[CERT-daily] Tageszusammenfassung - 29.09.2021

Wed Sep 29 18:08:15 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 28-09-2021 18:00 − Mittwoch 29-09-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ NSA, CISA share VPN security tips to defend against hackers ∗∗∗
---------------------------------------------
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/nsa-cisa-share-vpn-security-tips-to-defend-against-hackers/


∗∗∗ Why Should I Care About HTTP Request Smuggling? ∗∗∗
---------------------------------------------
HTTP request smuggling is a growing vulnerability, but you can manage the risk with proper server configuration.
---------------------------------------------
https://www.darkreading.com/edge-ask-the-experts/why-should-i-care-about-http-request-smuggling-


∗∗∗ DarkHalo after SolarWinds: the Tomiris connection ∗∗∗
---------------------------------------------
We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar.
---------------------------------------------
https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/


∗∗∗ Conti Ransomware Expands Ability to Blow Up Backups ∗∗∗
---------------------------------------------
The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.
---------------------------------------------
https://threatpost.com/conti-ransomware-backups/175114/


∗∗∗ How nation-state attackers like NOBELIUM are changing cybersecurity ∗∗∗
---------------------------------------------
In the first of a four-part series on the NOBELIUM nation-state attack, we describe the attack and explain why enterprises should be cautious.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/09/28/how-nation-state-attackers-like-nobelium-are-changing-cybersecurity/


∗∗∗ Serious Security: Let’s Encrypt gets ready to go it alone (in a good way!) ∗∗∗
---------------------------------------------
Lets Encrypt is set to become a mainstream, self-certifying web certificate authority - heres why it took so many years.
---------------------------------------------
https://nakedsecurity.sophos.com/2021/09/28/serious-security-lets-encrypt-gets-ready-to-go-it-alone-in-a-good-way/


∗∗∗ Keeping Track of Time: Network Time Protocol and a GPSD Bug, (Wed, Sep 29th) ∗∗∗
---------------------------------------------
The Network Time Protocol (NTP) has been critical in ensuring time is accurately kept for various systems businesses and organizations rely on.
---------------------------------------------
https://isc.sans.edu/diary/rss/27886


∗∗∗ Phone screenshots accidentally leaked online by stalkerware-type company ∗∗∗
---------------------------------------------
Stalkerware-type company pcTattleTale hasnt been very careful about securing the screenshots it sneakily takes from its victims phones.
---------------------------------------------
https://blog.malwarebytes.com/stalkerware/2021/09/phone-screenshots-accidentally-leaked-online-by-stalkerware-company/


∗∗∗ Betrügerische Mail im Namen der Volksbank unterwegs ∗∗∗
---------------------------------------------
Derzeit werden massenhaft betrügerische Phishing-Mails im Namen der Volksbank verschickt. Angeblich wurde eine „irrtümlich ausgeführte Überweisung“ gesperrt.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-mail-im-namen-der-volksbank-unterwegs/


∗∗∗ New GriftHorse malware has infected more than 10 million Android phones ∗∗∗
---------------------------------------------
Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis.
---------------------------------------------
https://therecord.media/new-grifthorse-malware-has-infected-more-than-10-million-android-phones/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ AirTags als Echtwelt-Trojaner: Apple lässt XSS-Lücke über Monate offen ∗∗∗
---------------------------------------------
Ein weiterer Sicherheitsforscher hat wegen Verärgerung über Apples zugeknöpftes Bug-Bounty-Programm eine Zero-Day-Schwachstelle veröffentlicht.
---------------------------------------------
https://heise.de/-6204364


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (iaito, libssh, radare2, and squashfs-tools), openSUSE (hivex, shibboleth-sp, and transfig), SUSE (python-urllib3 and shibboleth-sp), and Ubuntu (apache2, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, and linux-hwe-5.11, linux-azure, linux-azure-5.11, linux-oracle-5.11).
---------------------------------------------
https://lwn.net/Articles/871227/


∗∗∗ Security Bulletin: Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-bulletin-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities/


∗∗∗ Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-sdk-for-node-js-might-affect-the-configuration-editor-used-by-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR + CVE-2021-29967) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-14-0-esr-cve-2021-29967-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if14/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affects App Connect Professional ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affects-app-connect-professional/


∗∗∗ Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2021-29834 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2021-29834/


∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2021-2341 (deferred from Oracle Jul 2021 CPU for Java 7.x) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-cve-2021-2341-deferred-from-oracle-jul-2021-cpu-for-java-7-x/


∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-offline-documentation/


∗∗∗ Security Bulletin: Aspera Web Application (Console, Shares) are affected by jQuery vulnerability (cross-site scripting) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-application-console-shares-are-affected-by-jquery-vulnerability-cross-site-scripting/


∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU – Jul 2021 – Includes Oracle Jul 2021 CPU (minus CVE-2021-2341) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2021-includes-oracle-jul-2021-cpu-minus-cve-2021-2341/


∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -CVE-2021-2341 (deferred from Oracle Jul 2021 CPU for Java 7.x) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-cve-2021-2341-deferred-from-oracle-jul-2021-cpu-for-java-7-x/


∗∗∗ F-Secure Internet Gatekeeper: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-1020


∗∗∗ Elastic Stack Misconfiguration can lead to DDoS or Data Exfiltration ∗∗∗
---------------------------------------------
https://securitythreatnews.com/2021/09/29/elastic-stack-misconfiguration-can-lead-to-ddos-or-data-exfiltration/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily