape/
This phishing email is pushing password-stealing malware to Windows PCs
An old form of trojan malware has been updated with new abilities, warn cybersecurity researchers.
https://www.zdnet.com/article/this-phishing-email-is-pushing-password-stealing-malware-to-windows-pcs/
Hacking space: How to pwn a satellite
Hacking an orbiting satellite is not light years away - here-s how things can go wrong in outer space
https://www.welivesecurity.com/2021/06/07/hacking-space-how-pwn-satellite/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (libwebp, python-django, ruby-nokogiri, and thunderbird), Fedora (dhcp, polkit, transfig, and wireshark), openSUSE (chromium, inn, kernel, redis, and umoci), Oracle (pki-core:10.6), Red Hat (libwebp, nginx:1.18, rh-nginx118-nginx, and thunderbird), SUSE (gstreamer-plugins-bad), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle).
https://lwn.net/Articles/858561/
Microsoft Edge: Schwachstelle ermöglicht Cross-Site Scripting
https://www.cert-bund.de/advisoryshort/CB-K21-0612
Apache HTTP Server: Schwachstelle ermöglicht Denial of Service
https://www.cert-bund.de/advisoryshort/CB-K21-0611
QNAP NAS: Schwachstelle ermöglicht Cross-Site Scripting
https://www.cert-bund.de/advisoryshort/CB-K21-0613
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-24/
Security Bulletin: cURL libcurl vulnerabilites impacting Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint 4.0 and earlier (CVE-2020-8284, CVE-2020-8286, CVE-2020-8285)
https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-4-0-and-earlier-cve-2020-8284-cve-2020-8286-cve-2020-8285/
Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0 and earlier (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2021-23839-cve-2021-23840-cve-2/
Security Bulletin: Multiple vulnerabilities may affect JRE in IBM DataPower Gateway
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-jre-in-ibm-datapower-gateway/
Security Bulletin: Multiple vulnerabilities affect the IBM Elastic Storage Server GUI
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-elastic-storage-server-gui/
Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-12/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-5/
Security Bulletin: IBM DataPower Gateway vulnerable to a DoS attack
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-a-dos-attack/
Security Bulletin: OpenSSL vulnerability impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0, and earlier (CVE-2020-1971)
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-1971/
Security Bulletin: IBM DataPower Gateway GUI permits use of GET
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-gui-permits-use-of-get/
Security Bulletin: WebSphere Application Server ND is vulnerable to Directory Traversal vulnerability (CVE-2021-20517)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-nd-is-vulnerable-to-directory-traversal-vulnerability-cve-2021-20517/