End-of-Day report
Timeframe: Dienstag 20-07-2021 18:00 - Mittwoch 21-07-2021 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
News
Trügerische Gewinnversprechen
Der Onlinehandel mit Finanzinstrumenten wird bei Anlegern immer beliebter. Diesen Trend machen sich Betrüger zunutze. Sie versprechen hohe Gewinne mit betrügerischen Cybertrading-Plattformen.
https://www.bmi.gv.at/news.aspx?id=4661724A4D466861696B4D3D
XLoader malware steals logins from macOS and Windows systems
A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems.
https://www.bleepingcomputer.com/news/security/xloader-malware-steals-logins-from-macos-and-windows-systems/
NPM package steals Chrome passwords on Windows via recovery tool
New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems.
https://www.bleepingcomputer.com/news/security/npm-package-steals-chrome-passwords-on-windows-via-recovery-tool/
Betrügerische E-Mail im Namen der Raiffeisen Bank im Umlauf
Zahlreiche InternetnutzerInnen finden derzeit ein vermeintliches E-Mail der Raiffeisen Bank in ihrem Posteingang. Darin wird behauptet, dass aufgrund aktueller Betrugsversuche ein neues Sicherheitssystem notwendig sei.
https://www.watchlist-internet.at/news/betruegerische-e-mail-im-namen-der-raiffeisen-bank-im-umlauf/
CVE-2021-31969: Underflowing in the Clouds
You can now have your storage in the cloud while exploring it locally on your system. On Windows, this is done via the Cloud Sync Engine. This component exposes a native API known as the Cloud Filter API.
https://www.thezdi.com/blog/2021/7/19/cve-2021-31969-underflowing-in-the-clouds
New Attacks on Kubernetes via Misconfigured Argo Workflows
Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances.
https://www.intezer.com/blog/container-security/new-attacks-on-kubernetes-via-misconfigured-argo-workflows/
Vulnerabilities
Nasty Linux Systemd Security Bug Revealed
Qualys has discovered a new systemd security bug that enables any unprivileged user to cause a denial of service via a kernel panic.
https://it.slashdot.org/story/21/07/20/211230/nasty-linux-systemd-security-bug-revealed
Vulnerability in ON24 Plugin for macOS Shares More Than Just Your Screen
ON24 presenter mode requires you to install a plugin that is used to share your screen. For the macOS app (DesktopScreenShare.app), the plugin is started automatically once a user logs on.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vulnerability-in-on24-plugin-for-macos-shares-more-than-just-your-screen/
HiveNightmare: Nutzer können die Windows-Passwort-Datenbank auslesen
Fehlerhafte Zugriffsrechte verursachen eine Sicherheitslücke in Windows 10 und 11. Einen Patch gibt es noch nicht - wir zeigen aber erste Workarounds.
https://heise.de/-6143746
Sicherheitsupdates: Adobe patcht Photoshop & Co. außer der Reihe
Angreifer könnten Computer, auf denen unter anderem Adobe After Effects oder Prelude laufen, mit Schadcode attackieren.
https://heise.de/-6143780
Root-Kernel-Lücke bedroht viele Linux-Distributionen
Sicherheitsforscher demonstrieren erfolgreiche Attacken auf Debian, Fedora und Ubuntu. Im Anschluss hatten sie Root-Rechte. Patches schaffen Abhilfe.
https://heise.de/-6144023
Security updates for Wednesday
Security updates have been issued by Arch Linux (ant, code, dino, firefox-ublock-origin, go, libuv, nextcloud-app-mail, nodejs-lts-erbium, nodejs-lts-fermium, openvswitch, putty, racket, telegram-desktop, and wireshark-cli), Debian (kernel, linux-4.19, and systemd), Fedora (kernel, kernel-headers, kernel-tools, and krb5), Gentoo (systemd), Mageia (perl-Convert-ASN1 and wireshark), openSUSE (caribou, containerd, crmsh, fossil, icinga2, kernel, nextcloud, and systemd), Red Hat (389-ds:1.4, glibc,[...]
https://lwn.net/Articles/863861/
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in Safari 14.1.2 and iOS 14.7.
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/apple-releases-security-updates
Malware Targeting Pulse Secure Devices
As part of CISA-s ongoing response to Pulse Secure compromises, CISA has analyzed 13 malware samples related to exploited Pulse Secure devices.
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices
VU#914124: Arcadyan-based routers and modems vulnerable to authentication bypass
https://kb.cert.org/vuls/id/914124
Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization
https://cxsecurity.com/issue/WLB-2021070121
Security Bulletin: Multiple vulnerabilities in F5 NGINX Controller affect IBM Cloud Pak for Automation
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/
Nvidia GPU Display Treiber: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0769
PuTTY: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
http://www.cert-bund.de/advisoryshort/CB-K21-0790
Mitsubishi Electric MELSEC-F Series
https://us-cert.cisa.gov/ics/advisories/icsa-21-201-01