[CERT-daily] Tageszusammenfassung - 11.10.2021

Mon Oct 11 18:29:50 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 08-10-2021 18:00 − Montag 11-10-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Wolfgang Menezes

=====================
=       News        =
=====================

∗∗∗ Missbrauch mit Malware-Befall: Microsoft deaktiviert Excel 4.0-Makros in Office ∗∗∗
---------------------------------------------
Gegen immer mehr Angriffe über Excel-Makros geht Microsoft nun vor: Standardmäßig werden alle Excel 4.0-Makros in Office 365 demnächst deaktiviert.
---------------------------------------------
https://heise.de/-6213387


∗∗∗ Kaufen Sie nicht in Shops mit @thateer.top Mail-Adressen ein! ∗∗∗
---------------------------------------------
Derzeit tauchen zahlreiche Fake-Shops im Internet auf, die alle ähnlich aufgebaut sind, die gleichen Texte verwenden und unter einer dieser E-Mail-Adressen erreichbar sind: [...]
---------------------------------------------
https://www.watchlist-internet.at/news/kaufen-sie-nicht-in-shops-mit-thateertop-mail-adressen-ein/


∗∗∗ Ransomware wegen Homeoffice auf dem Vormarsch ∗∗∗
---------------------------------------------
Bedingt durch die Coronavirus-Pandemie arbeiten seit 2020 Menschen vermehrt im Homeoffice. Leider konnte die Absicherung dieser Arbeitsplätze mit dieser Entwicklung nicht Schritt halten. Gleichzeitig hat die Cyberkriminalität mit der verstärkten Telearbeit in Unternehmen durch die Pandemiekrise weiter aufgerüstet und ihre [...]
---------------------------------------------
https://www.borncity.com/blog/2021/10/11/ransomware-auf-dem-vormarsch/


∗∗∗ The 5 Phases of Zero Trust Adoption ∗∗∗
---------------------------------------------
Zero trust aims to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data.
---------------------------------------------
https://www.darkreading.com/endpoint/the-5-phases-of-zero-trust-adoption


∗∗∗ Scanning for Previous Oracle WebLogic Vulnerabilities, (Sat, Oct 9th) ∗∗∗
---------------------------------------------
In the past few weeks, I have captured multiple instance of traffic related to some past Oracle vulnerabilities that have already been patched. The first is related to a RCE (CVE-2017-10271) that can be triggered to execute commands remotely by bypassing the CVE-2017-3506 patch's limitations. The POST contains an init.sh script which doesn't appear to be available for download.
---------------------------------------------
https://isc.sans.edu/diary/rss/27918


∗∗∗ Things that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers, (Mon, Oct 11th) ∗∗∗
---------------------------------------------
If you are reviewing your web server logs periodically, you may notice some odd requests that are not HTTP requests in your logs. In particular if you have a web server listening on a non standard port. I want to quickly review some of the most common requests like that, that I am seeing: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/27924


∗∗∗ When criminals go corporate: Ransomware-as-a-service, bulk discounts and more ∗∗∗
---------------------------------------------
This summer, Abnormal Security discovered that some of its customers staff were receiving emails inviting them to install ransomware on a company computer in return for a $1m share of the "profits".
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2021/10/11/ransomware_as_a_service/


∗∗∗ CISA Releases Remote Access Guidance for Government Agencies ∗∗∗
---------------------------------------------
The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case.
---------------------------------------------
https://www.securityweek.com/cisa-releases-remote-access-guidance-government-agencies


∗∗∗ InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks ∗∗∗
---------------------------------------------
Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available.
---------------------------------------------
https://www.securityweek.com/inhand-router-flaws-could-expose-many-industrial-companies-remote-attacks


∗∗∗ Protect your network ∗∗∗
---------------------------------------------
So, you know where your wallet is, yes? And your phone - it's in your pocket, or just over there on the table? Excellent. You might be reading this on your laptop, so you know where that is. You might have a snazzy Smart TV or two? Perhaps you have joined [...]
---------------------------------------------
https://connect.geant.org/2021/10/11/protect-your-network


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apache2, mediawiki, neutron, and tiff), Fedora (chromium, dr_libs, firefox, and grafana), Mageia (apache), openSUSE (chromium and rabbitmq-server), Oracle (kernel), Red Hat (firefox and httpd24-httpd), SUSE (rabbitmq-server), and Ubuntu (libntlm).
---------------------------------------------
https://lwn.net/Articles/872547/


∗∗∗ Security Advisory - Use-after-free Vulnerability in Huawei Products ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211008-01-cloudengine-en


∗∗∗ Security Advisory - Path Traversal Vulnerability in Huawei PC Product ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211008-01-share-en


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container Designers may be vulnerable to arbitrary code execution via CVE-2021-3757 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-designers-may-be-vulnerable-to-arbitrary-code-execution-via-cve-2021-3757/


∗∗∗ Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerability CVE-2021-31525 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-go-vulnerability-cve-2021-31525/


∗∗∗ Security Bulletin: A vulnerability in Spring Framework affects IBM Watson Machine Learning Accelerator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-spring-framework-affects-ibm-watson-machine-learning-accelerator/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2021 – Includes Oracle Jul 2021 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2021-includes-oracle-jul-2021-cpu/


∗∗∗ MediaWiki Extensions und Skins: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1050


∗∗∗ Apache OpenOffice und LibreOffice: Mehrere Schwachstellen ermöglichen Manipulation von Dateien ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1051

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily