End-of-Day report
Timeframe: Donnerstag 16-09-2021 18:00 - Freitag 17-09-2021 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
OMIGOD: Microsoft lässt Azure-Admins mit Linux-Lücke allein
Kritische Lücken in der Microsoft-Cloud ermöglichen Root-Angriffe auf Linux-VMs. Microsoft weist die Verantwortung für wichtige Updates allerdings von sich.
https://heise.de/-6194618
US-Heimatschutz warnt vor weitreichenden Angriffen über Zoho ADSelfService Plus
Über eine kritische Sicherheitslücke haben sich APT-Gruppen Zugang zu den Netzwerken mehrerer Organisationen verschafft.
https://heise.de/-6194780
Exploitation of the CVE-2021-40444 vulnerability in MSHTML
Last week, Microsoft reported the RCE vulnerability CVE-2021-40444 in the MSHTML browser engine. Kaspersky is aware of targeted attacks using this vulnerability, and our products protect against attacks leveraging it.
https://securelist.com/exploitation-of-the-cve-2021-40444-vulnerability-in-mshtml/104218/
Malicious Calendar Subscriptions Are Back?, (Fri, Sep 17th)
Did this threat really disappear? This isnt a brand new technique to deliver malicious content to mobile devices but it seems that attackers started new waves of spam campaigns based on malicious calendar subscriptions.
https://isc.sans.edu/diary/rss/27846
A Cheat-Sheet on Internet Cookies - (Who, What, When, Why & How)
What are internet cookies, how should you feel about them? Are they helpful, harmless, dangerous? Cookies are key to our modern online experience with targeted website ads and predictive search text that seems to read our minds. Cookies help us gain a customized online experience, but what do we lose? Are we being manipulated by our own data?
https://blog.sucuri.net/2021/09/a-cheat-sheet-on-internet-cookies-who-what-when-why-how.html
AMD Chipset Driver Vulnerability Can Allow Hackers to Obtain Sensitive Data
Chipmaker AMD has patched a driver vulnerability that could allow an attacker to obtain sensitive information from the targeted system.
https://www.securityweek.com/amd-chipset-driver-vulnerability-can-allow-hackers-obtain-sensitive-data
DDoS botnets, cryptominers target Azure systems after OMIGOD exploit goes public
Threat actors are attacking Azure Linux-based servers using a recently disclosed security flaw named OMIGOD in order to hijack vulnerable systems into DDoS or crypto-mining botnets.
https://therecord.media/ddos-botnets-cryptominers-target-azure-systems-after-omigod-exploit-goes-public/
Vulnerabilities
Analysis of CVE-2021-30860
In this guest blog post, the security researcher Tom McGuire details the flaw and fix of CVE-2021-30860, a zero-click vulnerability, exploited in the wild.
https://objective-see.com/blog/blog_0x67.html
Security updates for Friday
Security updates have been issued by CentOS (firefox and thunderbird), Fedora (haproxy, wordpress, and xen), openSUSE (apache2-mod_auth_openidc, fail2ban, ghostscript, haserl, libcroco, nextcloud, and wireshark), Oracle (kernel and kernel-container), Slackware (httpd), SUSE (crmsh, gtk-vnc, libcroco, Mesa, postgresql12, postgresql13, and transfig), and Ubuntu (libgcrypt20, linux-gcp, linux-gcp-4.15, linux-hwe-5.4, linux-oem-5.13, python3.4, python3.5, and qtbase-opensource-src).
https://lwn.net/Articles/869521/
Siemens RUGGEDCOM ROX
This advisory contains mitigations for Exposure of Sensitive Information to an Unauthorized Actor, Execution with Unnecessary Privileges, and Improper Handling of Insufficient Permissions or Privileges vulnerabilities in Siemens RUGGEDCOM ROX devices.
https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01
Schneider Electric EcoStruxure and SCADAPack
This advisory contains mitigations for a Path Traversal vulnerability in Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect software designed for the x70 SCADAPack system.
https://us-cert.cisa.gov/ics/advisories/icsa-21-259-02
Siemens Teamcenter
This advisory contains mitigations for Privilege Defined with Unsafe Actions, Authorization Bypass Through User-Controlled Key, and Improper Restriction of XML External Entity Reference vulnerabilities in the Siemens Teamcenter virtualization platform.
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-08
Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-nginx-ffects-ibm-cloud-automation-manager/
Security Bulletin: A security vulnerability in Node.js pac-resolver module affects IBM Cloud Automation Manager
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-pac-resolver-module-affects-ibm-cloud-automation-manager/
Security Bulletin: A security vulnerability in Golang GO affects IBM Cloud Automation Manager
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-golang-go-affects-ibm-cloud-automation-manager-2/
Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Automation Manager
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-golang-go-affects-ibm-cloud-automation-manager/
Security Bulletin: IBM® Db2® could allow a local user to read and write specific files due to weak file permissions (CVE-2020-4976)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-a-local-user-to-read-and-write-specific-files-due-to-weak-file-permissions-cve-2020-4976-2/
Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in IBM Http server
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-ibm-http-server/
Security Bulletin: A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-xmlhttprequest-ssl-module-affects-ibm-cloud-automation-manager-2/
Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-automation-manager-3/
Security Bulletin: September 2021 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway
https://www.ibm.com/blogs/psirt/security-bulletin-september-2021-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/
Security Bulletin: A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-xmlhttprequest-ssl-module-affects-ibm-cloud-automation-manager/
Security Bulletin: September 2021 : A vulnerability in IBM Java Runtime affects CICS Transaction Gateway
https://www.ibm.com/blogs/psirt/security-bulletin-september-2021-a-vulnerability-in-ibm-java-runtime-affects-cics-transaction-gateway/