End-of-Day report
Timeframe: Freitag 25-06-2021 18:00 - Montag 28-06-2021 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Using VMs To Hide Ransomware Attacks is Becoming More Popular
In early 2020, security researchers were baffled to discover that a ransomware gang had come up with an innovative trick that allowed it to run its payload inside virtual machines on infected hosts as a technical solution that bypassed security software. One year later, that technique has spread among the cybercrime underground and is now used by multiple ransomware operators.
https://it.slashdot.org/story/21/06/28/1521220/using-vms-to-hide-ransomware-attacks-is-becoming-more-popular
Sicherheitsforscher der TU Wien warnen vor vergessenen Subdomains auf Webseiten
Vor einer Online-Sicherheitslücke durch sozusagen vergessene Unterseiten einer Website warnen Forscher der Technischen Universität (TU) Wien. Unter bestimmten Umständen kann man sich über derartige lose Enden bei Subdomains über die Hintertür Zugang zu Hauptseiten verschaffen, berichtet ein Team aus Wien und Italien im Rahmen einer Fachkonferenz.
https://www.derstandard.at/story/2000127773220/sicherheitsforscher-der-tu-wien-warnen-vor-vergessenen-subdomains-auf-webseiten
Jetzt patchen! Angreifer attackieren Cisco Adaptive Security Appliance
Es ist Exploit-Code für eine Sicherheitslücke in Cisco ASA und FTD in Umlauf.
https://heise.de/-6120956
Vulnerabilities
CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability, (Sat, Jun 26th)
This XML External Entity injection (XXE) vulnerability disclosed in March 2019 is still actively scanned for a vulnerable mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10. This exploit attempts to read the Zimbra configuration file that contains an LDAP password for the zimbra account.
https://isc.sans.edu/diary/rss/27570
Western Digital My Book: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode und Löschung der Daten
Western Digital hat eine Schwachstelle in seinen My Book NAS Geräten bekanntgegeben. Ein Angreifer kann diese Schwachstelle ausnutzen, um Schadcode auszuführen und unter Umständen die Geräte in Werkseinstellung zu bringen und alle Daten zu löschen. Dazu ist keine Anmeldung am Gerät erforderlich. ... Das BürgerCERT empfiehlt als Abhilfe, den Herstellerempfehlungen folgend, die Trennung des Gerätes vom Internet.
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/TW/2021/06/warnmeldung_tw-t21-0124.html;jsessionid=7E953CAFA5397551D40B917B580A02AD.internet082?nn=520060
Vulnerability Spotlight: Memory corruption vulnerability in PowerISO-s DMG handler
(CVE-2021-21871) is a memory corruption vulnerability in PowerISO that could result in the attacker gaining the ability to execute code on the victim machine. An attacker can exploit this vulnerability by tricking a user into opening a specially crafted DMG file. Cisco Talos worked with PowerISO to ensure that this issue is resolved and an update is available for affected customers
https://blog.talosintelligence.com/2021/06/vulnerability-spotlight-memory-.html
Security updates for Monday
Security updates have been issued by Debian (bluez, intel-microcode, tiff, and xmlbeans), Fedora (openssh and php-phpmailer6), openSUSE (freeradius-server, java-1_8_0-openjdk, live555, openexr, roundcubemail, tor, and tpm2.0-tools), SUSE (bouncycastle and zziplib), and Ubuntu (linux-kvm and thunderbird).
https://lwn.net/Articles/861221/
ImageMagick: Schwachstelle ermöglicht Offenlegung von Informationen
ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann. Ein lokaler Angreifer kann eine Schwachstelle in ImageMagick ausnutzen, um Informationen offenzulegen.
http://www.cert-bund.de/advisoryshort/CB-K21-0698
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe
ABB - Amnesia:33 - Impact on B&R Products
https://www.br-automation.com/downloads_br_productcatalogue/assets/1621259206587-en-original-1.0.pdf
ABB - Multiple Vulnerabilities in Automation Runtime NTP Service
https://www.br-automation.com/downloads_br_productcatalogue/assets/1621259206592-en-original-1.0.pdf
Security Bulletin: Incorrect authorization in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-29751
https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-authorization-in-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2021-29751/
Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2020-27221, CVE-2020-14782)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments-4/
Security Bulletin: Stack-based Buffer Overflow vulnerabilities in IBM Spectrum Protect Back-up Archive Client and IBM Spectrum Protect for Space Management (CVE-2021-29672, CVE-2021-20546)
https://www.ibm.com/blogs/psirt/security-bulletin-stack-based-buffer-overflow-vulnerabilities-in-ibm-spectrum-protect-back-up-archive-client-and-ibm-spectrum-protect-for-space-management-cve-2021-29672-cve-2021-20546-3/
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) (CVE-2017-18214, CVE-2016-4055, CVE-2021-20413)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-cve-2017-18214-cve-2016-4055-cve-2021-20413/
Security Bulletin: Vulnerability in lpd affects AIX (CVE-2021-29693)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-lpd-affects-aix-cve-2021-29693/
Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak for Automation
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-pak-for-automation-3/
Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability (CVE-2021-26296)
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-cve-2021-26296/
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-sdk-for-node-js-might-affect-the-configuration-editor-used-by-ibm-business-automation-workflow-and-business-process-manager-bpm/
Security Bulletin: Vulnerability in Jasper, Version 8 Service Refresh 5 Fix Pack 33, used in Jetty Server 9.4.14 where Rational Synergy is deployed.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jasper-version-8-service-refresh-5-fix-pack-33-used-in-jetty-server-9-4-14-where-rational-synergy-is-deployed/
Security Bulletin: Vulnerability found in Apache Log4j V1.x may affect IBM Enterprise Records
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-found-in-apache-log4j-v1-x-may-affect-ibm-enterprise-records/