Daily September 2021

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - 30.09.2021
by Daily end-of-shift report 30 Sep '21

30 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-09-2021 18:00 − Donnerstag 30-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ RansomEXX ransomware Linux encryptor may damage victims files ∗∗∗ --------------------------------------------- Cybersecurity firm Profero has discovered that the RansomExx gang does not correctly lock Linux files during encryption, leading to potentially corrupted files. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomexx-ransomware-linux-e… ∗∗∗ Stop That Phish! ∗∗∗ --------------------------------------------- Although ransomware holds a significant mindshare in security, phishing continues to be an effective and efficient tool for threat actors. In this blog, Tim Helming walks through various anti-phishing tools and methods available to defenders. --------------------------------------------- https://www.domaintools.com/resources/blog/stop-that-phish ∗∗∗ An overview of malware hashing algorithms ∗∗∗ --------------------------------------------- VirusTotals "Basic Properties" tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as well as identification, description and detection. But why do so many of them exist and when should you use which hash function? --------------------------------------------- https://www.gdatasoftware.com/blog/2021/09/an-overview-of-malware-hashing-a… ∗∗∗ TLS-Zertifikate: Altes Lets-Encrypt-Root läuft ab ∗∗∗ --------------------------------------------- Bei Fehlkonfigurationen und alten Geräten können Zertifikatsfehler mit Lets Encrypt auftreten. --------------------------------------------- https://www.golem.de/news/tls-zertifikate-altes-let-s-encrypt-root-laeuft-a… ∗∗∗ GhostEmperor: From ProxyLogon to kernel mode ∗∗∗ --------------------------------------------- While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor. --------------------------------------------- https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/ ∗∗∗ What is Cryptocurrency Mining Malware? ∗∗∗ --------------------------------------------- Cryptocurrency mining malware is typically a stealthy malware that farms the resources on a system (computers, smartphones, and other electronic devices connected to the internet) to generate revenue for the cyber criminals controlling it. Instead of using video game consoles or graphics card farms, these particular cryptominers are using the computers and servers of the people around them for their processing power - without permission. --------------------------------------------- https://blog.sucuri.net/2021/09/what-is-cryptocurrency-mining-malware-2.html ∗∗∗ Apple-Pay-Funktion erlaubt angeblich Geldklau von gesperrten iPhones ∗∗∗ --------------------------------------------- Sicherheitsexperten haben die Express-ÖPNV-Funktion auf Herz und Nieren getestet und kommen zu dem Schluss, dass unerwünschte Visa-Zahlungen möglich sind. --------------------------------------------- https://heise.de/-6204960 ∗∗∗ Bericht: Android-Trojaner GriftHorse kassiert bei über 10 Millionen Opfern ab ∗∗∗ --------------------------------------------- Online-Kriminelle sollen mit Trojaner-Apps Abos abschließen und darüber hunderte Millionen Euro erbeutet haben, warnen Sicherheitsforscher. --------------------------------------------- https://heise.de/-6205272 ∗∗∗ A wolf in sheeps clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus ∗∗∗ --------------------------------------------- By Vitor Ventura and Arnaud Zobec. Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware. --------------------------------------------- https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html ∗∗∗ Telemetry Report Shows Patch Status of High-Profile Vulnerabilities ∗∗∗ --------------------------------------------- A record number of new security vulnerabilities (18,352) were reported in 2020. This year, the number is likely to be higher (13,002 by September 1). The problem with a zero-day vulnerability is that it remains a zero-day until it is patched by both the vendor and the user. --------------------------------------------- https://www.securityweek.com/telemetry-report-shows-patch-status-high-profi… ∗∗∗ The Ransomware Threat in 2021 ∗∗∗ --------------------------------------------- New research from Symantec finds that organizations face an unprecedented level of danger from targeted ransomware attacks as the number of adversaries multiply alongside an increased sophistication in tactics. --------------------------------------------- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ra… ∗∗∗ Facebook open-sources internal tool used to detect security bugs in Android apps ∗∗∗ --------------------------------------------- Facebook has open-sourced Mariana Trench, one of its internal security tools, used by its security teams for finding and fixing bugs in Android and Java applications. --------------------------------------------- https://therecord.media/facebook-open-sources-internal-tool-used-to-detect-… ∗∗∗ Ransomware attack disrupts hundreds of bookstores across France, Belgium, and the Netherlands ∗∗∗ --------------------------------------------- Hundreds of bookstores across France, Belgium, and the Netherlands have had their operations disrupted this week after a ransomware attack crippled the IT systems of TiteLive, a French company that operates a SaaS platform for book sales and inventory management. --------------------------------------------- https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-a… ∗∗∗ After the storm - how to move on with NTLM ∗∗∗ --------------------------------------------- I remember that, about 15 years ago, we already flagged the absence of SMB signing as a vulnerability in reports. Though at that time, we circled more around the theoretical risk of someone tampering SMB traffic due to the lack of integrity protection. None of us really had an idea how to make use of that vulnerability. The later obviously changed. --------------------------------------------- https://cyberstoph.org/posts/2021/09/after-the-storm-how-to-move-on-with-nt… ===================== = Vulnerabilities = ===================== ∗∗∗ Linkit - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-042 ∗∗∗ --------------------------------------------- Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field. It does not sufficiently sanitize user input. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit an entity bundle. --------------------------------------------- https://www.drupal.org/sa-contrib-2021-042 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libxstream-java, uwsgi, and weechat), Fedora (libspf2, libvirt, mingw-python3, mono-tools, python-flask-restx, and sharpziplib), Mageia (gstreamer, libgcrypt, libgd, mosquitto, php, python-pillow, qtwebengine5, and webkit2), openSUSE (postgresql12 and postgresql13), SUSE (haproxy, postgresql12, postgresql13, and rabbitmq-server), and Ubuntu (commons-io and linux-oem-5.13). --------------------------------------------- https://lwn.net/Articles/871424/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 12 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Boston Scientific Zoom Latitude ∗∗∗ --------------------------------------------- This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques, Improper Access Control, Missing Support for Integrity Check, and Reliance on Component That is Not Updateable vulnerabilities in the Boston Scientific Zoom Latitude programmer/recorder/monitor (PRM) 3120 model. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01 ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210929… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.09.2021
by Daily end-of-shift report 29 Sep '21

29 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-09-2021 18:00 − Mittwoch 29-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ NSA, CISA share VPN security tips to defend against hackers ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nsa-cisa-share-vpn-security-… ∗∗∗ Why Should I Care About HTTP Request Smuggling? ∗∗∗ --------------------------------------------- HTTP request smuggling is a growing vulnerability, but you can manage the risk with proper server configuration. --------------------------------------------- https://www.darkreading.com/edge-ask-the-experts/why-should-i-care-about-ht… ∗∗∗ DarkHalo after SolarWinds: the Tomiris connection ∗∗∗ --------------------------------------------- We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar. --------------------------------------------- https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104… ∗∗∗ Conti Ransomware Expands Ability to Blow Up Backups ∗∗∗ --------------------------------------------- The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software. --------------------------------------------- https://threatpost.com/conti-ransomware-backups/175114/ ∗∗∗ How nation-state attackers like NOBELIUM are changing cybersecurity ∗∗∗ --------------------------------------------- In the first of a four-part series on the NOBELIUM nation-state attack, we describe the attack and explain why enterprises should be cautious. --------------------------------------------- https://www.microsoft.com/security/blog/2021/09/28/how-nation-state-attacke… ∗∗∗ Serious Security: Let’s Encrypt gets ready to go it alone (in a good way!) ∗∗∗ --------------------------------------------- Lets Encrypt is set to become a mainstream, self-certifying web certificate authority - heres why it took so many years. --------------------------------------------- https://nakedsecurity.sophos.com/2021/09/28/serious-security-lets-encrypt-g… ∗∗∗ Keeping Track of Time: Network Time Protocol and a GPSD Bug, (Wed, Sep 29th) ∗∗∗ --------------------------------------------- The Network Time Protocol (NTP) has been critical in ensuring time is accurately kept for various systems businesses and organizations rely on. --------------------------------------------- https://isc.sans.edu/diary/rss/27886 ∗∗∗ Phone screenshots accidentally leaked online by stalkerware-type company ∗∗∗ --------------------------------------------- Stalkerware-type company pcTattleTale hasnt been very careful about securing the screenshots it sneakily takes from its victims phones. --------------------------------------------- https://blog.malwarebytes.com/stalkerware/2021/09/phone-screenshots-acciden… ∗∗∗ Betrügerische Mail im Namen der Volksbank unterwegs ∗∗∗ --------------------------------------------- Derzeit werden massenhaft betrügerische Phishing-Mails im Namen der Volksbank verschickt. Angeblich wurde eine „irrtümlich ausgeführte Überweisung“ gesperrt. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-mail-im-namen-der-vol… ∗∗∗ New GriftHorse malware has infected more than 10 million Android phones ∗∗∗ --------------------------------------------- Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis. --------------------------------------------- https://therecord.media/new-grifthorse-malware-has-infected-more-than-10-mi… ===================== = Vulnerabilities = ===================== ∗∗∗ AirTags als Echtwelt-Trojaner: Apple lässt XSS-Lücke über Monate offen ∗∗∗ --------------------------------------------- Ein weiterer Sicherheitsforscher hat wegen Verärgerung über Apples zugeknöpftes Bug-Bounty-Programm eine Zero-Day-Schwachstelle veröffentlicht. --------------------------------------------- https://heise.de/-6204364 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (iaito, libssh, radare2, and squashfs-tools), openSUSE (hivex, shibboleth-sp, and transfig), SUSE (python-urllib3 and shibboleth-sp), and Ubuntu (apache2, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, and linux-hwe-5.11, linux-azure, linux-azure-5.11, linux-oracle-5.11). --------------------------------------------- https://lwn.net/Articles/871227/ ∗∗∗ Security Bulletin: Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-bulletin-app-connect-prof… ∗∗∗ Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR + CVE-2021-29967) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affects App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2021-29834 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2021-2341 (deferred from Oracle Jul 2021 CPU for Java 7.x) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Aspera Web Application (Console, Shares) are affected by jQuery vulnerability (cross-site scripting) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-application-co… ∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU – Jul 2021 – Includes Oracle Jul 2021 CPU (minus CVE-2021-2341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise… ∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -CVE-2021-2341 (deferred from Oracle Jul 2021 CPU for Java 7.x) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise… ∗∗∗ F-Secure Internet Gatekeeper: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-1020 ∗∗∗ Elastic Stack Misconfiguration can lead to DDoS or Data Exfiltration ∗∗∗ --------------------------------------------- https://securitythreatnews.com/2021/09/29/elastic-stack-misconfiguration-ca… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.09.2021
by Daily end-of-shift report 28 Sep '21

28 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Montag 27-09-2021 18:00 − Dienstag 28-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor ∗∗∗ --------------------------------------------- In-depth analysis of newly detected NOBELIUM malware: a post-exploitation backdoor that Microsoft Threat Intelligence Center (MSTIC) refers to as FoggyWeb. NOBELIUM uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing certificate, and token-decryption certificate, as well as to download and execute additional components. --------------------------------------------- https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobeli… ∗∗∗ TLS 1.3 and SSL - the current state of affairs, (Tue, Sep 28th) ∗∗∗ --------------------------------------------- It has been over 3 years since the specification for TLS 1.3 was published, and although the protocol has some minor drawbacks, it is undoubtedly the most secure TLS version so far. One would therefore hope that the adoption of TLS 1.3 and its use on web servers around the globe would steadily increase over time (ideally hand in hand with a slow disappearance of older cryptographic protocols, especially the historic SSL 2.0 and SSL 3.0). --------------------------------------------- https://isc.sans.edu/diary/rss/27882 ∗∗∗ Securing mobile devices. A timely reminder ∗∗∗ --------------------------------------------- If you’re commuting again or if you’re responsible for securing your people’s devices it’s a good idea to revisit and review your security admin for mobile devices. This post isn’t breaking any new ground, but it is a good place to start that review process, and think about your security behaviours. --------------------------------------------- https://www.pentestpartners.com/security-blog/securing-mobile-devices-a-tim… ∗∗∗ Vorsicht, wenn die Wohnungsbesichtigung über booking.com abgewickelt werden sollte ∗∗∗ --------------------------------------------- Sie haben endlich Ihre Traumwohnung gefunden? Der einzige Haken: Sie sollten schon vor der Besichtigung eine Kaution bezahlen, die angeblich von booking.com verwaltet wird? Dann sind Sie auf ein betrügerisches Wohnungsinserat gestoßen. Zahlen Sie keinesfalls eine Kaution vor der Besichtigung. Diese Wohnung gibt es nicht und Sie verlieren Ihre geleistete Zahlung! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-wenn-die-wohnungsbesichtigu… ∗∗∗ Highlights From the Unit 42 Cloud Threat Report, 2H 2021 ∗∗∗ --------------------------------------------- In the Unit 42 Cloud Threat Report, 2H 2021, our researchers dive deep into the full scope of supply chain attacks in the cloud and explain often misunderstood details about how they occur. We also provide actionable recommendations any organization can adopt immediately to begin protecting their software supply chains in the cloud. --------------------------------------------- https://unit42.paloaltonetworks.com/cloud-threat-report-2h-2021/ ∗∗∗ Anatomy and Disruption of Metasploit Shellcode ∗∗∗ --------------------------------------------- In April 2021 we went through the anatomy of a Cobalt Strike stager and how some of its signature evasion techniques ended up being ineffective against detection technologies. In this blog post we will go one level deeper and focus on Metasploit, an often-used framework interoperable with Cobalt Strike. --------------------------------------------- https://blog.nviso.eu/2021/09/02/anatomy-and-disruption-of-metasploit-shell… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-21-1116: NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. CVE ID: CVE-2021-34947 --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1116/ ∗∗∗ SSA-728618: Multiple Vulnerabilities in Solid Edge before SE2021MP8 ∗∗∗ --------------------------------------------- Siemens has released a new version for Solid Edge that fixes multiple file parsing vulnerabilities which could be triggered when the application reads files in IFC, JT or OBJ formats. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-728618.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel), openSUSE (gd, grilo, nodejs14, and transfig), Oracle (nodejs:14 and squid), Red Hat (kernel and shim and fwupd), SUSE (apache2, atftp, gd, and python-Pillow), and Ubuntu (apache2, linux, linux-aws, linux-aws-5.11, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, and vim). --------------------------------------------- https://lwn.net/Articles/871096/ ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- D-LINK Router DIR-X1560 < 1.04B04, D-LINK Router DIR-X6060 < 1.02B01 Ein entfernter, anonymer Angreifer kann eine Schwachstelle in verschiedenen D-LINK Routern ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-1019 ∗∗∗ Security Bulletin: IBM Security SOAR is using a version of Elasticsearch that has known vulnerabilities (CVE-2021-22137, CVE-2021-22135) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-usin… ∗∗∗ Security Bulletin: PostgreSQL Vulnerability Affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2021-32029) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.09.2021
by Daily end-of-shift report 27 Sep '21

27 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-09-2021 18:00 − Montag 27-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Jetzt patchen! Exploit-Code für Chrome und Edge in Umlauf ∗∗∗ --------------------------------------------- Angriffe auf die Webbrowser Chrome und Edge könnten kurz bevor stehen. Reparierte Versionen stehen zum Download bereit. --------------------------------------------- https://heise.de/-6201629 ∗∗∗ He escaped the Dark Web’s biggest bust. Now he’s back ∗∗∗ --------------------------------------------- DeSnake apparently eluded the takedown of AlphaBay and now plans to resurrect it. --------------------------------------------- https://arstechnica.com/?p=1798352 ∗∗∗ BloodyStealer and gaming assets for sale ∗∗∗ --------------------------------------------- We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that ends up on the black market. --------------------------------------------- https://securelist.com/bloodystealer-and-gaming-assets-for-sale/104319/ ∗∗∗ Video: Strings Analysis: VBA & Excel4 Maldoc, (Sat, Sep 25th) ∗∗∗ --------------------------------------------- I did record a video for my diary entry "Strings Analysis: VBA & Excel4 Maldoc", showing how to use CyberChef to analyze a maldoc. --------------------------------------------- https://isc.sans.edu/diary/rss/27874 ∗∗∗ New Android Malware Steals Financial Data from 378 Banking and Wallet Apps ∗∗∗ --------------------------------------------- The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. "The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabrics CEO Cengiz Han Sahin said [...] --------------------------------------------- https://thehackernews.com/2021/09/new-android-malware-steals-financial.html ∗∗∗ New security feature in September 2021 Cumulative Update for Exchange Server ∗∗∗ --------------------------------------------- [...] As part of our continued work to help you protect your Exchange Servers, in the September 2021 Cumulative Update (CU) we have added a new feature called the Microsoft Exchange Emergency Mitigation service. This new service is not a replacement for installing Exchange Server Security Updates (SUs), but [...] --------------------------------------------- https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feat… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel, libxml-security-java, and openssl), Fedora (fetchmail and python-rsa), openSUSE (grafana-piechart-panel and opera), and Red Hat (nodejs:14). --------------------------------------------- https://lwn.net/Articles/870597/ ∗∗∗ Command Injection Vulnerabilities in QVR ∗∗∗ --------------------------------------------- Two command injection vulnerabilities have been reported to affect certain QNAP EOL devices running QVR. If exploited, these vulnerabilities allow remote attackers to run arbitrary commands. --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-35 ∗∗∗ GNU C Library (glibc) vulnerability CVE-2021-33574 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43700555 ∗∗∗ LibreSSL: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1014 ∗∗∗ GitHub Enterprise Server: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1015 ∗∗∗ OpenSSH: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1017 ∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php ∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access) ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php ∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php ∗∗∗ FatPipe Networks WARP 10.2.2 Authorization Bypass ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php ∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php ∗∗∗ Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-3711 and CVE-2021-3712 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affe… ∗∗∗ Security Bulletin: CVE-2021-2341 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2341-may-affect-… ∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-wo… ∗∗∗ Security Bulletin: Integrated application server and integrated web services for IBM i are affected by CVE-2021-35517 and CVE-2021-36090 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-integrated-application-se… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7774) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-j… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.09.2021
by Daily end-of-shift report 24 Sep '21

24 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-09-2021 18:00 − Freitag 24-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Sicherheitsupdates: Kritische Admin-Lücke mit Höchstwertung bedroht Cisco-Geräte ∗∗∗ --------------------------------------------- Der Netzwerkausrüster hat jede Menge Sicherheitslücken geschlossen. Erfolgreiche Attacken können gefährliche Auswirkungen haben. --------------------------------------------- https://heise.de/-6200359 ∗∗∗ Frustriert von Apple: Sicherheitsforscher veröffentlicht 0-Day-Lücken für iOS 15 ∗∗∗ --------------------------------------------- Der Konzern habe nur einen der Bugs still gestopft und nicht weiter reagiert, so der Sicherheitsforscher. Die Lücken geben Apps wohl Zugriff auf Nutzerdaten. --------------------------------------------- https://heise.de/-6200907 ∗∗∗ Malware devs trick Windows validation with malformed certs ∗∗∗ --------------------------------------------- Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malware-devs-trick-windows-v… ∗∗∗ TangleBot Malware Reaches Deep into Android Device Functions ∗∗∗ --------------------------------------------- The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others. --------------------------------------------- https://threatpost.com/tanglebot-malware-device-functions/174999/ ∗∗∗ Keep an Eye on Your Users Mobile Devices (Simple Inventory), (Fri, Sep 24th) ∗∗∗ --------------------------------------------- Today, smartphones are everywhere and became our best friends for many tasks. Probably your users already access their corporate mailbox via a mobile device. If it's not yet the case, you probably have many requests to implement this. They are two ways to achieve this: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/27868 ∗∗∗ Fake-Shop-Alarm: Kaufen Sie keine Fahrräder auf efahrrad-shop.com! ∗∗∗ --------------------------------------------- Der Online-Shop efahrrad-shop.com präsentiert sich auf seiner Webseite als „ausgezeichneter und zertifizierter Online Fahrradfachhandel“. Doch wer sich die Seite genauer anschaut, stößt auf zahlreiche Ungereimtheiten. So findet sich ein fehlerhaftes Impressum auf der Webseite und die angegebenen Preise liegen deutlich unter den üblichen Preisen. Alles Hinweise dafür, dass es sich um einen Fake-Shop handelt. --------------------------------------------- https://www.watchlist-internet.at/news/fake-shop-alarm-kaufen-sie-keine-fah… ∗∗∗ FamousSparrow: A suspicious hotel guest ∗∗∗ --------------------------------------------- Yet another APT group that exploited the ProxyLogon vulnerability in March 2021 --------------------------------------------- https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-gu… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-21-1112: Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1112/ ∗∗∗ SonicWall warns users to patch critical vulnerability “as soon as possible” ∗∗∗ --------------------------------------------- SonicWall is asking SMA 100 series customers to patch their appliances against a vulnerability that could give attackers administrator access. --------------------------------------------- https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwal… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mupdf), Fedora (ghostscript, gifsicle, and ntfs-3g), openSUSE (kernel and nodejs14), and SUSE (curl, ffmpeg, gd, hivex, kernel, nodejs14, python-reportlab, sqlite3, and xen). --------------------------------------------- https://lwn.net/Articles/870365/ ∗∗∗ Apple Releases Security Updates ∗∗∗ --------------------------------------------- Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. CISA encourages users and administrators to review the Apple security page for iOS 12.5.5 and Security Update 2021-006 Catalina and apply the necessary updates as soon as possible. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/apple-releases-se… ∗∗∗ BIG-IP APM XSS vulnerability CVE-2021-23054 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41997459 ∗∗∗ Trend Micro ServerProtect: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1010 ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Public disclosed vulnerability from OpenSSL affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerab… ∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-i… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.09.2021
by Daily end-of-shift report 23 Sep '21

23 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-09-2021 18:00 − Donnerstag 23-09-2021 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers are scanning for VMware CVE-2021-22005 targets, patch now! ∗∗∗ --------------------------------------------- Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-are-scanning-for-vmw… ∗∗∗ How REvil May Have Ripped Off Its Own Affiliates ∗∗∗ --------------------------------------------- A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments. --------------------------------------------- https://threatpost.com/how-revil-may-have-ripped-off-its-own-affiliates/174… ∗∗∗ Excel Recipe: Some VBA Code with a Touch of Excel4 Macro, (Thu, Sep 23rd) ∗∗∗ --------------------------------------------- Microsoft Excel supports two types of macros. The legacy format is known as “Excel4 macro” and the new (but already used for a while) is based on VBA. We already cover both formats in many diaries. Yesterday, I spotted an interesting sample that implements… both! --------------------------------------------- https://isc.sans.edu/diary/rss/27864 ∗∗∗ iOS 15 und macOS 12: Alte TLS-Versionen haben ausgedient ∗∗∗ --------------------------------------------- Apple will TLS 1.0 und 1.1 bald nicht mehr unterstützen. In iOS 15 & Co gelten die alten Versionen des Verschlüsselungsprotokolls bereits als abgekündigt. --------------------------------------------- https://heise.de/-6199902 ∗∗∗ BulletProofLink: Wo der ganze Phishing-Spam herkommt ∗∗∗ --------------------------------------------- Microsoft beschreibt im Detail, wie auch absolute Neulinge