[CERT-daily] Tageszusammenfassung - 07.12.2021

Daily end-of-shift report team at cert.at
Tue Dec 7 18:44:35 CET 2021 

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 06-12-2021 18:00 − Dienstag 07-12-2021 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Code-Schmuggel-Sicherheitslücke in Windows nur halbherzig geschlossen ∗∗∗
---------------------------------------------
Eine Lücke in Windows, die bösartige Webseiten zum Ausführen von Schadcode missbrauchen könnte, lässt sich trotz Update noch eingeschränkt missbrauchen.
---------------------------------------------
https://heise.de/-6288402


∗∗∗ Achtung: Jobangebote von „ab-group.info“ & „mctrl-marktforschung.com“ sind Fake ∗∗∗
---------------------------------------------
Homeoffice, flexible Arbeitszeiten, frei wählbare Anstellungsverhältnisse und obendrein gut bezahlt. Das versprechen Marktforschungsagenturen wie „ab-group.info“ & „mctrl-marktforschung.com“. Doch Vorsicht: Dabei handelt es sich um betrügerische Jobangebote. Interessierte übermitteln bei einer Bewerbung persönliche Daten sowie Ausweiskopien an Kriminelle. Im schlimmsten Fall werden im eigenen Namen Bankkonten für Kriminelle eröffnet!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-jobangebote-von-ab-groupinfo-mctrl-marktforschungcom-sind-fake/


∗∗∗ STOP Ransomware vaccine released to block encryption ∗∗∗
---------------------------------------------
German security software company G DATA has released a vaccine that will block STOP Ransomware from encrypting victims files after infection.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/stop-ransomware-vaccine-released-to-block-encryption/


∗∗∗ Apache Kafka Cloud Clusters Expose Sensitive Data for Large Companies ∗∗∗
---------------------------------------------
The culprit is misconfigured Kafdrop interfaces, used for centralized management of the open-source platform.
---------------------------------------------
https://threatpost.com/apache-kafka-cloud-clusters-expose-data/176778/


∗∗∗ WooCommerce Credit Card Swiper Injected Into Random Plugin Files ∗∗∗
---------------------------------------------
It’s that time of year again! While website owners always need to be on guard, the holidays season is when online scams and credit card theft are most rampant. Administrators of ecommerce websites need to be extra vigilant as this case will demonstrate.
---------------------------------------------
https://blog.sucuri.net/2021/12/woocommerce-credit-card-swiper-injected-into-random-plugin-files.html


∗∗∗ Cryptominers arent just a headache – theyre a big neon sign that Bad Things are on your network ∗∗∗
---------------------------------------------
So says Sophos in warning about Tor2Mine Monero malware Cryptominer malware removal is a routine piece of the cybersecurity landscape these days. Yet if criminals are hijacking your compute cycles to mine cryptocurrencies, chances are theres something worse lurking on your network too.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2021/12/07/sophos_tor2mine_research_cryptominer_warning/


∗∗∗ Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm ∗∗∗
---------------------------------------------
Author: Margit Hazenbroek tl;dr An approach to detecting suspicious TLS certificates using an incremental anomaly detection model is discussed. This model utilizes the Half-Space-Trees algorithm and provides our security operations teams (SOC) with the opportunity to detect suspicious behavior, in real-time, even when network traffic is encrypted.
---------------------------------------------
https://blog.fox-it.com/2021/12/07/encryption-does-not-equal-invisibility-detecting-anomalous-tls-certificates-with-the-half-space-trees-algorithm/


∗∗∗ XE Group – Exposed: 8 Years of Hacking & Card Skimming for Profit ∗∗∗
---------------------------------------------
In 2020 and 2021, Volexity identified multiple compromises related to a relatively unknown criminal threat actor that refers to itself as "XE Group". Volexity believes that XE Group is likely a Vietnamese-origin criminal threat actor whose intrusions follow an approximate pattern: Compromise of externally facing services via known exploits (e.g., Telerik UI vulnerabilities) Monetization of these compromises through installation of password theft or credit card skimming code for web [...]
---------------------------------------------
https://www.volexity.com/blog/2021/12/07/xe-group-exposed-8-years-of-hacking-card-skimming-for-profit/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Angreifer attackieren PC-Management-Software Zoho ManageEngine Desktop Central ∗∗∗
---------------------------------------------
Nur die neusten Versionen schützen die Software. Zoho rät zu zügigen Updates.
---------------------------------------------
https://heise.de/-6287937


∗∗∗ 27 flaws in USB-over-network SDK affect millions of cloud users ∗∗∗
---------------------------------------------
Researchers have discovered 27 vulnerabilities in Eltima SDK, a library used by numerous cloud providers to remotely mount a local USB device.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/27-flaws-in-usb-over-network-sdk-affect-millions-of-cloud-users/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (nss), Debian (roundcube and runc), openSUSE (aaa_base, brotli, clamav, glib-networking, gmp, go1.16, hiredis, kernel, mozilla-nss, nodejs12, nodejs14, openexr, openssh, php7, python-Babel, ruby2.5, speex, wireshark, and xen), Oracle (kernel and nss), Red Hat (kpatch-patch, nss, rpm, and thunderbird), SUSE (brotli, clamav, glib-networking, gmp, kernel, mariadb, mozilla-nss, nodejs12, nodejs14, openssh, php7, python-Babel, and wireshark), and Ubuntu [...]
---------------------------------------------
https://lwn.net/Articles/877945/


∗∗∗ QNAP NAS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1252


∗∗∗ Google Android: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1251


∗∗∗ Security Bulletin: Multiple vulnerabilities in Redis affecting the IBM Event Streams UI ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-redis-affecting-the-ibm-event-streams-ui/


∗∗∗ Security Bulletin: Vulnerability in IBM Event Streams through Apache Kafka key/password validation (CVE-2021-38153) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-event-streams-through-apache-kafka-key-password-validation-cve-2021-38153/


∗∗∗ Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in the Java runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-the-java-runtime/


∗∗∗ Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-20254) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-samba-affects-ibm-spectrum-scale-smb-protocol-access-method-cve-2021-20254/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-mozilla-firefox-affect-ibm-cloud-pak-for-multicloud-management-monitoring-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM HTTP Server (powered by Apache) for i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-http-server-powered-by-apache-for-i-3/


∗∗∗ Security Bulletin: Vulnerabilities in Node.js affecting IBM Event Streams (CVE-2021-22960 and CVE-2021-22959) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affecting-ibm-event-streams-cve-2021-22960-and-cve-2021-22959/


∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-15/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list