Tageszusammenfassung - 26.08.2021

End-of-Day report

Timeframe: Mittwoch 25-08-2021 18:00 - Donnerstag 26-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Dimitri Robl

News

Microsoft: ProxyShell bugs -might be exploited,- patch servers now!

Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions.

https://www.bleepingcomputer.com/news/microsoft/microsoft-proxyshell-bugs-might-be-exploited-patch-servers-now/


Valuable Datasets to Analyze Network Infrastructure | Part 3

In the final installment of this series, learn about Passive DNS and how it works, explore valuable artifacts for investigations, and study our handy cheat sheet.

https://www.domaintools.com/resources/blog/valuable-datasets-to-analyze-network-infrastructure-part-3


Plug and Play: Adminrechte bekommt man auch mit Steelseries-Mäusen

Eine Maus einstecken und den dazugehörigen Installer für erweiterte Rechte ausnutzen: Das funktioniert bei Razer und auch bei Steelseries.

https://www.golem.de/news/plug-and-play-adminrechte-bekommt-man-auch-mit-steelseries-maeusen-2108-159140.html


Secure PLC Coding Practices

In the world of operational technology, programmable logic controllers (PLCs) control physical elements such as a municipal water supply system, the room temperature in offices or a chocolate bar packaging machine.

https://securityblog.switch.ch/2021/08/26/secure-plc-coding-practices/


Engineering Workstations Are Concerning Initial Access Vector in OT Attacks

Organizations that use industrial control systems (ICS) and other operational technology (OT) are increasingly concerned about cyber threats, and while they have taken steps to address risks, many don-t know if they have suffered a breach, according to a survey conducted by the SANS Institute on behalf of industrial cybersecurity firm Nozomi Networks.

https://www.securityweek.com/engineering-workstations-are-concerning-initial-access-vector-ot-attacks


Admin password re-use. Don-t do it

As a pentester, one of the most disappointing sights is see on a test is extensive local admin password reuse. I know others get excited as it means easy pwnage [...]

https://www.pentestpartners.com/security-blog/admin-password-re-use-dont-do-it/


Betrug mit angeblichen Nachrichten des Mobilfunkbetreibers

Erneut werden massenhaft betrügerische SMS ausgeschickt. Es soll sich um eine -Neue Nachricht des Mobilfunkbetreibers- handeln. Für mehr Infos soll man einem Link folgen. Achtung: Der Link führt auf eine betrügerische Website mit Schadsoftware! Die Nachricht kommt nicht vom Netzbetreiber.

https://www.watchlist-internet.at/news/betrug-mit-angeblichen-nachrichten-des-mobilfunkbetreibers/

Vulnerabilities

Atlassian: Kritische Sicherheitslücke in Confluence

Nutzer, die die Wiki-Software Confluence von Atlassian selbst hosten, sind zum Update aufgefordert

https://www.golem.de/news/atlassian-kritische-sicherheitsluecke-in-confluence-2108-159161.html


ZDI-21-1026: (0Day) D-Link DIR-2055 HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2055 routers. Authentication is not required to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-21-1026/


ZDI-21-1025: (0Day) D-Link DIR-2055 HNAP Incorrect Comparison Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2055 routers. Authentication is not required to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-21-1025/


Ethereum-Client Geth: Dringendes Update wegen schwerer Lücke

Eine schwerwiegende Lücke im verbreiteten Ethereum-Client Geth könnte damit betriebene Blockchain-Knoten lahmlegen. Eine gepatchte Version steht aber bereit.

https://heise.de/-6174832


Updates verfügbar: Cisco fixt unter anderem kritische Lücke in APIC & Cloud APIC

Für die Verwaltungskomponente von Ciscos Application Centric Infrastructure (ACI) und viele weitere Produkte stehen wichtige Aktualisierungen bereit.

https://heise.de/-6174789


Drupal: Updates sichern zwei Module gegen Angriffe ab

Die Module "Webform" und "Admin Toolbar" für das Content Management System Drupal waren unter bestimmten Voraussetzungen via Cross-Site-Scripting angreifbar.

https://heise.de/-6175086


Security updates for Thursday

Security updates have been issued by Fedora (community-mysql, containerd, dotnet3.1, dotnet5.0, perl-Encode, and tor), Mageia (gpsd), openSUSE (cacti, cacti-spine, go1.16, jetty-minimal, libmspack, mariadb, openexr, and tor), SUSE (aspell, jetty-minimal, libesmtp, mariadb, and unrar), and Ubuntu (firefox and mongodb).

https://lwn.net/Articles/867492/


Synology-SA-21:24 OpenSSL

Multiple vulnerabilities allow remote attackers to conduct denial-of-service attack or execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), VPN Plus Server or VPN Server.

https://www.synology.com/en-global/support/security/Synology_SA_21_24


Kaseya Unitrends update

Mid July 2021 we opened case DIVD-2021-00014 tracking multiple vulnerabilities in Kaseya Unitrends. These vulnerabilities consited of: An authenticated remote code execution vulnerability on the server, a privilege escaltion vulnerability from read-only user to admin on the server and a (yet) undisclosed vulnerability on the client [...]

https://csirt.divd.nl/2021/08/26/Kaseya-Unitrends-update/


Teamviewer: August Updates - Security Patches

https://community.teamviewer.com/English/discussion/117794/august-updates-security-patches/p1


Security Bulletin: CVE-2020-2773 (deferred from Oracle Apr 2020 CPU)

https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2773-deferred-from-oracle-apr-2020-cpu-3/


VMSA-2021-0019

https://www.vmware.com/security/advisories/VMSA-2021-0019.html


PHOENIX CONTACT : Security Advisory for FL SWITCH SMCS series (UPDATE A)

https://cert.vde.com/de-de/advisories/vde-2021-023


HP OfficeJet: Schwachstelle ermöglicht Cross-Site Scripting

http://www.cert-bund.de/advisoryshort/CB-K21-0909