ohne Vorkenntnisse spielend leicht ins Geschäft mit geklauten Zugangsdaten einsteigen können. --------------------------------------------- https://heise.de/-6199720 ∗∗∗ Cyber Threats to Global Electric Sector on the Rise ∗∗∗ --------------------------------------------- The number of cyber intrusions and attacks targeting the Electric sector is increasing and in 2020 Dragos identified three new Activity Groups (AGs) targeting the Electric Sector: [...] --------------------------------------------- https://www.dragos.com/blog/industry-news/cyber-threats-to-global-electric-… ∗∗∗ Plugging the holes: How to prevent corporate data leaks in the cloud ∗∗∗ --------------------------------------------- Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration conundrums. --------------------------------------------- https://www.welivesecurity.com/2021/09/22/plugging-holes-how-prevent-corpor… ∗∗∗ Rückblick auf das zweite Drittel 2021 ∗∗∗ --------------------------------------------- Das zweite Drittel 2021 ist vorbei und wie auch das erste gab es viel zu tun. Microsofts Exchange Server war diesmal nicht die einzige Mailserver-Software, in der kritische Lücken gefunden wurden; exim reihte sich mit gleich 21 Schwachsstellen in die Liste ein. Außerdem ging ab Juni wieder eine DDoS-Erpressungswelle um. --------------------------------------------- https://cert.at/de/blog/2021/9/ruckblick-auf-das-zweite-drittel-2021 ∗∗∗ CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware ∗∗∗ --------------------------------------------- CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/09/22/cisa-fbi-and-nsa-… ∗∗∗ CISA Releases Guidance: IPv6 Considerations for TIC 3.0 ∗∗∗ --------------------------------------------- The federal government has prioritized the transition of federal networks to Internet Protocol version 6 (IPv6) since the release of Office of Management and Budget (OMB) Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07. That memorandum specifically entrusts CISA with enhancing the Trusted Internet Connections (TIC) program to fully support the implementation of IPv6 in federal IT systems. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/cisa-releases-gui… ∗∗∗ Securing Microservices ∗∗∗ --------------------------------------------- Do you remember how it felt to get your first email account? Not only were you able to communicate with multiple people in a fast and efficient manner, it also gave you an online identity you could use to access a wide range of services. As time progressed, though, you became increasingly aware of email’s […] --------------------------------------------- https://www.intezer.com/blog/cloud-security/securing-microservices/ ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal Security Advisories ∗∗∗ --------------------------------------------- Drupal hat 12 Security Advisories zu "Contributed projects", d.h. Software, die nicht vom Drupal-Team selbst entwickelt wird, veröffentlicht. Vier davon werden als "Critical" eingestuft. --------------------------------------------- https://www.drupal.org/security/contrib ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBMs PSIRT hat 26 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco hat 31 Security Advisories veröffentlicht. Drei davon werden als "Critical" eingestuft, 13 als "High". --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ruby-kaminari and tomcat8), Mageia (389-ds-base, ansible, apache, apr, cpio, curl, firefox, ghostscript, gifsicle, gpac, libarchive, libgd, libssh, lynx, nextcloud-client, openssl, postgresql, proftpd, python3, thunderbird, tor, and vim), openSUSE (chromium, ffmpeg, grilo, hivex, linuxptp, and samba), Oracle (go-toolset:ol8, kernel, kernel-container, krb5, mysql:8.0, and nodejs:12), SUSE (ffmpeg, firefox, grilo, hivex, kernel, linuxptp, nodejs14, and --------------------------------------------- https://lwn.net/Articles/870190/ ∗∗∗ Trane Symbio ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Code Injection vulnerability in Trane Symbio 700 and Symbio 800 controllers. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01 ∗∗∗ Trane Tracer ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Code Injection vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge building automation products. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.09.2021
by Daily end-of-shift report 22 Sep '21

22 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-09-2021 18:00 − Mittwoch 22-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Apple users warned: Clicking this attachment will take over your macOS ∗∗∗ --------------------------------------------- A code execution bug in Apple's macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn't fully patched it yet, as tested by Ars. --------------------------------------------- https://arstechnica.com/?p=1797268 ∗∗∗ Datenanalyse: Steigende Zahl automatisierter Cyberangriffe ∗∗∗ --------------------------------------------- Automatisierung ist seit Jahren ein wichtiges Thema. Auch Online-Kriminelle haben laut eine Analyse die Vorteile für sich entdeckt. Kriminelle Hacker setzen nach einer neuen Datenanalyse bei Cyberangriffen immer häufiger auf automatisierte Massenattacken. Seltener werden dagegen gezielte Angriffe, bei denen Hacker noch persönlich am Computer sitzen... --------------------------------------------- https://heise.de/-6198205 ∗∗∗ Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners ∗∗∗ --------------------------------------------- We strongly recommend updating immediately to the latest patched version of Ninja Forms to patch these security issues, which is version 3.5.8.2 of Ninja Forms at the time of this publication. --------------------------------------------- https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-… ∗∗∗ Bei diesen Investitionsplattformen verlieren Sie Ihr Geld ∗∗∗ --------------------------------------------- Im Internet findet man unzählige Möglichkeiten, Geld einfach und unkompliziert zu investieren. Auf Trading-Plattformen wie infinitycapitalg.com, suntonfx.com oder windsorglobalaustria.com werden hohe Gewinnchancen, auch ohne großes Finanzwissen versprochen. Klingt zwar sehr verlockend, führt in Wahrheit aber zu sehr hohen Verlusten! Unser Tipp: Checken Sie die Investorenwarnungen der Finanzmarktaufsicht. --------------------------------------------- https://www.watchlist-internet.at/news/bei-diesen-investitionsplattformen-v… ∗∗∗ Microsoft Exchange Autodiscover-Designfehler ermöglicht Abgriff von Zugangsdaten ∗∗∗ --------------------------------------------- Sicherheitsforscher von Guardicore sind in Microsoft Exchange auf einen Designfehler gestoßen, der es Angreifern ermöglicht, über externe Autodiscover-Domains die Anmeldedaten von Domains abzugreifen. Möglich wird dies, weil sich Autodiscover-Domains außerhalb der Domäne des Nutzers (aber noch in derselben TLD) missbrauchen lassen. --------------------------------------------- https://www.borncity.com/blog/2021/09/22/microsoft-exchange-autodiscover-de… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-21-1104: McAfee Endpoint Security Incorrect Permission Assignment Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Endpoint Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1104/ ∗∗∗ Patch now! Insecure Hikvision security cameras can be taken over remotely ∗∗∗ --------------------------------------------- The vulnerability found by Watchfull_IP is listed under CVE-2021-36260 and could allow an unauthenticated attacker to gain full access to the device and possibly perform lateral movement into internal networks.. --------------------------------------------- https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-no… ∗∗∗ September 22, 2021 TNS-2021-16 [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1 ∗∗∗ --------------------------------------------- One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable opted to upgrade the bundled OpenSSL components to address the potential impact of these issues. Tenable.sc patch SC-202109.1 updates OpenSSL to version 1.1.1l to address the identified vulnerabilities. --------------------------------------------- http://www.tenable.com/security/tns-2021-16 ∗∗∗ VMSA-2021-0020 ∗∗∗ --------------------------------------------- Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. CVSSv3 Range: 4.3-9.8 CVE(s): CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22016, CVE-2021-22017, CVE-2021-22018, CVE-2021-22019, CVE-2021-22020 --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2021-0020.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (grilo), Fedora (curl, firefox, mingw-python-pillow, python-pillow, python2-pillow, and webkit2gtk3), openSUSE (chromium, grafana-piechart-panel, kernel, libcroco, php-composer, and xen), Oracle (curl, kernel, and nss and nspr), Red Hat (nodejs:12), Slackware (alpine), SUSE (ghostscript, grafana-piechart-panel, kernel, and xen), and Ubuntu (linux, linux-hwe, linux-hwe-5.11, linux-hwe-5.4, linux-raspi, linux-raspi-5.4, and linux-raspi2). --------------------------------------------- https://lwn.net/Articles/870002/ ∗∗∗ Apple iTunes: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Ein entfernter Angreifer kann mehrere Schwachstellen in Apple iTunes ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0997 ∗∗∗ Apple Safari: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Ein entfernter Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0996 ∗∗∗ Apple macOS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, Informationen offenzulegen, seine Privilegien zu erhöhen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0994 ∗∗∗ Apple macOS: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apple macOS ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-1000 ∗∗∗ Security Advisory - Server-Side Request Forgery Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-… ∗∗∗ Security Advisory - Improper File Upload Control Vulnerability in Huawei FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-… ∗∗∗ Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-… ∗∗∗ Security Bulletin: IBM® Java™ SDK Technology Edition affects IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA) (CVE-2020-14781,CVE-2020-14782) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-technology-e… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM QRadar Azure marketplace images include Open Management Infrastructure RPM, which is vulnerable to Remote Code Execution (CVE-2021-38647) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-azure-marketpl… ∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29800) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-mana… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities (CVE-2021-3538, CVE-2021-33502, CVE-2021-3450, CVE-2021-3449) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2021-3712) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclose… ∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise v11, v12 (CVE-2020-7608) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-j… ∗∗∗ Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.09.2021
by Daily end-of-shift report 21 Sep '21

21 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Montag 20-09-2021 18:00 − Dienstag 21-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ A guide to combatting human-operated ransomware: Part 1 ∗∗∗ --------------------------------------------- As human-operated ransomware is on the rise, Microsoft’s Detection and Response Team (DART) shares how they investigate these attacks and what to consider when faced with a similar event in your organization. --------------------------------------------- https://www.microsoft.com/security/blog/2021/09/20/a-guide-to-combatting-hu… ∗∗∗ Mama Always Told Me Not to Trust Strangers without Certificates (Moar Netgear Pwnage) ∗∗∗ --------------------------------------------- This blog post details a vulnerability, the exploitation of which results in Remote Code Execution (RCE) as root, that impacts many modern Netgear Small Offices/Home Offices (SOHO) devices. The vulnerability isn’t your typical router vulnerability, in that the source of the vulnerability is located within a third-party component included in the firmware of many Netgear devices. This code is part of Circle, which adds parental control features to these devices. --------------------------------------------- https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html ∗∗∗ Does Your Organization Have a Security.txt File? ∗∗∗ --------------------------------------------- It happens all the time: Organizations get hacked because there isnt an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isnt entirely clear who should get the report when remote access to an organizations internal network is being sold in the cybercrime underground. In a bid to minimize these scenarios, a growing number of major companies are adopting "Security.txt," a proposed new Internet standard... --------------------------------------------- https://krebsonsecurity.com/2021/09/does-your-organization-have-a-security-… ∗∗∗ TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines ∗∗∗ --------------------------------------------- Cisco Talos found a previously undiscovered backdoor from the Turla APT that we are seeing in the wild. This simple backdoor is likely used as a second-chance backdoor to maintain access to the system, even if the primary malware is removed. It could also be used as a second-stage dropper to infect the system with additional malware. --------------------------------------------- https://blog.talosintelligence.com/2021/09/tinyturla.html ∗∗∗ OpenOffice Vulnerability Exposes Users to Code Execution Attacks ∗∗∗ --------------------------------------------- A buffer overflow vulnerability in Apache OpenOffice could be exploited to execute arbitrary code on target machines using malicious documents. Tracked as CVE-2021-33035 and discovered by security researcher Eugene Lim, the bug affects OpenOffice versions up to 4.1.10, with patches deployed in the 4.1.11 beta only, meaning that most installations out there are likely vulnerable. --------------------------------------------- https://www.securityweek.com/openoffice-vulnerability-exposes-users-code-ex… ∗∗∗ Vorsicht beim Welpen-Kauf im Internet! ∗∗∗ --------------------------------------------- Wollen Sie online einen Hundewelpen kaufen? Wenn ja, dann