[CERT-daily] Tageszusammenfassung - 16.11.2021

Tue Nov 16 19:08:08 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 15-11-2021 18:00 − Dienstag 16-11-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Wolfgang Menezes

=====================
=       News        =
=====================

∗∗∗ Malware: Emotet ist zurück ∗∗∗
---------------------------------------------
Sicherheitsforscher haben eine neue Variante von Emotet entdeckt. Noch wird der Schädling von einer anderen Malware nachgeladen.
---------------------------------------------
https://www.golem.de/news/malware-emotet-ist-zurueck-2111-161124-rss.html


∗∗∗ Windows Sonder-Updates gegen DC-Authentifizierungsprobleme und Druckprobleme ∗∗∗
---------------------------------------------
Die Sicherheitsupdates vom November für Windows verursachen teils Authentifizierungsprobleme bei Domain Controllern sowie Druckprobleme. Microsoft patcht nach.
---------------------------------------------
https://heise.de/-6267784


∗∗∗ Fake Ransomware Infection Spooks Website Owners ∗∗∗
---------------------------------------------
Starting this past Friday we have seen a number of websites showing a fake ransomware infection. Google search results for “FOR RESTORE SEND 0.1 BITCOIN” were sitting at 6 last week and increased to 291 at the time of writing this.
---------------------------------------------
https://blog.sucuri.net/2021/11/fake-ransomware-infection-spooks-website-owners.html


∗∗∗ GitHub Confirms Another Major NPM Security Defect ∗∗∗
---------------------------------------------
Microsoft-owned GitHub is again flagging major security problems in the npm registry, warning that a pair of newly discovered vulnerabilities continue to expose the soft underbelly of the open-source software supply chain.
---------------------------------------------
https://www.securityweek.com/github-confirms-another-major-npm-security-defect


∗∗∗ Black Friday: Vorsicht vor Fake-Angeboten ∗∗∗
---------------------------------------------
Am 26. November 2021 ist Black Friday. Und darauf folgt am 29. November schon der Cyber Monday - für Schnäppchenjäger wahre Shopping-Feiertage. Wir raten aber zur Vorsicht: Nicht nur seriöse Anbieter locken mit günstigen Preisen und Rabatten, auch Fake-Shops werben mit Black Friday Angeboten.
---------------------------------------------
https://www.watchlist-internet.at/news/black-friday-vorsicht-vor-fake-angeboten/


∗∗∗ An update on the state of the NIS2 draft ∗∗∗
---------------------------------------------
This is a TLP:WHITE summary of my presentation at the 15th CSIRTs Network meeting in Ljubljana on November 11th. This is not a complete review of the current state of the NIS2 discussions.
---------------------------------------------
https://cert.at/en/blog/2021/11/an-update-on-the-state-of-the-nis2-draft


∗∗∗ New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks ∗∗∗
---------------------------------------------
[...] today, CISA published the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. The playbooks provide federal civilian executive branch (FCEB) agencies with operational procedures for planning and conducting cybersecurity incident and vulnerability response activities. The playbooks provide illustrated decision trees and detail each step for both incident and vulnerability response.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/11/16/new-federal-government-cybersecurity-incident-and-vulnerability


∗∗∗ A new Android banking trojan named SharkBot is makings its presence felt ∗∗∗
---------------------------------------------
Security researchers have discovered a new Android banking trojan capable of hijacking users smartphones and emptying out e-banking and cryptocurrency accounts.
---------------------------------------------
https://therecord.media/a-new-android-banking-trojan-named-sharkbot-is-makings-its-presence-felt/


∗∗∗ New Type of Supply Chain Attack Could Put Popular Admin Tools at Risk ∗∗∗
---------------------------------------------
Research between Intezer and Checkmarx describes ChainJacking, a type of software supply chain attack that could be potentially exploited by threat actors and puts common admin tools at risk. We have identified a number of open-source Go packages that are susceptible to ChainJacking given that some of these vulnerable packages are embedded in popular admin [...]
---------------------------------------------
https://www.intezer.com/blog/malware-analysis/chainjacking-supply-chain-attack-puts-popular-admin-tools-at-risk/


∗∗∗ Kernel Karnage – Part 3 (Challenge Accepted) ∗∗∗
---------------------------------------------
[...] The past weeks I mostly experimented with existing tooling and got acquainted with the basics of kernel driver development. I managed to get a quick win versus $vendor1 but that didn’t impress our blue team, so I received a challenge to bypass $vendor2. I have to admit, after trying all week to get around the protections, $vendor2 is definitely a bigger beast to tame.
---------------------------------------------
https://blog.nviso.eu/2021/11/16/kernel-karnage-part-3-challenge-accepted/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libxml-security-java), Fedora (botan2), openSUSE (drbd-utils, kernel, and samba), Red Hat (kernel and webkit2gtk3), SUSE (drbd-utils and samba), and Ubuntu (vim).
---------------------------------------------
https://lwn.net/Articles/876227/


∗∗∗ Synology-SA-21:28 Mail Station ∗∗∗
---------------------------------------------
A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of Mail Station.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_21_28


∗∗∗ AMD Windows 10-Grafiktreiber mit Schwachstellen (Nov. 2021) ∗∗∗
---------------------------------------------
Nutzer mit AMD-Grafikkarten und Windows 10 sollten sich mit dem Thema Aktualisierung von AMD-Grafiktreibern befassten. Der Hersteller hat eingestanden, dass seine Windows 10-Grafiktreiber zahlreiche Sicherheitslücken aufweisen. Einige Schwachstellen (z.B. im Grafiktreiber) werden als sicherheitstechnisch Hoch eingestuft.
---------------------------------------------
https://www.borncity.com/blog/2021/11/16/amd-windows-10-treiber-mit-schwachstellen/


∗∗∗ WAGO: Denial of Service Vulnerability in CODESYS Runtime 2.3 ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2021-049/


∗∗∗ WAGO: Multiple devices affected by Vulnerabilities in NUCLEUS TCP Stack. ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2021-050/


∗∗∗ WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 and WebVisualisation ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2021-056/


∗∗∗ Grafana: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1205


∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1207


∗∗∗ ZDI-21-1312: Open Design Alliance (ODA) ODAViewer DWG File Parsing Use-After-Free Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1312/


∗∗∗ ZDI-21-1311: Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1311/


∗∗∗ ZDI-21-1310: Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1310/


∗∗∗ Security Bulletin: A vulnerability in filesystem audit logging affects IBM Spectrum Scale. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-filesystem-audit-logging-affects-ibm-spectrum-scale/


∗∗∗ Security Bulletin: Vulnerability in IBM SDK Java affects IBM Cloud Pak System (CVE-2020-27221) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-sdk-java-affects-ibm-cloud-pak-system-cve-2020-27221/


∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2021-3711 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2021-3711/


∗∗∗ Security Bulletin: IBM MQ is vulnerable to an issue in Eclipse Jetty (CVE-2021-28165) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-an-issue-in-eclipse-jetty-cve-2021-28165/


∗∗∗ Security Bulletin: IBM WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2021-3711 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2021-3711/


∗∗∗ Security Bulletin: IBM MQ is vulnerable to an issue in Eclipse (CVE-2020-27225) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-an-issue-in-eclipse-cve-2020-27225/


∗∗∗ Security Bulletin: IBM MQ can inadvertently display cleartext credentials via diagnostic logs (CVE-2021-38949) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-can-inadvertently-display-cleartext-credentials-via-diagnostic-logs-cve-2021-38949/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily