Tageszusammenfassung - 09.06.2021

End-of-Day report

Timeframe: Dienstag 08-06-2021 18:00 - Mittwoch 09-06-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner

News

Intel fixes 73 vulnerabilities in June 2021 Platform Update

Intel has addressed 73 security vulnerabilities as part of the June 2021 Patch Tuesday, including high severity ones impacting some versions of Intels Security Library and the BIOS firmware for Intel processors. [...]

https://www.bleepingcomputer.com/news/security/intel-fixes-73-vulnerabilities-in-june-2021-platform-update/


PuzzleMaker attacks with Chrome zero-day exploit chain

We detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits.

https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/


Alpaca-Attacke: Angreifer könnten mit TLS gesicherte Verbindungen attackieren

Sicherheitsforscher zeigen theoretische Attacken auf TLS-Verbindungen. Angreifer könnten beispielsweise Sessions kapern.

https://heise.de/-6066915


Nameless Malware Discovered by NordLocker is Now in Have I Been Pwned

[...] they're sitting on a bunch of compromised personal info, now what? As with the two law enforcement agencies, NordLocker's goal is to inform impacted parties which is where HIBP comes in so as of now, all 1,121,484 compromised email addresses are searchable.

https://www.troyhunt.com/nameless-malware-discovered-by-nordlocker-is-now-in-have-i-been-pwned/


Cisco Smart Install Protocol Still Abused in Attacks, 5 Years After First Warning

Cisco-s Smart Install protocol is still being abused in attacks - five years after the networking giant issued its first warning - and there are still roughly 18,000 internet-exposed devices that could be targeted by hackers.

https://www.securityweek.com/cisco-smart-install-protocol-still-abused-attacks-5-years-after-first-warning


Kleinanzeigen-Betrug: Potenzielle KäuferInnen wollen Zahlung über DHL abwickeln

Aktuell wenden Kriminelle in Kleinanzeigenplattformen wie willhaben, shpock und Co vermehrt den DHL-Trick an, um VerkäuferInnen Geld zu stehlen. Dabei geben sich Kriminelle als KäuferInnen aus und schlagen vor, die Zahlung über DHL abzuwickeln. Sie behaupten, DHL verwalte nun Zahlungen, um KäuferInnen und VerkäuferInnen eine sichere Abwicklung zu ermöglichen. In Wahrheit stecken die Kriminellen hinter den DHL-Nachrichten und versuchen so an Ihr Geld zu kommen.

https://www.watchlist-internet.at/news/kleinanzeigen-betrug-potenzielle-kaeuferinnen-wollen-zahlung-ueber-dhl-abwickeln/


The Sysrv-hello Cryptojacking Botnet: Here-s What-s New

The Sysrv-hello botnet is deployed on both Windows and Linux systems by exploiting multiple vulnerabilities and deployed via shell scripts. Like many of the threat actor tools weve covered, it continuously evolves to fit the needs of its operators and stay ahead of security researchers and law enforcement. Over time, there have been several slight changes in the shell scripts that install the Sysrv-hello implant on machines.

https://www.riskiq.com/blog/external-threat-management/sysrv-hello-cryptojacking-botnet/

Vulnerabilities

Unsachgemäße Authentifizierung in SAP NetWeaver ABAP Server und ABAP Platform

Im Rahmen des Patchdays Juni 2021 veröffentlichte die SAP SE den Sicherheitshinweis 3007182, der einen schwerwiegenden Design-Fehler adressiert,-

https://sec-consult.com/de/blog/detail/unsachgemaesse-authentifizierung-in-sap-netweaver-abap-server-und-abap-platform/


Updates verfügbar: Schwachstellen in Message-Brokern RabbitMQ, EMQ X und VerneMQ

Die Message-Broker sind für Denial-of-Service-Angriffe über das IoT-Protokoll MQTT anfällig. Aktuelle Patches sind verfügbar, Sie sollten sie schnell anwenden.

https://heise.de/-6065996


XSA-375 - Speculative Code Store Bypass

Impact: An attacker might be able to infer the contents of arbitrary host memory, including memory assigned to other guests. Resolution: Applying the appropriate attached patch resolves this issue.

