[CERT-daily] Tageszusammenfassung - 06.12.2021

Daily end-of-shift report team at cert.at
Mon Dec 6 18:11:51 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 03-12-2021 18:00 − Montag 06-12-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Is My Site Hacked? 4 Gut Checks ∗∗∗
---------------------------------------------
Today, we’re looking at 4 quick gut check tests you can do to get the answer to the question, “is my site hacked?” 
---------------------------------------------
https://blog.sucuri.net/2021/12/is-my-site-hacked-4-gut-checks.html


∗∗∗ Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks ∗∗∗
---------------------------------------------
Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months.  The issue, assigned the identifier CVE-2021-44515, is an authentication bypass vulnerability ...
---------------------------------------------
https://thehackernews.com/2021/12/warning-yet-another-zoho-manageengine.html


∗∗∗ Malicious KMSPico Windows Activator Stealing Users Cryptocurrency Wallets ∗∗∗
---------------------------------------------
Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed "CryptBot," is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing screenshots from the infected systems.
---------------------------------------------
https://thehackernews.com/2021/12/malicious-kmspico-windows-activator.html


∗∗∗ The Importance of Out-of-Band Networks ∗∗∗
---------------------------------------------
Out-of-band (or "OoB") networks are usually dedicated to management tasks. Many security appliances and servers have dedicated management interfaces that are used to set up, control, and monitor the device. A best practice is to connect those management interfaces to a dedicated network that is not directly connected to the network used to carry applications/users data.
---------------------------------------------
https://isc.sans.edu/diary/rss/28102


∗∗∗ Who Is the Network Access Broker ‘Babam’? ∗∗∗
---------------------------------------------
Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in stealing remote access credentials -- such as usernames and passwords needed to remotely connect to the targets network. In this post well look at the clues left behind by "Babam," the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions ...
---------------------------------------------
https://krebsonsecurity.com/2021/12/who-is-the-network-access-broker-babam/


∗∗∗ Emotet’s back and it isn’t wasting any time ∗∗∗
---------------------------------------------
Last month we reported on how another notorious bit of malware, TrickBot, was helping Emotet come back from the dead. And then yesterday, several security researchers saw another huge spike in Emotet’s activity.
---------------------------------------------
https://blog.malwarebytes.com/trojans/2021/12/emotets-back-and-it-isnt-wasting-any-time/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities ∗∗∗
---------------------------------------------
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: 
 - Execute code on the affected device or cause it to reload unexpectedly
 - Cause LLDP database corruption on the affected device
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T


∗∗∗ IBM Security Bulletins 2021-12-03 ∗∗∗
---------------------------------------------
IBM Event Streams, IBM Cloud Automation Manager, IBM Data Studio Client, EDB PostreSQL with IBM, EDB Postgres Advanced Server with IBM, IBM Data Management Platform (Enterprise, Standard), IBM QRadar SIEM
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (isync, lib32-nss, nss, opera, and vivaldi), Debian (gerbv and xen), Fedora (autotrace, chafa, converseen, digikam, dmtx-utils, dvdauthor, eom, kxstitch, libsndfile, nss, pfstools, php-pecl-imagick, psiconv, q, R-magick, rss-glx, rubygem-rmagick, seamonkey, skopeo, synfig, synfigstudio, vdr-scraper2vdr, vdr-skinelchihd, vdr-skinnopacity, vdr-tvguide, vim, vips, and WindowMaker), Mageia (golang, kernel, kernel-linus, mariadb, and vim), openSUSE (aaa_base, python-Pygments, singularity, and tor), Red Hat (nss), Slackware (mozilla), SUSE (aaa_base, kernel, openssh, php74, and xen), and Ubuntu (libmodbus, lrzip, samba, and uriparser).
---------------------------------------------
https://lwn.net/Articles/877821/


∗∗∗ ABB Cyber Security Advisory: OmniCore RobotWare Missing Authentication Vulnerability CVE ID: CVE-2021-22279 ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ F5 K50839343: NGINX ModSecurity WAF vulnerability CVE-2021-42717 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K50839343


∗∗∗ F5 K12705583: OpenSSH vulnerability CVE-2021-41617 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K12705583


∗∗∗ Auerswald COMpact Multiple Backdoors ∗∗∗
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/


∗∗∗ Auerswald COMpact Arbitrary File Disclosure ∗∗∗
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-006/


∗∗∗ Auerswald COMpact Privilege Escalation ∗∗∗
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-005/


∗∗∗ Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass ∗∗∗
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-004/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list