End-of-Day report
Timeframe: Montag 21-06-2021 18:00 - Dienstag 22-06-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Darkside RaaS in Linux version
Unlike the Windows version of the malware that targets any Windows endpoint, Darkside Linux version is mostly targeting ESXi servers. Its default configuration includes the root path of ESX server machines. Targeted extensions are 'vmdk', 'log', 'vmem', 'vmsn' that are used in ESX servers for saving virtual machines information, data, and logs.
https://cybersecurity.att.com/blogs/labs-research/darkside-raas-in-linux-version
Wormable DarkRadiation Ransomware Targets Linux and Docker Instances
Cybersecurity researchers have disclosed a new ransomware strain called "DarkRadiation" thats implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. "The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers from Trend Micro said [..]
https://thehackernews.com/2021/06/wormable-darkradiation-ransomware.html
Paketmanager: Kryptomining-Schadcode auf PyPI zielt auf Data-Science-Projekte
Mit Namen wie mplatlib setzen die Pakete auf Verwechslung zu matplotlib. Sie laden ein Bash-Skript herunter, das versucht einen Kryptominer zu installieren.
https://heise.de/-6113470
Shadow Credentials: Abusing Key Trust Account Mapping for Takeover
The techniques for DACL-based attacks against User and Computer objects in Active Directory have been established for years. [..] These techniques have their shortcomings [..]
Tl;dr: It is possible to add -Key Credentials- to the attribute msDS-KeyCredentialLink of the target user/computer object and then perform Kerberos authentication as that account using PKINIT.
In plain English: this is a much easier and more reliable takeover primitive against Users and Computers.
A tool to operationalize this technique has been released alongside this post.
https://posts.specterops.io/shadow-credentials-abusing-key-trust-account-mapping-for-takeover-8ee1a53566ab
Vulnerabilities
Tor Browser fixes vulnerability that tracks you using installed apps
The Tor Project has released Tor Browser 10.0.18 to fix numerous bugs, including a vulnerability that allows sites to track users by fingerprinting the applications installed on their devices.
https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/
Bugs in NVIDIA-s Jetson Chipset Opens Door to DoS Attacks, Data Theft
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.
https://threatpost.com/nvidia-jetson-chipset-dos-data-theft/167093/
Zephyr OS Bluetooth vulnerabilities left smart devices open to attack
The S in IoT stands for security. Vulnerabilities in the Zephyr real-time operating systems Bluetooth stack have been identified, leaving a wide variety of Internet of Things devices open to attack - unless upgraded to a patched version of the OS.-
https://go.theregister.com/feed/www.theregister.com/2021/06/22/zephyr_os_bluetooth_vulnerabilities/
VMSA-2021-0012
CVE(s): CVE-2021-21998
The VMware Carbon Black App Control management server has an authentication bypass. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.4.
https://www.vmware.com/security/advisories/VMSA-2021-0012.html
Security updates for Tuesday
Security updates have been issued by Fedora (audacity), openSUSE (chromium), Oracle (glib2), SUSE (Salt and salt), and Ubuntu (apache2 and openexr).
https://lwn.net/Articles/860559/
Security Advisory - Improper Permission Assignment Vulnerability in Some USB Dongle Products
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210602-01-permission-en
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-7/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-6/
Security Bulletin: A Security Vulnerability in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and its Agent
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-ibm-java-runtime-affect-ibm-license-key-server-administration-and-reporting-tool-and-its-agent/
Security Bulletin: Vulnerability in OpenSSL affects Power Hardware Management Console (CVE-2021-3449).
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-power-hardware-management-console-cve-2021-3449/
Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in cyrus-sasl (CVE-2019-19906)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-a-vulnerability-in-cyrus-sasl-cve-2019-19906/
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-2/
Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-CVE-2021-3449)
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-messagegateway-cve-cve-2021-3449/
Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in GNU cpio (CVE-2019-14866)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-a-vulnerability-in-gnu-cpio-cve-2019-14866/
Security Bulletin: A vulnerability in IBM WebSphere Liberty affects IBM WIoTP MessageGateway
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-liberty-affects-ibm-wiotp-messagegateway-2/
Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in libxml2
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-vulnerabilities-in-libxml2/