https://xenbits.xen.org/xsa/advisory-375.html


Security updates for Wednesday

Security updates have been issued by Debian (eterm, mrxvt, and rxvt), Mageia (cgal, curl, exiv2, polkit, squid, thunderbird, and upx), openSUSE (firefox and libX11), Oracle (libwebp, nginx:1.18, and thunderbird), Red Hat (.NET 5.0, .NET Core 3.1, 389-ds-base, dhcp, gupnp, hivex, kernel, kernel-rt, libldb, libwebp, microcode_ctl, nettle, postgresql:10, postgresql:9.6, qemu-kvm, qt5-qtimageformats, rh-dotnet50-dotnet, and samba), SUSE (apache2-mod_auth_openidc, firefox, gstreamer-plugins-bad, kernel, libX11, pam_radius, qemu, runc, spice, and spice-gtk), and Ubuntu (intel-microcode and rpcbind).

https://lwn.net/Articles/858832/


Dell PowerEdge: Mehrere Schwachstellen

DSA-2021-078: Dell PowerEdge Server Security Advisory for a Trusted Platform Module (TPM) 1.2 Firmware Vulnerability DSA-2021-103: Dell PowerEdge Server Security Update for BIOS Vulnerabilities

http://www.cert-bund.de/advisoryshort/CB-K21-0628


Xen: Mehrere Schwachstellen

Ein lokaler Angreifer kann mehrere Schwachstellen in Xen ausnutzen, um Informationen offenzulegen, seine Privilegien zu erhöhen oder einen Denial of Service Zustand herbeizuführen. * XSA-377: x86: TSX Async Abort protections not restored after S3 * XSA-374: Guest triggered use-after-free in Linux xen-netback * XSA-373: inappropriate x86 IOMMU timeout detection / handling * XSA-372: xen/arm: Boot modules are not scrubbed

http://www.cert-bund.de/advisoryshort/CB-K21-0627


Multiple vulnerabilities in Bosch IP cameras

BOSCH-SA-478243-BT: Multiple vulnerabilities for Bosch IP cameras have been discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch. Bosch rates these vulnerabilities with CVSSv3.1 base scores from 9.8 (Critical) to 4.9 (Medium), where the actual rating depends on the individual vulnerability and the final rating on the customer-s environment.Customers are strongly advised to upgrade to the fixed versions.

https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html


Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe-s Security Bulletins and apply the necessary updates. * APSB21-36 Security update available for Adobe Connect * APSB21-37 Security update available for Adobe Acrobat and Reader * APSB21-38 Security update available for Adobe Photoshop * APSB21-39 Security update available for Adobe Experience Manager * APSB21-41 Security update available for Adobe Creative Cloud Desktop Application * APSB21-44 Security update available for Adobe RoboHelp Server * APSB21-46 Security update available for Adobe Photoshop Elements * APSB21-47 Security update available for Adobe Premiere Elements * APSB21-49 Security update available for Adobe After Effects * APSB21-50 Security update available for Adobe Animate

https://us-cert.cisa.gov/ncas/current-activity/2021/06/08/adobe-releases-security-updates-multiple-products


Security Bulletin: IBM Event Streams is affected by potential data integrity issue (CVE-2020-25649)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-potential-data-integrity-issue-cve-2020-25649/


Security Bulletin: IBM UrbanCode Deploy (UCD) stores keystore passwords in plain after a manuel edit, which can be read by a local user.

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-deploy-ucd-stores-keystore-passwords-in-plain-after-a-manuel-edit-which-can-be-read-by-a-local-user-2/


Nettle cryptography library vulnerability CVE-2021-20305

https://support.f5.com/csp/article/K33101555?utm_source=f5support&utm_medium=RSS


Linux kernel vulnerability CVE-2019-11811

https://support.f5.com/csp/article/K01512680?utm_source=f5support&utm_medium=RSS


Johnson Controls Metasys

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-01


Open Design Alliance Drawings SDK

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02


AVEVA InTouch

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03


Schneider Electric IGSS

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04


Schneider Electric Modicon X80

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-05


Thales Sentinel LDK Run-Time Environment

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-06