stoßen Sie möglicherweise auf unseriöse Angebote. Der Watchlist Internet werden derzeit zahlreiche Seiten gemeldet, die angeben Rasse-Hundewelpen zu verkaufen und das meist zu einem günstigen Preis. Nicht nur die Preise, sondern auch liebevolle Fotos und Beschreibungen verlocken dazu, einen Kauf zu tätigen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-welpen-kauf-im-interne… ∗∗∗ Russian security firm sinkholes part of the dangerous Meris DDoS botnet ∗∗∗ --------------------------------------------- Rostelecom-Solar, the cybersecurity division of Russian telecom giant Rostelecom, said on Monday that it sinkholed a part of the Meris DDoS botnet after identifying a mistake from the malwares creators. --------------------------------------------- https://therecord.media/russian-security-firm-sinkholes-part-of-the-dangero… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 21 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (webkit2gtk, wpewebkit, and xen), Oracle (kernel), Red Hat (curl, go-toolset:rhel8, krb5, mysql:8.0, nodejs:12, and nss and nspr), and Ubuntu (curl and tiff). --------------------------------------------- https://lwn.net/Articles/869923/ ∗∗∗ Apple iOS & iPadOS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- iOS 15 und iPadOS 15 sowie iOS 14.8 und iPadOS 14.8 veröffentlicht. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0993 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.09.2021
by Daily end-of-shift report 20 Sep '21

20 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-09-2021 18:00 − Montag 20-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Jetzt patchen! Krypto-Miner schlüpft durch OMIGOD-Lücken auf Azure-Server ∗∗∗ --------------------------------------------- Angreifer attackieren derzeit Azure-Kunden mit virtuellen Linux-PCs. Admins sollten jetzt handeln und die verfügbaren Sicherheitsupdates installieren. --------------------------------------------- https://heise.de/-6195928 ∗∗∗ Epik data breach impacts 15 million users, including non-customers ∗∗∗ --------------------------------------------- Scraped WHOIS data of NON-Epik customers also exposed in the 180 GB leak. --------------------------------------------- https://arstechnica.com/?p=1796568 ∗∗∗ Bring Your APIs Out of the Shadows to Protect Your Business ∗∗∗ --------------------------------------------- APIs are immensely more complex to secure. Shadow APIs - those unknown or forgotten API endpoints that escape the attention and protection of IT - present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do. --------------------------------------------- https://threatpost.com/apis-out-of-shadows-protect-your-business/169334/ ∗∗∗ Video: Simple Analysis Of A CVE-2021-40444 .docx Document, (Sun, Sep 19th) ∗∗∗ --------------------------------------------- I created a video for the analysis I described in my last diary entry "Simple Analysis Of A CVE-2021-40444 .docx Document". --------------------------------------------- https://isc.sans.edu/diary/rss/27850 ∗∗∗ EventBuilder Exposed Information of Over 100,000 Event Registrants ∗∗∗ --------------------------------------------- Event management company EventBuilder exposed files containing the personal information of at least 100,000 users who registered for events on its platform. --------------------------------------------- https://www.securityweek.com/eventbuilder-exposed-information-over-100000-e… ∗∗∗ Network Security Trends: May-July 2021 ∗∗∗ --------------------------------------------- Network security trends, May-July 2021: We analyze how vulnerabilities are being exploited in the wild and rank the most common types of attacks. --------------------------------------------- https://unit42.paloaltonetworks.com/network-security-trends/ ∗∗∗ Threat landscape for industrial automation systems. Statistics for H1 2021 ∗∗∗ --------------------------------------------- In H1 2021, the percentage of ICS computers on which malicious objects were blocked was 33.8%, which was 0.4 p.p. more than in H2 2020. --------------------------------------------- https://ics-cert.kaspersky.com/reports/2021/09/09/threat-landscape-for-indu… ∗∗∗ ‘Yes, we are breaking the law:’ An interview with the operator of a marketplace for stolen data ∗∗∗ --------------------------------------------- A website called Marketo emerged earlier this year, billing itself as a marketplace where people can buy leaked data. Although Marketo isn’t a ransomware group, it appears to borrow key strategies from those types of threat actors. --------------------------------------------- https://therecord.media/yes-we-are-breaking-the-law-an-interview-with-the-o… ===================== = Vulnerabilities = ===================== ∗∗∗ #OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports., (Mon, Sep 20th) ∗∗∗ --------------------------------------------- After the "OMIGOD" vulnerability details were made public, and it became obvious that exploiting vulnerable hosts would be trivial, researchers and attackers started pretty much immediately to scan for vulnerable hosts. We saw a quick rise of scans, particularly against port:1270. --------------------------------------------- https://isc.sans.edu/diary/rss/27852 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gnutls28, nettle, nextcloud-desktop, and openssl1.0), Fedora (dovecot-fts-xapian, drupal7, ghostscript, haproxy, libtpms, lynx, wordpress, and xen), openSUSE (xen), Red Hat (rh-ruby27-ruby), and SUSE (openssl, openssl1, and xen). --------------------------------------------- https://lwn.net/Articles/869863/ ∗∗∗ Researchers put together a list of vulnerabilities abused by Ransomware - Look for these immediately ∗∗∗ --------------------------------------------- LINK To make it easy, I pulled it and created a simple txt list you can use. These are the some of the initial access methods. --------------------------------------------- https://securitythreatnews.com/2021/09/20/researchers-put-together-a-list-o… ∗∗∗ McAfee Endpoint Security: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0991 ∗∗∗ Security Bulletin: IBM Aspera Webapps are vulnerable to cross-site scripting (CVE-2020-11022, CVE-2020-11023). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-webapps-are-vu… ∗∗∗ Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU – Apr 2021 + Oracle Apr 2021; Jul 2021 + Oracle 2021 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-tech-edition… ∗∗∗ Security Bulletin: Aspera Web Applications (Shares, Console) are affected by OpenSSL Vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-s… ∗∗∗ Security Bulletin: IBM Data Replication Java SDK Update ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-java… ∗∗∗ Security Bulletin: IBM Data Replication Java SDK Update ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-java… ∗∗∗ Security Bulletin: ISC DHCP for IBM i is affected by CVE-2021-25217 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-isc-dhcp-for-ibm-i-is-aff… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Data Replication Java SDK Update ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-java… ∗∗∗ Security Bulletin: IBM Cloud Pak for Data could allow a local user with special privileges to obtain highly sensitive information ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-data-co… ∗∗∗ Security Bulletin: IBM Aspera Webapps products (Shares, Console) are affected by OpenSSL Vulnerability (CVE-2021-3712) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-webapps-produc… ∗∗∗ Security Bulletin: IBM Aspera Webapps (Shares, Console) are vulnerable to an OpenSSL Vunerability (CVE-2020-7656). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-webapps-shares… ∗∗∗ Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU Apr 2021 + Oracle APR 2021; Jul 2021 + Oracle Jul 2021 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-tech-edition… ∗∗∗ Security Bulletin: Aspera Web Applications (Shares, Console) are affected by an OpenSSL Vulnerability (CVE-2020-1971) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-s… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Commons* affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities is affecting Tivoli Netcool/OMNIbus WebGUI ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.09.2021
by Daily end-of-shift report 17 Sep '21

17 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-09-2021 18:00 − Freitag 17-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ OMIGOD: Microsoft lässt Azure-Admins mit Linux-Lücke allein ∗∗∗ --------------------------------------------- Kritische Lücken in der Microsoft-Cloud ermöglichen Root-Angriffe auf Linux-VMs. Microsoft weist die Verantwortung für wichtige Updates allerdings von sich. --------------------------------------------- https://heise.de/-6194618 ∗∗∗ US-Heimatschutz warnt vor weitreichenden Angriffen über Zoho ADSelfService Plus ∗∗∗ --------------------------------------------- Über eine kritische Sicherheitslücke haben sich APT-Gruppen Zugang zu den Netzwerken mehrerer Organisationen verschafft. --------------------------------------------- https://heise.de/-6194780 ∗∗∗ Exploitation of the CVE-2021-40444 vulnerability in MSHTML ∗∗∗ --------------------------------------------- Last week, Microsoft reported the RCE vulnerability CVE-2021-40444 in the MSHTML browser engine. Kaspersky is aware of targeted attacks using this vulnerability, and our products protect against attacks leveraging it. --------------------------------------------- https://securelist.com/exploitation-of-the-cve-2021-40444-vulnerability-in-… ∗∗∗ Malicious Calendar Subscriptions Are Back?, (Fri, Sep 17th) ∗∗∗ --------------------------------------------- Did this threat really disappear? This isnt a brand new technique to deliver malicious content to mobile devices but it seems that attackers started new waves of spam campaigns based on malicious calendar subscriptions. --------------------------------------------- https://isc.sans.edu/diary/rss/27846 ∗∗∗ A Cheat-Sheet on Internet Cookies – (Who, What, When, Why & How) ∗∗∗ --------------------------------------------- What are internet cookies, how should you feel about them? Are they helpful, harmless, dangerous? Cookies are key to our modern online experience with targeted website ads and predictive search text that seems to read our minds. Cookies help us gain a customized online experience, but what do we lose? Are we being manipulated by our own data? --------------------------------------------- https://blog.sucuri.net/2021/09/a-cheat-sheet-on-internet-cookies-who-what-… ∗∗∗ AMD Chipset Driver Vulnerability Can Allow Hackers to Obtain Sensitive Data ∗∗∗ --------------------------------------------- Chipmaker AMD has patched a driver vulnerability that could allow an attacker to obtain sensitive information from the targeted system. --------------------------------------------- https://www.securityweek.com/amd-chipset-driver-vulnerability-can-allow-hac… ∗∗∗ DDoS botnets, cryptominers target Azure systems after OMIGOD exploit goes public ∗∗∗ --------------------------------------------- Threat actors are attacking Azure Linux-based servers using a recently disclosed security flaw named OMIGOD in order to hijack vulnerable systems into DDoS or crypto-mining botnets. --------------------------------------------- https://therecord.media/ddos-botnets-cryptominers-target-azure-systems-afte… ===================== = Vulnerabilities = ===================== ∗∗∗ Analysis of CVE-2021-30860 ∗∗∗ --------------------------------------------- In this guest blog post, the security researcher Tom McGuire details the flaw and fix of CVE-2021-30860, a zero-click vulnerability, exploited in the wild. --------------------------------------------- https://objective-see.com/blog/blog_0x67.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox and thunderbird), Fedora (haproxy, wordpress, and xen), openSUSE (apache2-mod_auth_openidc, fail2ban, ghostscript, haserl, libcroco, nextcloud, and wireshark), Oracle (kernel and kernel-container), Slackware (httpd), SUSE (crmsh, gtk-vnc, libcroco, Mesa, postgresql12, postgresql13, and transfig), and Ubuntu (libgcrypt20, linux-gcp, linux-gcp-4.15, linux-hwe-5.4, linux-oem-5.13, python3.4, python3.5, and qtbase-opensource-src). --------------------------------------------- https://lwn.net/Articles/869521/ ∗∗∗ Siemens RUGGEDCOM ROX ∗∗∗ --------------------------------------------- This advisory contains mitigations for Exposure of Sensitive Information to an Unauthorized Actor, Execution with Unnecessary Privileges, and Improper Handling of Insufficient Permissions or Privileges vulnerabilities in Siemens RUGGEDCOM ROX devices. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01 ∗∗∗ Schneider Electric EcoStruxure and SCADAPack ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Path Traversal vulnerability in Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect software designed for the x70 SCADAPack system. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-259-02 ∗∗∗ Siemens Teamcenter ∗∗∗ --------------------------------------------- This advisory contains mitigations for Privilege Defined with Unsafe Actions, Authorization Bypass Through User-Controlled Key, and Improper Restriction of XML External Entity Reference vulnerabilities in the Siemens Teamcenter virtualization platform. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-257-08 ∗∗∗ Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability in Node.js pac-resolver module affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability in Golang GO affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: IBM® Db2® could allow a local user to read and write specific files due to weak file permissions (CVE-2020-4976) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-a-loc… ∗∗∗ Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in IBM Http server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Security Bulletin: A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: September 2021 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-september-2021-multiple-v… ∗∗∗ Security Bulletin: A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-… ∗∗∗ Security Bulletin: September 2021 : A vulnerability in IBM Java Runtime affects CICS Transaction Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-september-2021-a-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily September 2021