[CERT-daily] Tageszusammenfassung - 27.09.2021

Daily end-of-shift report team at cert.at
Mon Sep 27 18:12:45 CEST 2021 

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 24-09-2021 18:00 − Montag 27-09-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Jetzt patchen! Exploit-Code für Chrome und Edge in Umlauf ∗∗∗
---------------------------------------------
Angriffe auf die Webbrowser Chrome und Edge könnten kurz bevor stehen. Reparierte Versionen stehen zum Download bereit.
---------------------------------------------
https://heise.de/-6201629


∗∗∗ He escaped the Dark Web’s biggest bust. Now he’s back ∗∗∗
---------------------------------------------
DeSnake apparently eluded the takedown of AlphaBay and now plans to resurrect it.
---------------------------------------------
https://arstechnica.com/?p=1798352


∗∗∗ BloodyStealer and gaming assets for sale ∗∗∗
---------------------------------------------
We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that ends up on the black market.
---------------------------------------------
https://securelist.com/bloodystealer-and-gaming-assets-for-sale/104319/


∗∗∗ Video: Strings Analysis: VBA & Excel4 Maldoc, (Sat, Sep 25th) ∗∗∗
---------------------------------------------
I did record a video for my diary entry "Strings Analysis: VBA & Excel4 Maldoc", showing how to use CyberChef to analyze a maldoc.
---------------------------------------------
https://isc.sans.edu/diary/rss/27874


∗∗∗ New Android Malware Steals Financial Data from 378 Banking and Wallet Apps ∗∗∗
---------------------------------------------
The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. "The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabrics CEO Cengiz Han Sahin said [...]
---------------------------------------------
https://thehackernews.com/2021/09/new-android-malware-steals-financial.html


∗∗∗ New security feature in September 2021 Cumulative Update for Exchange Server ∗∗∗
---------------------------------------------
[...] As part of our continued work to help you protect your Exchange Servers, in the September 2021 Cumulative Update (CU) we have added a new feature called the Microsoft Exchange Emergency Mitigation service. This new service is not a replacement for installing Exchange Server Security Updates (SUs), but [...]
---------------------------------------------
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel, libxml-security-java, and openssl), Fedora (fetchmail and python-rsa), openSUSE (grafana-piechart-panel and opera), and Red Hat (nodejs:14).
---------------------------------------------
https://lwn.net/Articles/870597/


∗∗∗ Command Injection Vulnerabilities in QVR ∗∗∗
---------------------------------------------
Two command injection vulnerabilities have been reported to affect certain QNAP EOL devices running QVR. If exploited, these vulnerabilities allow remote attackers to run arbitrary commands.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-35


∗∗∗ GNU C Library (glibc) vulnerability CVE-2021-33574 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K43700555


∗∗∗ LibreSSL: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1014


∗∗∗ GitHub Enterprise Server: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1015


∗∗∗ OpenSSH: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1017


∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php


∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access) ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php


∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php


∗∗∗ FatPipe Networks WARP 10.2.2 Authorization Bypass ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php


∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php


∗∗∗ Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-3711 and CVE-2021-3712 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2021-3711-and-cve-2021-3712/


∗∗∗ Security Bulletin: CVE-2021-2341 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2341-may-affect-ibm-sdk-java-technology-edition-2/


∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-11/


∗∗∗ Security Bulletin: Integrated application server and integrated web services for IBM i are affected by CVE-2021-35517 and CVE-2021-36090 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-integrated-application-server-and-integrated-web-services-for-ibm-i-are-affected-by-cve-2021-35517-and-cve-2021-36090/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-http-server-affect-ibm-i-2/


∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7774) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-and-ibm-integration-bus-cve-2020-7774-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list