[CERT-daily] Tageszusammenfassung - 25.11.2021

Daily end-of-shift report team at cert.at
Thu Nov 25 18:09:33 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 24-11-2021 18:00 − Donnerstag 25-11-2021 18:00
Handler:     Wolfgang Menezes
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ New CronRAT malware infects Linux systems using odd day cron jobs ∗∗∗
---------------------------------------------
Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-cronrat-malware-infects-linux-systems-using-odd-day-cron-jobs/


∗∗∗ Discord malware campaign targets crypto and NFT communities ∗∗∗
---------------------------------------------
A new malware campaign on Discord uses the Babadeda crypter to hide malware that targets the crypto, NFT, and DeFi communities.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/discord-malware-campaign-targets-crypto-and-nft-communities/


∗∗∗ Improving security for mobile devices: CISA issues guides ∗∗∗
---------------------------------------------
CISA has released actionable guides with advice on how to improve security for mobile devices, both for consumers and organizations.
---------------------------------------------
https://blog.malwarebytes.com/android/2021/11/improving-security-for-mobile-devices-cisa-issues-guides/


∗∗∗ Bitcoin-Erpressung mit Masturbationsaufnahmen ∗∗∗
---------------------------------------------
Alle Jahre wieder versuchen Kriminelle durch erfundene Behauptungen, Geld zu erpressen. Angeblich wurden Ihre Systeme gehackt und Sie dadurch während dem Aufruf pornografischer Inhalte gefilmt. Die Nachricht ist frei erfunden und wird massenhaft ausgesendet.
---------------------------------------------
https://www.watchlist-internet.at/news/bitcoin-erpressung-mit-masturbationsaufnahmen/


∗∗∗ Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure ∗∗∗
---------------------------------------------
Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade.
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/sophisticated-tardigrade-malware-launches-attacks-on-vaccine-manufacturing-infrastructure/


∗∗∗ Black-Friday-Spam-Kampagnen in den Startlöchern ∗∗∗
---------------------------------------------
Am 26. November 2021 ist Black Friday – da gibt es fast alles umsonst. Das ruft auch Cyber-Kriminelle auf den Plan und diese greifen Verbraucher verstärkt mit Online-Shopping-Betrugsversuchen an.
---------------------------------------------
https://www.borncity.com/blog/2021/11/25/black-friday-spam-kampagnen-in-den-startlchern/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VMware dichtet Schwachstellen in vSphere Web Client ab - zum Teil ∗∗∗
---------------------------------------------
Der Hersteller meldet Sicherheitslücken, teils mit hohem Risiko. Es gibt jedoch noch nicht für alle betroffenen Produkte Updates.
---------------------------------------------
https://heise.de/-6276216


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (busybox, getdata, and php), Mageia (couchdb, freerdp, openexr, postgresql, python-reportlab, and rsh), openSUSE (bind, java-1_8_0-openjdk, and kernel), SUSE (java-1_7_0-openjdk), and Ubuntu (icu).
---------------------------------------------
https://lwn.net/Articles/876852/


∗∗∗ ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717) ∗∗∗
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/


∗∗∗ Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021 ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ


∗∗∗ Security Bulletin: Vulnerabilities in Apache Ant affect IBM Installation Manager and IBM Packaging Utility ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-ant-affect-ibm-installation-manager-and-ibm-packaging-utility/


∗∗∗ Security Bulletin: WebSphere Application Server is vulnerable to a Privilege Escalation vulnerability and affects Content Collector for Email ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-privilege-escalation-vulnerability-and-affects-content-collector-for-email/


∗∗∗ Security Bulletin: Vulnerabilities affect IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-netcool-agile-service-manager/


∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM Integration Bus v10 (CVE-2021-32803) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-integration-bus-v10-cve-2021-32803-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager-6/


∗∗∗ Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-installation-manager-and-ibm-packaging-utility-6/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list