End-of-Day report
Timeframe: Freitag 23-07-2021 18:00 - Montag 26-07-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Windows-Netze verwundbar für Relay-Angriff PetitPotam
Forscher demonstrieren einen neuen Weg, sich zum König einer Windows-Domäne aufzuschwingen. Microsoft zuckt mit den Achseln und verweist auf Härtungsmaßnahmen.
https://heise.de/-6147467
GitLab schickt Package Hunter auf die Jagd nach Schadcode
Das neue Open-Source-Tool Package Hunter soll Schadcode in Dependencies erkennen können.
https://heise.de/-6147526
No More Ransom: We Prevented Ransomware Operators From Earning $1 Billion
No More Ransom is celebrating its 5th anniversary and the project says it has helped more than 6 million ransomware victims recover their files and prevented cybercriminals from earning roughly $1 billion.
No More Ransom is a joint effort of law enforcement and cybersecurity companies whose goal is to help victims of ransomware attacks recover their files without having to pay the ransom demanded by criminals.
https://www.securityweek.com/no-more-ransom-we-prevented-ransomware-operators-earning-1-billion
Microsoft warns of weeks-long malspam campaign abusing HTML smuggling
The Microsoft security team said it detected a weeks-long email spam campaign abusing a technique known as -HTML smuggling- to bypass email security systems and deliver malware to user devices.
HTML smugging, as explained by SecureTeam and Outflank, is a technique that allows threat actors to assemble malicious files on users- device by clever use of HTML5 and JavaScript code.
https://therecord.media/microsoft-warns-of-weeks-long-malspam-campaign-abusing-html-smuggling/
RemotePotato0: Privilege Escalation-Schwachstelle im Windows RPC Protocol
Jedes Windows-System ist anfällig für eine bestimmte NTLM-Relay-Attacke, die es Angreifern ermöglichen könnte, die Privilegien vom Benutzer zum Domain-Admin zu erweitern. Diese Schwachstelle besitzt den Status -wird nicht behoben- und war Gegenstand des PetitPotam-Ansatzes, den ich am Wochenende thematisiert hatte. Nun hat Antonio Cocomazzi auf die RemotePotato0 genannte Schwachstelle hingewiesen. Diese verwendet das Windows RPC Protocol für eine Privilegien-Ausweitung.
https://www.borncity.com/blog/2021/07/26/remotepotato0-privilege-escalation-schwachstelle-im-windows-rpc-protocol/
Vulnerabilities
Collabora Online: Update schützt vor unbefugten Dateizugriffen aus der Ferne
Das Collabora Online-Team rät zur Aktualisierung der Online-Officeanwendung, um eine als "kritisch" eingestufte Remote-Angriffsmöglichkeit zu beseitigen.
https://heise.de/-6147967
Security updates for Monday
Security updates have been issued by Debian (aspell, intel-microcode, krb5, rabbitmq-server, and ruby-actionpack-page-caching), Fedora (chromium, containernetworking-plugins, containers-common, crun, fossil, podman, skopeo, varnish-modules, and vmod-uuid), Gentoo (leptonica, libsdl2, and libyang), Mageia (golang, lib3mf, nodejs, python-pip, redis, and xstream), openSUSE (containerd, crmsh, curl, icinga2, and systemd), Oracle (containerd), and Red Hat (thunderbird).
https://lwn.net/Articles/864346/
OTRS: Mehrere Schwachstellen
Ein entfernter authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in OTRS ausnutzen, um Sicherheitsvorkehrungen zu umgehen und einen Cross-Site-Scripting-Angriff durchzuführen.
http://www.cert-bund.de/advisoryshort/CB-K21-0805
Security Bulletin: FasterXML Vulnerability in Jackson-Databind Affects IBM Sterling Connect:Direct File Agent (CVE-2018-7489)
https://www.ibm.com/blogs/psirt/security-bulletin-fasterxml-vulnerability-in-jackson-databind-affects-ibm-sterling-connectdirect-file-agent-cve-2018-7489/
Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Sterling Connect:Direct File Agent (CVE-2020-1953)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-configuration-vulnerability-affects-ibm-sterling-connectdirect-file-agent-cve-2020-1953/
Security Bulletin: IBM i2 Analyze missing security header (CVE-2021-29769)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-missing-security-header-cve-2021-29769/
Security Bulletin: IBM i2 Analyze and i2 Analyst's Notebook Premium has session handling vulnerability (CVE-2021-20431)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-and-i2-analysts-notebook-premium-has-session-handling-vulnerability-cve-2021-20431/
Security Bulletin: Apache PDFBox as used by IBM QRadar Incident Forensics is vulnerable to denial of service (CVE-2021-27807, CVE-2021-27906)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-pdfbox-as-used-by-ibm-qradar-incident-forensics-is-vulnerable-to-denial-of-service-cve-2021-27807-cve-2021-27906/
Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29767)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-premium-has-an-information-disclosure-vulnerability-cve-2021-29767/
Security Bulletin: IBM i2 iBase vulnerable to DLL highjacking (CVE-2020-4623)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-ibase-vulnerable-to-dll-highjacking-cve-2020-4623/
Security Bulletin: IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability (CVE-2021-29784)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-premium-has-an-information-disclosure-vulnerability-cve-2021-29784/
Security Bulletin: IBM QRadar SIEM uses weaker than expected cryptographic algorithms (CVE-2021-20337)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-uses-weaker-than-expected-cryptographic-algorithms-cve-2021-20337/
Security Bulletin: IBM i2 Analyze has an information disclosure vulnerability (CVE-2021-20430)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-has-an-information-disclosure-vulnerability-cve-2021-20430/