End-of-Day report
Timeframe: Freitag 18-06-2021 18:00 - Montag 21-06-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Easy Access to the NIST RDS Database, (Sat, Jun 19th)
When you're facing some suspicious files while performing forensic investigations or analyzing malware components, it's always interesting to know these files are legit or malicious/modified. One of the key sources to verify hashes is provided by NIST and is called the NSLR project ("National Software Reference Library"). [...] CIRCL, the Luxembourg CERT, has a good reputation to offer/participate in services like MISP, a passive DNS service, etc. They are now offering an API to query the NIST RDS via HTTP or DNS requests!
https://isc.sans.edu/diary/rss/27544
5 Critical Steps to Recovering From a Ransomware Attack
Businesses must prepare for the possibility of a ransomware attack affecting their data, services, and business continuity. What steps are involved in recovering from a ransomware attack?
https://thehackernews.com/2021/06/5-critical-steps-to-recovering-from.html
*** In eigener Sache: CERT.at sucht Verstärkung: IT-Security Analyst/Analystin (m/w/d - Vollzeit - Wien) ***
Zur Verstärkung unseres Analysis-Teams suchen wir nach einem/einer IT-Security Analysten/Analystin.
https://cert.at/de/ueber-uns/jobs/
Vulnerabilities
DSA-4932 tor - security update
Multiple security vulnerabilities were discovered in Tor, aconnection-based low-latency anonymous communication system, whichcould result in denial of service or spoofing.
https://www.debian.org/security/2021/dsa-4932
Autodesk schließt Schadcode-Schlupflöcher in AutoCAD-Anwendungen
Es gibt wichtige Sicherheitsupdates für verschiedene Produkte der AutoCAD-Familie.
https://heise.de/-6112990
Security updates for Monday
Security updates have been issued by Arch Linux (connman, go, and grub), Debian (nettle, prosody, and tor), Fedora (iaito, mingw-ilmbase, mingw-openexr, mingw-python-urllib3, mosquitto, nettle, polkit, and radare2), Mageia (puddletag, python-babel, python-eventlet, and python-pikepdf), openSUSE (htmldoc), SUSE (go1.15, go1.16, gupnp, and libgcrypt), and Ubuntu (apache2 and dovecot).
https://lwn.net/Articles/860418/
CVE-2021-3609: Race condition in net/can/bcm.c leads to local privilege escalation
this is an announcement for the recently reported bug (CVE-2021-3609) in the CAN BCM networking protocol in the Linux kernel ranging from version 2.6.25 to mainline 5.13-rc6. The vulnerability is a race condition in net/can/bcm.c allowing for local privilege escalation to root.
https://seclists.org/oss-sec/2021/q2/225
SYSS-2021-032: Admin Columns Free & Pro - Persistent Cross-Site Scripting (XSS) in Custom Field (CVE-2021-24365)
Das WordPress-Plug-in -Admin Columns- ermöglicht bis Version 5.5.1 (Pro) bzw. 4.3 (Free) Persistent Cross-Site Scripting (XSS)-Angriffe.
https://www.syss.de/pentest-blog/syss-2021-032-admin-columns-free-pro-persistent-cross-site-scripting-xss-in-custom-field-cve-2021-24365
Security Advisory - Deserialization Vulnerability in Huawei AnyOffice Product
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210619-01-injection-en
Security Bulletin: RabbitMQ as used by IBM QRadar SIEM is vulnerable to unsafe deserialization (CVE-2020-36282)
https://www.ibm.com/blogs/psirt/security-bulletin-rabbitmq-as-used-by-ibm-qradar-siem-is-vulnerable-to-unsafe-deserialization-cve-2020-36282-2/
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js lodash vulnerability (CVE-2020-28500)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-lodash-vulnerability-cve-2020-28500/
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js lodash vulnerability (CVE-2021-23337)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-lodash-vulnerability-cve-2021-23337/
Security Bulletin: WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2021-20492)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-java-batch-is-vulnerable-to-an-xml-external-entity-injection-xxe-vulnerability-cve-2021-20492-3/