Tageszusammenfassung - 14.07.2021

End-of-Day report

Timeframe: Dienstag 13-07-2021 18:00 - Mittwoch 14-07-2021 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer

News

Updated Joker Malware Floods into Android Apps

The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners.

https://threatpost.com/updated-joker-malware-android-apps/167776/

Cybercrime-Bande REvil von der Bildfläche verschwunden

Die Kriminellen erpressten über 1000 Firmen, deren Daten sie mit dem Kaseya-Lieferketten-Angriff verschlüsselten. Jetzt sind ihre Server nicht mehr erreichbar.

https://heise.de/-6137119

Identitätsdiebstahl statt Darlehen: Schließen Sie keinen Kredit auf 1superkredit.com und kredit-united.com ab!

Sind Sie auf der Suche nach einem Kredit? Dann stoßen Sie womöglich auf die Webseiten 1superkredit.com oder kredit-united.com. Zwei Webseiten, die einiges gemeinsam haben: Die Webseiten sehen sehr ähnlich aus, bewerben Kredite zu günstigen Bedingungen und hinter beiden Seiten stecken BetrügerInnen.

https://www.watchlist-internet.at/news/identitaetsdiebstahl-statt-darlehen-schliessen-sie-keinen-kredit-auf-1superkreditcom-und-kredit-unit/

CISA Releases Analysis of FY20 Risk and Vulnerability Assessments

CISA has released an analysis and infographic detailing the findings from the Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year (FY) 2020 across multiple sectors.

https://us-cert.cisa.gov/ncas/current-activity/2021/07/08/cisa-releases-analysis-fy20-risk-and-vulnerability-assessments

Vulnerabilities

SonicWall warns of critical ransomware risk to SMA 100 VPN appliances

SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.

https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-ransomware-risk-to-sma-100-vpn-appliances/

Authentication bypass & Remote code Execution bei Schneider Electric EVlink Ladestationen

Schneider Electric Ladestationen für E-Autos der "EVlink" Serie sind von zwei Schwachstellen betroffen die es einem Angreifer ermöglichen das System zu übernehmen und dort beliebige Befehle auszuführen.

https://sec-consult.com/de/vulnerability-lab/advisory/authentication-bypass-remote-code-execution-bei-schneider-electric-evlink-ladestationen/

Microsoft-Patchday: Angreifer nutzen vier Sicherheitslücken in Windows aus

Microsoft schließt unter anderem kritische Schadcode-Lücken in der Schutzlösung Windows Defender. Neben aktiven Angriffen könnten weitere Attacken bevorstehen.

https://heise.de/-6137050

Patchday: Adobe schließt kritische Lücken in Bridge, Illustrator & Co.

Es gibt wichtige Sicherheitsupdates für verschiedene Adobe-Anwendungen. Angreifer könnten Schadcode ausführen.

https://heise.de/-6137110

Patchday SAP: Angreifer könnten unberechtigt auf NetWeaver zugreifen

Der Softwarehersteller SAP schließt mehrere Sicherheitslücken in seinem Portfolio.

https://heise.de/-6137467

Security updates for Wednesday

Security updates have been issued by CentOS (xstream), Debian (linuxptp), Fedora (glibc and krb5), Gentoo (pillow and thrift), Mageia (ffmpeg and libsolv), openSUSE (kernel and qemu), SUSE (kernel), and Ubuntu (php5, php7.0).

https://lwn.net/Articles/862855/

ICS Patch Tuesday: Siemens and Schneider Electric Address 100 Vulnerabilities

Industrial giants Siemens and Schneider Electric on Tuesday released a total of two dozen advisories covering roughly 100 vulnerabilities affecting their products.

https://www.securityweek.com/ics-patch-tuesday-siemens-and-schneider-electric-address-100-vulnerabilities

Security Bulletin: Unrestricted document type definition vulnerability affects IBM Sterling Secure Proxy

https://www.ibm.com/blogs/psirt/security-bulletin-unrestricted-document-type-definition-vulnerability-affects-ibm-sterling-secure-proxy/

Security Bulletin: A security vulnerability was fixed in IBM Security Access Manager and IBM Security Verify Access Docker containers

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-was-fixed-in-ibm-security-access-manager-and-ibm-security-verify-access-docker-containers/

Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access Docker container

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-were-detected-in-ibm-secure-external-authentication-server-2/

Security Bulletin: Apache PDFBox Vulnerabilities Affect IBM Control Center (CVE-2021-31811, CVE-2021-31812)

https://www.ibm.com/blogs/psirt/security-bulletin-apache-pdfbox-vulnerabilities-affect-ibm-control-center-cve-2021-31811-cve-2021-31812/

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-were-detected-in-ibm-secure-external-authentication-server/

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-were-detected-in-ibm-secure-proxy/

VMSA-2021-0015

https://www.vmware.com/security/advisories/VMSA-2021-0015.html

Schneider Electric C-Bus Toolkit

https://us-cert.cisa.gov/ics/advisories/icsa-21-194-01

Schneider Electric SCADApack RTU, Modicon Controllers, and Software

https://us-cert.cisa.gov/ics/advisories/icsa-21-194-02

Tageszusammenfassung - 14.07.2021

End-of-Day report

News

Updated Joker Malware Floods into Android Apps

Cybercrime-Bande REvil von der Bildfläche verschwunden

Identitätsdiebstahl statt Darlehen: Schließen Sie keinen Kredit auf 1superkredit.com und kredit-united.com ab!

CISA Releases Analysis of FY20 Risk and Vulnerability Assessments

Vulnerabilities

SonicWall warns of critical ransomware risk to SMA 100 VPN appliances

Authentication bypass & Remote code Execution bei Schneider Electric EVlink Ladestationen

Microsoft-Patchday: Angreifer nutzen vier Sicherheitslücken in Windows aus

Patchday: Adobe schließt kritische Lücken in Bridge, Illustrator & Co.

Patchday SAP: Angreifer könnten unberechtigt auf NetWeaver zugreifen

Security updates for Wednesday

ICS Patch Tuesday: Siemens and Schneider Electric Address 100 Vulnerabilities

Security Advisory - Privilege Escalation Vulnerability in Huawei Products

Security Advisory - Privilege Escalation Vulnerability in some Huawei Products

Security Advisory - Logic Error Vulnerability in Several Smartphones

Security Bulletin: Unrestricted document type definition vulnerability affects IBM Sterling Secure Proxy

Security Bulletin: A security vulnerability was fixed in IBM Security Access Manager and IBM Security Verify Access Docker containers

Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access Docker container

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

Security Bulletin: Apache PDFBox Vulnerabilities Affect IBM Control Center (CVE-2021-31811, CVE-2021-31812)

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy

VMSA-2021-0015

Schneider Electric C-Bus Toolkit

Schneider Electric SCADApack RTU, Modicon Controllers, and Software