End-of-Day report
Timeframe: Mittwoch 21-07-2021 18:00 - Donnerstag 22-07-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Cisco: Wichtiges Sicherheitsupdate für Intersight Virtual Appliance verfügbar
Für die virtuelle Cisco Intersight-Appliance, aber auch für weitere Produkte des Netzwerkausrüsters stehen sicherheitsrelevante Aktualisierungen bereit.
https://heise.de/-6144993
HP, Samsung & Xerox: Lücke in Windows-Druckertreibern gefixt - nach 16 Jahren
Wer die seit Mitte Mai verfügbaren Druckertreiber-Updates noch nicht installiert hat, sollte dies zügig nachholen: Angreifer könnten Systeme übernehmen.
https://heise.de/-6145114
Recovery Scams: Weitere Schäden statt Geld zurück!
Wer Opfer einer betrügerischen Investitionsplattform wird, erleidet mitunter beträchtlichen finanziellen Schaden. Damit nicht genug, folgen wenig später E-Mails oder Anrufe der Kriminellen, die hinter dem Investitionsbetrug steckten. Diesmal geben sie sich jedoch nicht als InvestmentberaterInnen aus, sondern Schlüpfen in eine andere Rolle: Gegen Vorabzahlung versprechen sie Hilfe beim Zurückholen des verlorenen Geldes.
https://www.watchlist-internet.at/news/recovery-scams-weitere-schaeden-statt-geld-zurueck/
MITRE updates list of top 25 most dangerous software bugs
MITRE has shared this years top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years.
https://www.bleepingcomputer.com/news/security/mitre-updates-list-of-top-25-most-dangerous-software-bugs/
Microsoft Issues Windows 10 Workaround Fix for -SeriousSAM- Bug
A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems.
https://threatpost.com/win-10-serioussam/168034/
Compromising a Network Using an "Info" Level Finding
Anyone who has ever read a vulnerability scan report will know that scanners often include a large number of findings they classify as "Info". Typically this is meant to convey general information about the target systems which does not pose any risk.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/compromising-a-network-using-an-info-level-finding/
Vulnerable Plugin Exploited in Spam Redirect Campaign
Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we have been seeing the infections start. This plugin has over 400,000 installations so we have seen a sustained campaign to infect sites with this plugin installed. In this post I will review a common infection seen as a result of this vulnerability in the wp-user-avatar plugin.
https://blog.sucuri.net/2021/07/vulnerable-plugin-exploited-in-spam-redirect-campaign.html
Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services thats remotely exploitable without authentication. It's worth noting that the weakness was originally addressed as part of an out-of-band security update in June 2019.
https://thehackernews.com/2021/07/oracle-warns-of-critical-remotely.html
Vulnerabilities
Security updates for Thursday
Security updates have been issued by Debian (pillow and redis), Fedora (kernel-headers, kernel-tools, kernelshark, libbpf, libtraceevent, libtracefs, nextcloud, and trace-cmd), Gentoo (chromium and singularity), Mageia (kernel, kernel-linus, and systemd), openSUSE (caribou, chromium, curl, and qemu), Oracle (java-1.8.0-openjdk, java-11-openjdk, kernel, and systemd), Slackware (curl), SUSE (curl, kernel, linuxptp, python-pip, and qemu), and Ubuntu (ruby2.3, ruby2.5, ruby2.7).
https://lwn.net/Articles/863997/
Atlassian Patches Critical Vulnerability in Jira Data Center Products
Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products.
https://www.securityweek.com/atlassian-patches-critical-vulnerability-jira-data-center-products
IDEMIA fixed biometric identification devices vulnerabilities discovered by Positive Technologies
https://www.ptsecurity.com/ww-en/about/news/idemia-fixed-biometric-identification-devices-vulnerabilities-discovered-by-positive-technologies
July 22, 2021 TNS-2021-14 [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities
https://www.tenable.com/security/tns-2021-14
Drupal: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K21-0793
cURL: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K21-0797
MB connect line: Apache Guacamole related vulnerabilities in mbCONNECT24, mymbCONNECT24 <= 2.8.0
https://cert.vde.com/de-de/advisories/vde-2021-031
MB connect line: two vulnerabilities in mymbCONNECT24, mbCONNECT24 <= 2.8.0
https://cert.vde.com/de-de/advisories/vde-2021-030
MB connect line: Privilege escalation in mbDIALUP <= 3.9R0.0
https://cert.vde.com/de-de/advisories/vde-2021-017
ZDI-21-893: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-893/
ZDI-21-892: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-892/
ZDI-21-891: (0Day) Apple macOS ImageIO TIFF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-891/
ZDI-21-890: (0Day) Apple macOS AudioToolboxCore LOAS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-890/
Security Bulletin: A vulnerability in IBM Java SDK (April 2021) affects IBM InfoSphere Information Server (CVE-2021-2161)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-april-2021-affects-ibm-infosphere-information-server-cve-2021-2161/
Security Bulletin: Addressing the Sqlite Vulnerability CVE-2021-20227
https://www.ibm.com/blogs/psirt/security-bulletin-addressing-the-sqlite-vulnerability-cve-2021-20227/
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-11/
Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL injection
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-sql-injection-2/
Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Directory Server (CVE-2020-5258)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-security-directory-server-cve-2020-5258/