[CERT-daily] Tageszusammenfassung - 30.11.2021

Daily end-of-shift report team at cert.at
Tue Nov 30 20:55:28 CET 2021 

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 29-11-2021 18:00 − Dienstag 30-11-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Printing Shellz: Sicherheitslücken in HP-Druckern/-Multifunktionsgeräten ∗∗∗
---------------------------------------------
Passend zum 30. November, dem Computer Security Day habe ich noch was. Es gibt eine Sicherheitslücke in der Firmware bestimmter HP LaserJet, HP LaserJet Managed, HP PageWide und HP PageWide Managed Produkte. Diese sind möglicherweise für einen Pufferüberlauf anfällig. Das bedeutet, Angreifer könnten Druckaufträge oder Scans abfangen und ggf. die Firmennetzwerke lahmlegen.
---------------------------------------------
https://www.borncity.com/blog/2021/11/30/printing-shellz-sicherheitslcken-in-hp-druckern-multifunktionsgerten/


∗∗∗ Gefälschtes BAWAG SMS im Umlauf ∗∗∗
---------------------------------------------
Momentan kursieren gefälschte SMS-Nachrichten im Namen der BAWAG. Im SMS mit „BawagPSK“ als Absender werden EmpfängerInnen darüber informiert, dass ihr Konto angeblich gesperrt wurde und eine Sicherheitsapp installiert werden muss. Klicken Sie keinesfalls auf den Link. Dieser führt auf eine gefälschte BAWAG-Website!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschtes-bawag-sms-im-umlauf/


∗∗∗ Malicious USB drives: Still a security problem ∗∗∗
---------------------------------------------
A malicious USB drive dropped in a parking lot - this image has become a bit of a trope in IT security circles. Still, the threat is very real and more relevant than ever.
---------------------------------------------
https://www.gdatasoftware.com/blog/2021/11/usb-drives-still-a-danger


∗∗∗ What We’ve Learned About SSH Brute Force Attacks ∗∗∗
---------------------------------------------
The first time I encountered brute force attacks I was a hosting specialist who received calls from frustrated site owners that wanted to know who’d gained access to their server. Many of them didn’t understand the importance of a password’s character strength, or how frequent attacks on “root” are as a username, including myself at one point in time.  I’ve learned more about SSH Brute Force attacks throughout my years at Sucuri.
---------------------------------------------
https://blog.sucuri.net/2021/11/what-weve-learned-about-ssh-brute-force-attacks.html


∗∗∗ 300.000+ infections via Droppers on Google Play Store ∗∗∗
---------------------------------------------
In this blog we will discuss the recent techniques used to spread Android banking trojans via Google Play (MITRE T1475) resulting in significant financial loss for targeted banks. We will also discuss the, sometimes forgotten, by-product of collecting contacts and keystrokes by Banking trojans, resulting in severe data leakage.
---------------------------------------------
https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html


∗∗∗ Sabbath Ransomware Operators Target Critical Infrastructure ∗∗∗
---------------------------------------------
Since June 2021, a relatively new ransomware group called Sabbath has been targeting critical infrastructure in the United States and Canada, including education, health and natural resources.
---------------------------------------------
https://www.securityweek.com/sabbath-ransomware-operators-target-critical-infrastructure


∗∗∗ Yanluowang: Further Insights on New Ransomware Threat ∗∗∗
---------------------------------------------
At least one attacker now using Yanluowang may have previously been linked to Thieflock ransomware operation.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/yanluowang-ransomware-attacks-continue


∗∗∗ Kernel Karnage – Part 5 (I/O & Callbacks) ∗∗∗
---------------------------------------------
After showing interceptor’s options, it’s time to continue coding! On the menu are registry callbacks, doubly linked lists and a struggle with I/O in native C.
---------------------------------------------
https://blog.nviso.eu/2021/11/30/kernel-karnage-part-5-i-o-callbacks/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (samba), Fedora (kernel), openSUSE (netcdf and tor), SUSE (netcdf and python-Pygments), and Ubuntu (imagemagick).
---------------------------------------------
https://lwn.net/Articles/877186/


∗∗∗ ZDI-21-1371: (0Day) Esri ArcReader PMF File Parsing Use-After-Free Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1371/


∗∗∗ ZDI-21-1370: (0Day) Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1370/


∗∗∗ Trend Micro Produkte: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1244


∗∗∗ Cross-Site Request Forgery im Team Password Manager (SYSS-2021-059) ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/cross-site-request-forgery-im-team-password-manager-syss-2021-059


∗∗∗ Host Header Poisoning im Team Password Manager (SYSS-2021-060) ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/host-header-poisoning-im-team-password-manager-syss-2021-060


∗∗∗ Advisory: Vulnerabilities in B&R Automation Studio and PVI Windows Services ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1636745459964-en-original-1.0.pdf


∗∗∗ Advisory: Number:Jack in B&R Products ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1636745459972-en-original-1.0.pdf


∗∗∗ Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-cram-social-program-management-cve-2019-17571/


∗∗∗ Security Bulletin: A Security Vulnerability in IBM® WebSphere Application Server Liberty affect IBM LKS Administration and Reporting Tool and its Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-ibm-websphere-application-server-liberty-affect-ibm-lks-administration-and-reporting-tool-and-its-agent/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a sensitive information disclosure vulnerability (CVE-2021-38999) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-sensitive-information-disclosure-vulnerability-cve-2021-38999/


∗∗∗ Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty affect IBM Operations Analytics – Log Analysis (CVE-2021-35517, CVE-2021-36090) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-websphere-application-server-liberty-affect-ibm-operations-analytics-log-analysis-cve-2021-35517-cve-2021-36090/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM HTTP Server (powered by Apache) for i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-http-server-powered-by-apache-for-i/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability in GNU Binutils affects IBM Netezza Performance Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-in-gnu-binutils-affects-ibm-netezza-performance-server/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a code injection vulnerability (CVE-2021-38967) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-code-injection-vulnerability-cve-2021-38967/


∗∗∗ Security Bulletin: A Security Vulnerability in IBM Java Runtime affects IBM License Key Server Administration and Reporting Tool and its Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-ibm-java-runtime-affects-ibm-license-key-server-administration-and-reporting-tool-and-its-agent/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a disclosure of sensitive information vulnerability (CVE-2021-39000) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-disclosure-of-sensitive-information-vulnerability-cve-2021-39000/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list