Tageszusammenfassung - 02.08.2021

End-of-Day report

Timeframe: Freitag 30-07-2021 18:00 - Montag 02-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner

News

Linux eBPF bug gets root privileges on Ubuntu - Exploit released

CVE-2021-3490. A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines. ... If properly exploited, a local attacker could get kernel privileges to run arbitrary code on the machine.

https://www.bleepingcomputer.com/news/security/linux-ebpf-bug-gets-root-privileges-on-ubuntu-exploit-released/

Remote print server gives anyone Windows admin privileges on a PC

A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver.

https://www.bleepingcomputer.com/news/microsoft/remote-print-server-gives-anyone-windows-admin-privileges-on-a-pc/

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services (IIS) servers to infiltrate their networks.

https://thehackernews.com/2021/08/new-apt-hacking-group-targets-microsoft.html

PwnedPiper threatens thousands of hospitals worldwide, patch your systems now

Nine critical vulnerabilities in a popular hospital pneumatic tube software could give attackers control of infrastructure and allow them to launch additional attacks that cripple healthcare operations. Discovered by researchers at security platform provider Armis and dubbed PwnedPiper, the vulnerabilities are in the Nexus Control Panel software used by Translogic pneumatic tube systems (PTS) built by Swisslog Healthcare.

https://www.techrepublic.com/article/pwnedpiper-threatens-thousands-of-hospitals-worldwide-patch-your-systems-now/

Vultur: Android-Trojaner späht Login-Daten für Bankkonten und E-Wallets aus

Die fernsteuerbare Malware Vultur für Android-Smartphones nutzt Funktionen zur Bildschirmaufzeichnung, um sensible Informationen auf Handys zu stehlen.

https://heise.de/-6152250

Palo Alto Networks Discloses New Attack Surface Targeting Microsoft IIS and SQL Server at Black Hat Asia 2021

The technique allows attackers to remotely attack IIS and SQL Server to gain SYSTEM privileges by using Microsoft Jet database engine vulnerabilities. ... In response to this research, Microsoft released a complex patch to mitigate this attack surface. However, the patch is turned off by default and most Jet vulnerabilities are still not patched. We highly recommend that our customers proactively turn on mitigation to disable remote tables access in the registry and stay cautious of these kinds of attacks.

https://unit42.paloaltonetworks.com/iis-and-sql-server/

Decryptor released for Prometheus ransomware victims

Taiwanese security firm CyCraft has released a free application that can help victims of the Prometheus ransomware recover and decrypt some of their files.

https://therecord.media/decryptor-released-for-prometheus-ransomware-victims/

Vulnerabilities

Foxit PDF Reader und Editor: Updates beseitigen zahlreiche Schwachstellen

Für Foxits PDF-Software für Windows und macOS stehen Aktualisierungen bereit, die unter anderem vor Remote Code Execution-Angriffen schützen sollen.

https://heise.de/-6152683

Security updates for Monday

Security updates have been issued by Arch Linux (389-ds-base, consul, containerd, geckodriver, powerdns, vivaldi, webkit2gtk, and wpewebkit), Debian (aspell, condor, libsndfile, linuxptp, and lrzip), and Fedora (bluez, buildah, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, kernel, kernel-tools, mbedtls, mingw-exiv2, mingw-python-pillow, mrxvt, python-pillow, python2-pillow, redis, and seamonkey).

https://lwn.net/Articles/864898/