[CERT-daily] Tageszusammenfassung - 13.10.2021

Wed Oct 13 19:02:02 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 12-10-2021 18:00 − Mittwoch 13-10-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Wolfgang Menezes

=====================
=       News        =
=====================

∗∗∗ MysterySnail attacks with Windows zero-day ∗∗∗
---------------------------------------------
We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns.
---------------------------------------------
https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/


∗∗∗ Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis ∗∗∗
---------------------------------------------
Cobalt Strike is a commercial adversary simulation software that is marketed to red teams but is also stolen and actively used by a wide range of threat actors from ransomware operators to espionage-focused Advanced Persistent Threats (APTs).
---------------------------------------------
https://www.mandiant.com/resources/defining-cobalt-strike-components


∗∗∗ 2021: Apples Jahr der Zero-Days ∗∗∗
---------------------------------------------
In dieser Woche hat Apple erneut eine bereits ausgenutzte iPhone-Lücke gepatcht. Seit Februar gab es mehr als ein Dutzend in den Systemen des Konzerns.
---------------------------------------------
https://heise.de/-6215715


∗∗∗ Azure Privilege Escalation via Service Principal Abuse ∗∗∗
---------------------------------------------
In this blog post, I’ll explain how a particular kind of attack path can emerge in Azure based on Azure’s RBAC system — an attack path we have seen in the vast majority of Azure tenants we’ve gotten access to.
---------------------------------------------
https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5


=====================
=  Vulnerabilities  =
=====================

∗∗∗ SAP-Patchday: NetWeaver AS & Environmental Compliance bargen kritische Lücken ∗∗∗
---------------------------------------------
Zum monatlichen Patchday hat SAP Updates für viele Produkte veröffentlicht. Zwei beseitigten Sicherheitsproblemen wurden CVSS-Scores nahe der 10 zugeordnet.
---------------------------------------------
https://heise.de/-6215952


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (flatpak and ruby2.3), Fedora (flatpak, httpd, mediawiki, redis, and xstream), openSUSE (kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), Red Hat (.NET 5.0, 389-ds-base, httpd:2.4, kernel, kernel-rt, libxml2, openssl, and thunderbird), Scientific Linux (389-ds-base, kernel, libxml2, and openssl), SUSE (apache2-mod_auth_openidc, curl, glibc, kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), and Ubuntu (squashfs-tools).
---------------------------------------------
https://lwn.net/Articles/872843/


∗∗∗ The October 2021 Security Update Review ∗∗∗
---------------------------------------------
The second Tuesday of the month is here, and that means the latest security updates from Adobe and Microsoft have arrived.
---------------------------------------------
https://www.thezdi.com/blog/2021/10/12/the-october-2021-security-update-review


∗∗∗ Sicherheitsupdates für Exchange Server (Oktober 2021) ∗∗∗
---------------------------------------------
Microsoft hat zum 12. Oktober 2021 Sicherheitsupdates für Exchange Server 2013, Exchange Server 2016 und Exchange Server 2019 veröffentlicht.
---------------------------------------------
https://www.borncity.com/blog/2021/10/13/sicherheitsupdates-fr-exchange-server-oktober-2021/


∗∗∗ ZDI-21-1147: Adobe Illustrator PDF File Parsing Memory Corruption Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1147/


∗∗∗ ZDI-21-1146: Adobe Illustrator PDF File Parsing Use-After-Free Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1146/


∗∗∗ ZDI-21-1148: Linux Kernel eBPF Type Confusion Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1148/


∗∗∗ VMSA-2021-0021 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0021.html


∗∗∗ VMSA-2021-0022 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0022.html


∗∗∗ VMSA-2021-0023 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0023.html


∗∗∗ Apache HTTPD vulnerability CVE-2021-34798 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K72382141


∗∗∗ Multiple Vulnerabilities in Brizy Page Builder Plugin Allow Site Takeover ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2021/10/multiple-vulnerabilities-in-brizy-page-builder-plugin-allow-site-takeover/


∗∗∗ Cross-Site Scripting in myfactory.FMS ∗∗∗
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/


∗∗∗ IPAS: Security Advisories for October 2021 ∗∗∗
---------------------------------------------
https://blogs.intel.com/technology/2021/10/intel-security-advisories-for-october-2021/


∗∗∗ SYSS-2021-014, SYSS-2021-015 und SYSS-2021-019: Schwachstellen in Softphones von Linphone und MicroSIP ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-014-syss-2021-015-und-syss-2021-019-schwachstellen-in-softphones-von-linphone-und-microsip


∗∗∗ ThinkPad BIOS Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500444-THINKPAD-BIOS-VULNERABILITIES


∗∗∗ NetApp Clustered Data ONTAP X-Frame-Options Header Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500442-NETAPP-CLUSTERED-DATA-ONTAP-X-FRAME-OPTIONS-HEADER-VULNERABILITY


∗∗∗ AMD x86 PREFETCH instruction related side-channels ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500445-AMD-X86-PREFETCH-INSTRUCTION-RELATED-SIDE-CHANNELS


∗∗∗ Intel SGX SDK Advisory ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500443-INTEL-SGX-SDK-ADVISORY

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily