End-of-Day report
Timeframe: Montag 09-08-2021 18:00 - Dienstag 10-08-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
eCh0raix ransomware now targets both QNAP and Synology NAS devices
A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices.
https://www.bleepingcomputer.com/news/security/ech0raix-ransomware-now-targets-both-qnap-and-synology-nas-devices/
Team Cymru-s Threat Hunting Maturity Model Explained
In this four part series we-ll be looking at Team Cymru-s Threat Hunting Maturity Model.
https://team-cymru.com/blog/2021/08/09/team-cymrus-threat-hunting-maturity-model-explained/
Chaos Malware Walks Line Between Ransomware and Wiper
The dangerous malware has been rapidly developed since June and could be released into the wild soon.
https://threatpost.com/chaos-malware-ransomware-wiper/168520/
Vulnerability Management Resources
SANS Vulnerability Management Resources collected in one place for easy access.
https://www.sans.org/blog/vulnerability-management-resources
XLSM Malware with MacroSheets
Excel-based malware has been around for decades and has been in the limelight in recent years.
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/xlsm-malware-with-macrosheets/
Gefälschtes E-Mail der Post im Umlauf
Sie warten auf ein Paket? Dann nehmen Sie sich vor gefälschten Benachrichtigungen der Post in Acht. BetrügerInnen behaupten in einer E-Mail, dass Ihr Paket nicht zugestellt werden konnte und Sie über einen Link einen weiteren Zustellversuch anfordern müssen.
https://www.watchlist-internet.at/news/gefaelschtes-e-mail-der-post-im-umlauf/
Vulnerabilities
Root-Lücke in VPN-Lösung Pulse Connect Secure als Schadcode-Schlupfloch
Ein wichtiges Sicherheitsupdates schließt Schwachstellen in der Fernzugriff-Software Pulse Connect Secure.
https://heise.de/-6159492
Firefox und Firefox ESR gegen verschiedene Attacken abgesichert
Mozilla hat mehrere Sicherheitslücken in seinem Webbrowser Firefox geschlossen.
https://heise.de/-6160037
Security updates for Tuesday
Security updates have been issued by CentOS (flatpak and microcode_ctl), Debian (c-ares, lynx, openjdk-8, and tomcat9), Fedora (kernel), openSUSE (apache-commons-compress, aria2, djvulibre, fastjar, kernel, libvirt, linuxptp, mysql-connector-java, nodejs8, virtualbox, webkit2gtk3, and wireshark), Oracle (kernel, kernel-container, and microcode_ctl), Red Hat (glib2, kernel, kernel-rt, kpatch-patch, and rust-toolset-1.52 and rust-toolset-1.52-rust), Scientific Linux (microcode_ctl), [...]
https://lwn.net/Articles/865872/
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products.
https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/adobe-releases-security-updates-multiple-products
WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting
https://jvn.jp/en/jp/JVN65388002/
SSA-938030: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
https://cert-portal.siemens.com/productcert/txt/ssa-938030.txt
SSA-865327: Incorrect Authorization Vulnerability in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-865327.txt
SSA-830194: Missing Authentication Vulnerability in S7-1200 Devices
https://cert-portal.siemens.com/productcert/txt/ssa-830194.txt
SSA-818688: Multiple Vulnerabilities in Solid Edge before SE2021MP7
https://cert-portal.siemens.com/productcert/txt/ssa-818688.txt
SSA-756744: OS Command Injection Vulnerability in SINEC NMS
https://cert-portal.siemens.com/productcert/txt/ssa-756744.txt
SSA-679335: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules
https://cert-portal.siemens.com/productcert/txt/ssa-679335.txt
SSA-553445: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions
https://cert-portal.siemens.com/productcert/txt/ssa-553445.txt
SSA-365397: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1
https://cert-portal.siemens.com/productcert/txt/ssa-365397.txt
SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
https://cert-portal.siemens.com/productcert/txt/ssa-309571.txt
SSA-158827: Denial-of-Service Vulnerability in Automation License Manager
https://cert-portal.siemens.com/productcert/txt/ssa-158827.txt
Security Bulletin: A vulnerability in glibc impacts IBM Watson- Speech Services
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-glibc-impacts-ibm-watson-speech-services/
Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-cve-2020-25705-cve-2020-28374-2/
Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct File Agent
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-file-agent-4/
Security Bulletin: IBM Planning Analytics Spreadsheet Services is affected by security vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-spreadsheet-services-is-affected-by-security-vulnerabilities/
Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-spring-framework-vulnerability-3/
Security Bulletin: IBM Security Guardium is affected by a Oracle MySQL vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-oracle-mysql-vulnerabilities-2/
Security Bulletin: Vulnerability in self-service console affects IBM Cloud Pak System (CVE-2021-20478)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-self-service-console-affects-ibm-cloud-pak-system-cve-2021-20478-2/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-6/
XSA-357
https://xenbits.xen.org/xsa/advisory-357.html
TYPO3 Core: Schwachstelle ermöglicht Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K21-0842
SAP Patchday August 2021: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0847
Citrix ShareFile storage zones controller security update
https://support.citrix.com/article/CTX322787
XML External Entity Expansion in MobileTogether Server
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-002/