End-of-Day report
Timeframe: Mittwoch 09-06-2021 18:00 - Donnerstag 10-06-2021 18:00
Handler: Robert Waldner
Co-Handler: Dimitri Robl
News
Cloud Atlas Navigates Us Into New Waters
Learn how to interpret nameserver activity to enumerate infrastructure in the context of a recent Cloud Atlas example investigated by Senior Security Researcher, Chad Anderson.
https://www.domaintools.com/resources/blog/cloud-atlas-navigates-us-into-new-waters
BloodHound - Sniffing Out the Path Through Windows Domains
BloodHound is as a tool allowing for the analysis of AD rights and relations, focusing on the ones that an attacker may abuse.
https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Quarterly Report: Incident Response trends from Spring 2021
While the security community made a great effort to warn users of the exploitation of several Microsoft Exchange Server zero-day vulnerabilities, it was still the biggest threat Cisco Talos Incident Response (CTIR) saw this past quarter.
https://blog.talosintelligence.com/2021/06/quarterly-report-incident-response.html
CISA Addresses the Rise in Ransomware Targeting Operational Technology Assets
CISA has published the Rising Ransomware Threat to OT Assets fact sheet in response to the recent increase in ransomware attacks targeting operational technology (OT) assets and control systems.
https://us-cert.cisa.gov/ncas/current-activity/2021/06/09/cisa-addresses-rise-ransomware-targeting-operational-technology
Vulnerabilities
Jetzt patchen! Attacken auf Googles Webbrowser Chrome könnten bevorstehen
Es ist eine gegen verschiedene Attacken abgesicherte Version des Webbrowsers Chrome erschienen.
https://heise.de/-6067353
Security updates for Thursday
Security updates have been issued by Debian (htmldoc, lasso, and rails), Fedora (exiv2, firefox, and microcode_ctl), openSUSE (python-HyperKitty), Oracle (389-ds-base, qemu-kvm, qt5-qtimageformats, and samba), Red Hat (container-tools:3.0, container-tools:rhel8, postgresql:12, and postgresql:13), Scientific Linux (389-ds-base, hivex, libwebp, qemu-kvm, qt5-qtimageformats, samba, and thunderbird), SUSE (caribou, djvulibre, firefox, gstreamer-plugins-bad, kernel, libopenmpt, libxml2,
https://lwn.net/Articles/859008/
ZOLL Defibrillator Dashboard
This advisory contains mitigations for Unrestricted Upload of File with Dangerous Type, Use of Hard-coded Cryptographic Key, Cleartext Storage of Sensitive Information, Cross-site Scripting, Storing Passwords in a Recoverable Format, and Improper Privilege Management vulnerabilities in the ZOLL Defibrillator Dashboard software.
https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01
Rockwell Automation FactoryTalk Services Platform
This advisory contains mitigations for a Protection Mechanism Failure vulnerability in Rockwell Automations Factory Talk Services Platform software.
https://us-cert.cisa.gov/ics/advisories/icsa-21-161-01
AGG Software Web Server Plugin
This advisory contains mitigations for Path Traversal, and Cross-site Scripting vulnerabilities in AGG Softwares Server Plugin.
https://us-cert.cisa.gov/ics/advisories/icsa-21-161-02
Security Advisory - Resource Management Error Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210609-01-resource-en
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-2773)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-java-se-cve-2020-2773/
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Eclipse Jetty (CVE-2021-28163, CVE-2021-28164, CVE-2021-28165)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-eclipse-jetty-cve-2021-28163-cve-2021-28164-cve-2021-28165/
Security Bulletin: Vulnerabilities in IBM Db2 affect IBM Spectrum Protect Server (CVE-2020-5024, CVE-2020-5025, CVE-2020-4976)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-affect-ibm-spectrum-protect-server-cve-2020-5024-cve-2020-5025-cve-2020-4976/
Citrix Hypervisor Security Update
https://support.citrix.com/article/CTX316324