End-of-Day report
Timeframe: Montag 05-07-2021 18:00 - Dienstag 06-07-2021 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
How to protect your site against lethal unauthorized code injections
Lethal unauthorized code injections like XXS (cross site scripting) attacks are some of the most dynamic cyber-attacks. They are often very difficult to detect and can result in credit card theft, fraud, and endpoint data breaches, having a huge impact on small to medium sized businesses.
https://cybersecurity.att.com/blogs/security-essentials/how-to-protect-your-site-against-lethal-unauthorized-code-injections
Python DLL Injection Check, (Tue, Jul 6th)
They are many security tools that inject DLL into processes running on a Windows system. The classic examples are anti-virus products.
https://isc.sans.edu/diary/rss/27608
Kaseya VSA: Wie die Lieferketten-Angriffe abliefen und was sie für uns bedeuten
Auch wer nicht davon betroffen ist, sollte sich klarmachen, was da gerade geschieht. Denn Angriffe wie der aktuelle REvil-Coup werden die IT-Welt verändern.
https://heise.de/-6129656
Kaseya Case Update 3
Since the first signs of an incident last Friday evening the DIVD has continued to monitor the internet for instances of Kaseya VSA that remained online. We are happy to report a steady decrease in the number of online servers.
https://csirt.divd.nl/2021/07/06/Kaseya-Case-Update-3/
Vulnerabilities
Authentified RFI to RCE Nagios/NagiosXI exploitation
An authenticated attacker may remotely inject and execute arbitrary code in Nagios and Nagios XI products.
https://github.com/ArianeBlow/NagiosXI-EmersonFI
Security updates for Tuesday
Security updates have been issued by Arch Linux (python-django), Debian (libuv1, libxstream-java, and php7.3), Fedora (rabbitmq-server), Gentoo (glibc, google-chrome, libxml2, and postsrsd), openSUSE (libqt5-qtwebengine and roundcubemail), SUSE (python-rsa), and Ubuntu (djvulibre).
https://lwn.net/Articles/861972/
[20210705] - Core - XSS in com_media imagelist
https://developer.joomla.org:443/security-centre/860-20210705-core-xss-in-com-media-imagelist.html
[20210704] - Core - Privilege escalation through com_installer
https://developer.joomla.org:443/security-centre/859-20210704-core-privilege-escalation-through-com-installer.html
[20210703] - Core - Lack of enforced session termination
https://developer.joomla.org:443/security-centre/858-20210703-core-lack-of-enforced-session-termination.html
[20210702] - Core - DoS through usergroup table manipulation
https://developer.joomla.org:443/security-centre/857-20210702-core-dos-through-usergroup-table-manipulation.html
[20210701] - Core - XSS in JForm Rules field
https://developer.joomla.org:443/security-centre/856-20210701-core-xss-in-jform-rules-field.html
Paessler PRTG: Schwachstelle ermöglicht Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K21-0719
MediaWiki: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0718
QNAP NAS HBS 3: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
http://www.cert-bund.de/advisoryshort/CB-K21-0717