[CERT-daily] Tageszusammenfassung - 26.11.2021

Fri Nov 26 18:24:06 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 25-11-2021 18:00 − Freitag 26-11-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ IT threat evolution Q3 2021 ∗∗∗
---------------------------------------------
WildPressure and LuminousMoth threat actors, FinSpy implants, zero-day vulnerabilities and PrintNightmare, threats for Linux and macOS in our review of Q3 2021.
---------------------------------------------
https://securelist.com/it-threat-evolution-q3-2021/104876/


∗∗∗ YARAs Private Strings, (Thu, Nov 25th) ∗∗∗
---------------------------------------------
YARA supports private strings. A string can be marked as private by including string modifier "private". Here is a use case. [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/28010


∗∗∗ Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090, (Fri, Nov 26th) ∗∗∗
---------------------------------------------
Over the past 7 days, my honeypot captured a few hundred POST for a vulnerability which appeared to be tracked as a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware. If successfully exploited, could allow unauthenticated remote actors to bypass authentication and add the router to the botnet Mirai botnet.
---------------------------------------------
https://isc.sans.edu/diary/rss/28072


∗∗∗ EU needs more cybersecurity graduates, says ENISA infosec agency – pointing at growing list of masters degree courses ∗∗∗
---------------------------------------------
The EU needs more cybersecurity graduates to plug the political blocs shortage of skilled infosec bods, according to a report from the ENISA online security agency.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2021/11/26/enisa_cybersecurity_degrees_report/


∗∗∗ RATDispenser: JavaScript-Loader installiert Remote Access Trojaners (RAT) in Windows ∗∗∗
---------------------------------------------
Noch ein kurzer Nachtrag in Punkto Sicherheit, welcher mir die Tage unter die Augen gekommen ist. Die Sicherheitsforscher von HP Thread-Research sind auf einen in JavaScript geschriebenen Loader gestoßen, der auf Windows-Systemen Remote Access Trojaner (RAT) installiert. Der Entwickler scheint [...]
---------------------------------------------
https://www.borncity.com/blog/2021/11/26/ratdispenser-javascript-loader-installiert-remote-access-trojaners-rat-in-windows/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices ∗∗∗
---------------------------------------------
Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.
---------------------------------------------
https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html


∗∗∗ Angreifer könnten die Kontrolle über Videoüberwachungssysteme von Qnap erlangen ∗∗∗
---------------------------------------------
Ein wichtiges Update schließt unter anderem eine kritische Lücke in einigen Netzwerk-Videorekordern von Qnap.
---------------------------------------------
https://heise.de/-6277445


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (freerdp, gnome-boxes, gnome-connections, gnome-remote-desktop, guacamole-server, hydra, java-1.8.0-openjdk-aarch32, medusa, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, php, pidgin-sipe, remmina, vinagre, and weston), openSUSE (kernel and netcdf), and SUSE (kernel and netcdf).
---------------------------------------------
https://lwn.net/Articles/876922/


∗∗∗ Zoom Video Communications Produkte: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1235


∗∗∗ Security Bulletin: Vulnerability in jsoup may affect Cúram Social Program Management (CVE-2021-37714) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jsoup-may-affect-cram-social-program-management-cve-2021-37714/


∗∗∗ Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2020-9488) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-cram-social-program-management-cve-2020-9488/


∗∗∗ Security Bulletin: Vulnerabilities affect IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-netcool-agile-service-manager-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager-7/


∗∗∗ Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dojo-may-affect-ibm-cram-social-program-management-cve-2018-15494/


∗∗∗ Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-santuario-xml-security-for-java-may-affect-cram-social-program-management-cve-2021-40690/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily