[CERT-daily] Tageszusammenfassung - 24.11.2021

Daily end-of-shift report team at cert.at
Wed Nov 24 18:10:11 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 23-11-2021 18:00 − Mittwoch 24-11-2021 18:00
Handler:     Wolfgang Menezes
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Phishing page hiding itself using dynamically adjusted IP-based allow list, (Wed, Nov 24th) ∗∗∗
---------------------------------------------
It can be instructive to closely examine even completely usual-looking phishing messages from time to time, since they may lead one to unusual phishing sites or may perhaps use some novel technique that might not be obvious at first glance.
---------------------------------------------
https://isc.sans.edu/diary/rss/28070


∗∗∗ Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery, and Webshells ∗∗∗
---------------------------------------------
This blog series explores methods attackers might use to maintain persistent access to a compromised linux system.
---------------------------------------------
https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/


∗∗∗ Nach Windows-Update: Zero-Day-Lücke erlaubt lokale Rechteausweitung ∗∗∗
---------------------------------------------
Eines der Windows-Updates im November sollte eine gefährliche Lücke schließen. Doch sie lässt sich noch immer zur Erhöhung der eigenen Rechte missbrauchen.
---------------------------------------------
https://heise.de/-6274893


∗∗∗ Vorsicht vor Love Scams auf Facebook Dating! ∗∗∗
---------------------------------------------
Immer wieder melden uns besorgte LeserInnen sogenannte Love- oder Romance-Scammer. Dabei handelt es sich um Online-Bekanntschaften, die sich durch Liebesbeteuerungen das Vertrauen der Opfer erschleichen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-love-scams-auf-facebook-dating/


∗∗∗ New JavaScript malware works as a “RAT dispenser” ∗∗∗
---------------------------------------------
Cybersecurity experts from HP said they discovered a new strain of JavaScript malware that criminals are using as a way to infect systems and then deploy much dangerous remote access trojans (RATs).
---------------------------------------------
https://therecord.media/new-javascript-malware-works-as-a-rat-dispenser/


∗∗∗ ASEC Weekly Malware Statistics (November 15th, 2021 – November 21st, 2021) ∗∗∗
---------------------------------------------
This post will list weekly statistics collected from November 15th, 2021 (Monday) to November 21st, 2021 (Sunday).
---------------------------------------------
https://asec.ahnlab.com/en/28954/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (openjdk-17), Fedora (libxls, roundcubemail, and vim), openSUSE (bind, java-1_8_0-openjdk, and redis), Red Hat (kernel, kernel-rt, kpatch-patch, krb5, mailman:2.1, openssh, and rpm), Scientific Linux (kernel, krb5, openssh, and rpm), SUSE (bind, java-1_8_0-openjdk, redis, and webkit2gtk3), and Ubuntu (bluez).
---------------------------------------------
https://lwn.net/Articles/876799/


∗∗∗ Schwachstelle in MediaTek-Chips von Android-Smartphones ∗∗∗
---------------------------------------------
Sicherheitsforscher von Check Point haben in einer Android-APU, die APU ist die AI Processing Unit in MediaTek-Chips, eine Schwachstelle entdeckt. Die Sicherheitsforscher warnen, dass Nutzer über den Audio-Prozessor abgehört werden können. Die Mediatek-Chips sind in 37 % aller Android-Geräte verbaut.
---------------------------------------------
https://www.borncity.com/blog/2021/11/24/schwachstelle-in-mediatek-chips-von-android-smartphones/


∗∗∗ ZDI-21-1333: Adobe Creative Cloud Incorrect Permission Assignment Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1333/


∗∗∗ Security Advisory - Possible Out-Of-Bounds Read Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211124-03-dos-en


∗∗∗ Security Bulletin: Weak Cryptographic Control Vulnerability Affects IBM Sterling Connect:Direct Web Services (CVE-2021-38891) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-weak-cryptographic-control-vulnerability-affects-ibm-sterling-connectdirect-web-services-cve-2021-38891/


∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-13/


∗∗∗ Security Bulletin: Account Lockout Vulnerability Affects IBM Sterling Connect:Direct Web Services (CVE-2021-38890) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-account-lockout-vulnerability-affects-ibm-sterling-connectdirect-web-services-cve-2021-38890/


∗∗∗ Security Bulletin: PostgreSQL Sensitive Information Exposure Vulnerability Affects IBM Connect:Direct Web Services (CVE-2021-32029) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-sensitive-information-exposure-vulnerability-affects-ibm-connectdirect-web-services-cve-2021-32029/


∗∗∗ K20072454: Linux kernel vulnerability CVE-2021-43267 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K20072454

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list