End-of-Day report
Timeframe: Montag 02-08-2021 18:00 - Dienstag 03-08-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Supply-Chain-Angriffe: EU-Behörde empfiehlt Code-Checks für Abhängigkeiten
Als Reaktion auf Angriffe wie bei Solarwinds hat die zuständige EU-Behörde einen einfachen Rat. Doch entsprechende Maßnahmen kann offenbar nicht mal Microsoft umsetzen.
https://www.golem.de/news/supply-chain-angriffe-eu-behoerde-empfiehlt-code-checks-fuer-abhaengigkeiten-2108-158595-rss.html
Do You Trust Your Smart TV?
Did you ever stop to think that the office smart TV used for company presentations, Zoom meetings, and other work-related activities may not be so trustworthy?
https://securityaffairs.co/wordpress/120752/iot/smart-tv-security.html
Android-Patchday: Google bessert unter anderem beim Media Framework nach
Updates für das mobile Betriebssystem zielen wieder einmal auf das Media Framework, beseitigen aber etwa auch kritische Lücken aus Qualcomm-Komponenten.
https://heise.de/-6154130
RDP brute force attacks explained
A simple and straightforward explanation of what RDP brute force attacks are, why they are so dangerous, and what you can do about them.
https://blog.malwarebytes.com/explained/2021/08/rdp-brute-force-attacks-explained/
Gefälschte A1-Rechnung führt zu Schadsoftware
Aktuell werden gefälschte A1-E-Mails mit dem Betreff "Rechnung vom 04.07.2021" versendet. Im E-Mail wird behauptet, dass eine Zahlung nicht bearbeitet werden konnte.
https://www.watchlist-internet.at/news/gefaelschte-a1-rechnung-fuehrt-zu-schadsoftware/
Raccoon stealer-as-a-service will now try to grab your cryptocurrency
The malware has been upgraded to target even more financial information.
https://www.zdnet.com/article/raccoon-stealer-as-a-service-will-now-try-to-steal-your-cryptocurrency/
CISA and NSA Release Kubernetes Hardening Guidance
The National Security Agency (NSA) and CISA have released Kubernetes Hardening Guidance, a cybersecurity technical report detailing the complexities of securely managing Kubernetes-an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized applications.
https://us-cert.cisa.gov/ncas/current-activity/2021/08/02/cisa-and-nsa-release-kubernetes-hardening-guidance
Positive Technologies: APT group targeting government agencies around the world detected in Russia for the first time
Positive Technologies Expert Security Center (PT ESC) revealed new attacks by APT31 and analyzed its new tool-a malicious software that allows criminals to control a victim-s computer or network by using remote access.
https://www.ptsecurity.com/ww-en/about/news/positive-technologies-apt-group-targeting-government-agencies-around-the-world-detected-in-russia-for-the-first-time
PetitPotam-Angriffe auf Windows durch RPC-Filter blocken
Sicherheitsforscher haben kürzlich einen neuen Angriffsvektor namens PetitPotam offen gelegt. Mittels eines NTLM-Relay-Angriffs kann jeder Windows Domain Controller übernommen werden.
https://www.borncity.com/blog/2021/08/03/petitpotam-angriffe-auf-windows-durch-filter-blocken/
Vulnerabilities
VU#405600: Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks
Microsoft Windows Active Directory Certificate Services (AD CS) by default can be used as a target for NTLM relay attacks, which can allow a domain-joined computer to take over the entire Active Directory.
https://kb.cert.org/vuls/id/405600
PwnedPiper: Rohrpostsysteme in US-Krankenhäusern über Firmware-Lücken angreifbar
Sicherheitslücken erlaubten Forschern die komplette Übernahme von "Translogic"-Rohrpostsystemen. Hersteller Swisslog Healthcare hat Updates veröffentlicht.
https://heise.de/-6153319
Chrome: Browser-Update für den Desktop schließt Sicherheitslücken
Für die Windows-, Linux- und macOS-Ausgaben des Chrome-Browsers ist ein Update mit insgesamt zehn Security-Fixes verfügbar.
https://heise.de/-6153994
Security updates for Tuesday
Security updates have been issued by Arch Linux (chromium, nodejs, nodejs-lts-erbium, and nodejs-lts-fermium), Debian (pyxdg, shiro, and vlc), openSUSE (qemu), Oracle (lasso), Red Hat (glibc, lasso, rh-php73-php, rh-varnish6-varnish, and varnish:6), Scientific Linux (lasso), SUSE (dbus-1, lasso, python-Pillow, and qemu), and Ubuntu (exiv2, gnutls28, and qpdf).
https://lwn.net/Articles/865029/
Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software
Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that could be exploited to gain code execution on vulnerable devices.
https://www.securityweek.com/code-execution-flaw-found-cisco-firepower-device-manager-box-software
Bypassing Authentication on Arcadyan Routers with CVE-2021-20090 and rooting some Buffalo
In the following sections we will look at how I took the Buffalo devices apart, did a not-so-great solder job, and used a shell offered up on UART to help find a couple of bugs that could let users bypass authentication to the web interface and enable a root BusyBox shell on telnet.
https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
Spyware-ähnliche Funktionen in China-App Bejing One Pass gefunden
Ausländische Firmen, die in China tätig sind, benötigen die App Beijing One Pass, um Zugang zu einer digitalen Plattform für die Verwaltung der staatlichen Leistungen für Arbeitnehmer zu erhalten. Nun haben Sicherheitsspezialisten in dieser App Spyware ähnliche Funktionen gefunden.
https://www.borncity.com/blog/2021/08/02/spyware-hnliche-funktionen-in-china-app-bejing-one-pass-gefunden/
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2021-20227)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2021-20227-2/
Security Bulletin: A vulnerabilty in encoding/unicode in the UTF-16 decoder has been found in x/text package before v0.3.3 for Go that could lead to an infinite loop and denial of service, affecting IBM Cloud Pak for Applications
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerabilty-in-encoding-unicode-in-the-utf-16-decoder-has-been-found-in-x-text-package-before-v0-3-3-for-go-that-could-lead-to-an-infinite-loop-and-denial-of-service-affecting/
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2021-20227)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2021-20227/
Security Bulletin: Vulnerability in ksh affects AIX (CVE-2021-29741)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ksh-affects-aix-cve-2021-29741/
JSA11209
https://kb.juniper.net/InfoCenter/index/content&id=JSA11209
Linux kernel vulnerability CVE-2021-33909
https://support.f5.com/csp/article/K75133288?utm_source=f5support&utm_medium=RSS