Tageszusammenfassung - 08.06.2021

End-of-Day report

Timeframe: Montag 07-06-2021 18:00 - Dienstag 08-06-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

Microsoft Office MSGraph vulnerability could lead to code execution

Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine.

https://www.bleepingcomputer.com/news/security/microsoft-office-msgraph-vulnerability-could-lead-to-code-execution/


Picture this: Malware Hides in Steam Profile Images

SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam. The developers seem to have a few more ambitious goals.

https://www.gdatasoftware.com/blog/steamhide-malware-in-profile-images


Sicherheitslücke FragAttacks: FritzOS-Updates für alte Fritzboxen

Der Mittelklasse-Router Fritzbox 3490 aus dem Jahr 2014 bekommt das aktuelle FritzOS 7.27 spendiert. Weitere Altmodelle könnten folgen.

https://heise.de/-6065367


Patchday Android: Kritische System- und Qualcomm-Lücken geschlossen

Angreifer könnten Android-Geräte attackieren und unter anderem Informationen leaken oder sogar Schadcode ausführen.

https://heise.de/-6064923


Organizations Warned About DoS Flaws in Popular Open Source Message Brokers

Organizations have been warned about denial of service (DoS) vulnerabilities found in RabbitMQ, EMQ X and VerneMQ, three widely used open source message brokers.

https://www.securityweek.com/organizations-warned-about-dos-flaws-popular-open-source-message-brokers


Vorsicht vor Werbung unseriöser Online-Shops!

Egal ob Facebook, Instagram, Tiktok oder Google: All diese Plattformen sind für Unternehmen attraktive Kanäle, um ihre Werbung zu platzieren. Das gilt allerdings nicht nur für seriöse, sondern auch für unseriöse Unternehmen. Immer wieder melden LeserInnen der Watchlist Internet, dass sie durch Werbeeinschaltungen auf einen problematischen Online-Shop gestoßen sind. Eine aktuelle Untersuchung der Arbeiterkammer Wien in Zusammenarbeit mit der Watchlist Internet [...]

https://www.watchlist-internet.at/news/vorsicht-vor-werbung-unserioeser-online-shops/


TeamTNT Using WatchDog TTPs to Expand Its Cryptojacking Footprint

We have identified indicators traditionally pointing to WatchDog operations being used by the TeamTNT cryptojacking group.

https://unit42.paloaltonetworks.com/teamtnt-cryptojacking-watchdog-operations/

Vulnerabilities

Wago: Updates fixen gefährliche Lücken in industriellen Steuerungssystemen

Seit Mai veröffentlicht Wago nach und nach wichtige Firmware-Updates gegen kritische Lücken in speicherprogrammierbaren Steuerungen (PLC) der Serie 750.

https://heise.de/-6065199


Security updates for Tuesday

Security updates have been issued by Debian (nginx), Fedora (musl), Mageia (dnsmasq, firefox, graphviz, libebml, libpano13, librsvg, libxml2, lz4, mpv, tar, and vlc), openSUSE (csync2, python-py, and snakeyaml), Oracle (qemu), Red Hat (container-tools:2.0, kernel, kpatch-patch, nettle, nginx:1.16, and rh-nginx116-nginx), Slackware (httpd and polkit), SUSE (389-ds, gstreamer-plugins-bad, shim, and snakeyaml), and Ubuntu (gnome-autoar and isc-dhcp).

https://lwn.net/Articles/858644/


SAP Patchday Juni

https://www.cert-bund.de/advisoryshort/CB-K21-0616


Citrix Cloud Connector Security Update

https://support.citrix.com/article/CTX316690


Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update

https://support.citrix.com/article/CTX297155


SSA-133038: Multiple Modfem File Parsing Vulnerabilities in Simcenter Femap

https://cert-portal.siemens.com/productcert/txt/ssa-133038.txt


SSA-200951: Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices

https://cert-portal.siemens.com/productcert/txt/ssa-200951.txt


SSA-208356: DFT File Parsing Vulnerabilities in Solid Edge

https://cert-portal.siemens.com/productcert/txt/ssa-208356.txt


SSA-211752: Multiple NTP-Client Related Vulnerabilities in SIMATIC NET CP 443-1 OPC

https://cert-portal.siemens.com/productcert/txt/ssa-211752.txt


SSA-419820: Denial-of-Service Vulnerability in TIM 1531 IRC

https://cert-portal.siemens.com/productcert/txt/ssa-419820.txt


SSA-522654: Privilege Escalation Vulnerability in Mendix SAML Module

https://cert-portal.siemens.com/productcert/txt/ssa-522654.txt


SSA-645530: TIFF File Parsing Vulnerability in JT2Go and Teamcenter Visualization

https://cert-portal.siemens.com/productcert/txt/ssa-645530.txt


https://new.siemens.com/global/en/products/services/cert.html


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-19/


Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Oracle MySQL

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-oracle-mysql/


Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/


Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-cve-2020-25705-cve-2020-28374/


Security Bulletin: IBM Security Guardium is affected by a Privilege Escalation vulnerability (CVE-2020-4952)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-privilege-escalation-vulnerability-cve-2020-4952-3/


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-18/


Security Bulletin: IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-applications-4-3-nodejs-and-nodejs-express-appsody-stacks-is-vulnerable-to-information-disclosure-buffer-overflow-and-prototype-pollution-exposures/


Security Bulletin: IBM Security Guardium is affected by a Oracle MySQL vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-oracle-mysql-vulnerabilities/


Security Bulletin: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker

https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-se-related-to-the-libraries-component-could-allow-an-unauthenticated-attacker/