[CERT-daily] Tageszusammenfassung - 24.09.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 23-09-2021 18:00 − Freitag 24-09-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Sicherheitsupdates: Kritische Admin-Lücke mit Höchstwertung bedroht Cisco-Geräte ∗∗∗
---------------------------------------------
Der Netzwerkausrüster hat jede Menge Sicherheitslücken geschlossen. Erfolgreiche Attacken können gefährliche Auswirkungen haben.
---------------------------------------------
https://heise.de/-6200359


∗∗∗ Frustriert von Apple: Sicherheitsforscher veröffentlicht 0-Day-Lücken für iOS 15 ∗∗∗
---------------------------------------------
Der Konzern habe nur einen der Bugs still gestopft und nicht weiter reagiert, so der Sicherheitsforscher. Die Lücken geben Apps wohl Zugriff auf Nutzerdaten.
---------------------------------------------
https://heise.de/-6200907


∗∗∗ Malware devs trick Windows validation with malformed certs ∗∗∗
---------------------------------------------
Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malware-devs-trick-windows-validation-with-malformed-certs/


∗∗∗ TangleBot Malware Reaches Deep into Android Device Functions ∗∗∗
---------------------------------------------
The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others.
---------------------------------------------
https://threatpost.com/tanglebot-malware-device-functions/174999/


∗∗∗ Keep an Eye on Your Users Mobile Devices (Simple Inventory), (Fri, Sep 24th) ∗∗∗
---------------------------------------------
Today, smartphones are everywhere and became our best friends for many tasks. Probably your users already access their corporate mailbox via a mobile device. If it's not yet the case, you probably have many requests to implement this. They are two ways to achieve this: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/27868


∗∗∗ Fake-Shop-Alarm: Kaufen Sie keine Fahrräder auf efahrrad-shop.com! ∗∗∗
---------------------------------------------
Der Online-Shop efahrrad-shop.com präsentiert sich auf seiner Webseite als „ausgezeichneter und zertifizierter Online Fahrradfachhandel“. Doch wer sich die Seite genauer anschaut, stößt auf zahlreiche Ungereimtheiten. So findet sich ein fehlerhaftes Impressum auf der Webseite und die angegebenen Preise liegen deutlich unter den üblichen Preisen. Alles Hinweise dafür, dass es sich um einen Fake-Shop handelt.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-shop-alarm-kaufen-sie-keine-fahrraeder-auf-efahrrad-shopcom/


∗∗∗ FamousSparrow: A suspicious hotel guest ∗∗∗
---------------------------------------------
Yet another APT group that exploited the ProxyLogon vulnerability in March 2021
---------------------------------------------
https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-21-1112: Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1112/


∗∗∗ SonicWall warns users to patch critical vulnerability “as soon as possible” ∗∗∗
---------------------------------------------
SonicWall is asking SMA 100 series customers to patch their appliances against a vulnerability that could give attackers administrator access.
---------------------------------------------
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwall-warns-users-to-patch-critical-vulnerability-as-soon-as-possible/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mupdf), Fedora (ghostscript, gifsicle, and ntfs-3g), openSUSE (kernel and nodejs14), and SUSE (curl, ffmpeg, gd, hivex, kernel, nodejs14, python-reportlab, sqlite3, and xen).
---------------------------------------------
https://lwn.net/Articles/870365/


∗∗∗ Apple Releases Security Updates ∗∗∗
---------------------------------------------
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. CISA encourages users and administrators to review the Apple security page for iOS 12.5.5 and Security Update 2021-006 Catalina and apply the necessary updates as soon as possible.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/apple-releases-security-updates


∗∗∗ BIG-IP APM XSS vulnerability CVE-2021-23054 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K41997459


∗∗∗ Trend Micro ServerProtect: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1010


∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-13/


∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-bind-affect-ibm-netezza-host-management-4/


∗∗∗ Security Bulletin: Public disclosed vulnerability from OpenSSL affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerability-from-openssl-affects-ibm-netezza-host-management-2/


∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-websphere-application-server-vulnerability-3/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily