Daily September 2021

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - 02.09.2021
by Daily end-of-shift report 02 Sep '21

02 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 01-09-2021 18:00 − Donnerstag 02-09-2021 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ How to block Windows Plug-and-Play auto-installing insecure apps ∗∗∗ --------------------------------------------- A trick has been discovered that prevents your device from being taken over by vulnerable Windows applications when devices are plugged into your computer. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/how-to-block-windows-plug-a… ∗∗∗ Team Cymru’s Threat Hunting Maturity Model Explained ∗∗∗ --------------------------------------------- In this four-part series, we’ll be looking at Team Cymru’s Threat Hunting Maturity Model. --------------------------------------------- https://team-cymru.com/blog/2021/09/02/team-cymrus-threat-hunting-maturity-… ∗∗∗ QakBot technical analysis ∗∗∗ --------------------------------------------- This report contains technical analysis of the Trojan-Banker named QakBot (aka QBot, QuackBot or Pinkslipbot) and its information stealing, web injection and other modules. --------------------------------------------- https://securelist.com/qakbot-technical-analysis/103931/ ∗∗∗ Analysis of a Phishing Kit (that targets Chase Bank) ∗∗∗ --------------------------------------------- Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by attackers. --------------------------------------------- https://blog.sucuri.net/2021/09/analysis-of-a-phishing-kit-that-targets-cha… ∗∗∗ Too Log; Didnt Read — Unknown Actor Using CLFS Log Files for Stealth ∗∗∗ --------------------------------------------- The Mandiant Advanced Practices team recently discovered a new malware family we have named PRIVATELOG and its installer, STASHLOG. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clf… ∗∗∗ Google Play sign-ins can be abused to track another person’s movements ∗∗∗ --------------------------------------------- We tried to help somebody install an app on an Android phone and stumbled on a way to track them instead. --------------------------------------------- https://blog.malwarebytes.com/awareness/2021/09/google-play-sign-ins-can-be… ∗∗∗ Translated: Talos insights from the recently leaked Conti ransomware playbook ∗∗∗ --------------------------------------------- Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti. --------------------------------------------- https://blog.talosintelligence.com/2021/09/Conti-leak-translation.html ∗∗∗ Vorsicht vor fit4fun-arena.de – zu günstig um wahr zu sein ∗∗∗ --------------------------------------------- Der Fake-Shop fit4fun-arena.de bietet unglaublich günstige Fahrräder und weitere Fitnessartikel an. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-fit4fun-arenade-zu-guen… ===================== = Vulnerabilities = ===================== ∗∗∗ Dateimanager Midnight Commander seit neun Jahren angreifbar ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für Midnight Commander. --------------------------------------------- https://heise.de/-6180301 ∗∗∗ Braktooth: Neue Bluetooth-Lücken bedrohen unzählige Geräte ∗∗∗ --------------------------------------------- Sicherheitsforscher haben mehrere Bluetooth-Schwachstellen entdeckt. Nicht alle Hersteller planen, Patches zu veröffentlichen. --------------------------------------------- https://heise.de/-6180540 ∗∗∗ Cisco beseitigt kritische Lücke aus Enterprise NFV Infrastructure Software ∗∗∗ --------------------------------------------- Jetzt updaten: Die Enterprise NFV Infrastructure Software (NFVIS) kann je nach Konfiguration aus der Ferne angreifbar sein. Aktualisierungen stehen bereit. --------------------------------------------- https://heise.de/-6180655 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (ffmpeg and gstreamer-plugins-good), SUSE (apache2, apache2-mod_auth_mellon, ffmpeg, gstreamer-plugins-good, libesmtp, openexr, rubygem-puma, xen, and xerces-c), and Ubuntu (openssl). --------------------------------------------- https://lwn.net/Articles/868155/ ∗∗∗ Recently Patched Confluence Vulnerability Exploited in the Wild ∗∗∗ --------------------------------------------- Hackers started exploiting a vulnerability in Atlassian’s Confluence enterprise collaboration product just one week after the availability of a patch was announced. --------------------------------------------- https://www.securityweek.com/recently-patched-confluence-vulnerability-expl… ∗∗∗ Cisco Nexus Insights Authenticated Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Johnson Controls Sensormatic Electronics Illustra ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-245-01 ∗∗∗ JTEKT TOYOPUC TCC-6353 PC10G-CPU ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-245-02 ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.09.2021
by Daily end-of-shift report 01 Sep '21

01 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 31-08-2021 18:00 − Mittwoch 01-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Kritische Root-Sicherheitslücke in Netzwerk-Videorekorder von Annke entdeckt ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für den Netzwerk-Videorekorder N48PBB von Annke. --------------------------------------------- https://heise.de/-6179374 ∗∗∗ Energiemanagementsystem DIAEnergie weist kritische Lücken auf ∗∗∗ --------------------------------------------- Wichtige Sicherheitsupdates für das industrielle Energiemanagementsystem DIAEnergie sind in Arbeit. Die US-Behörde CISA rät zwischenzeitlich zu Schutzmaßnahmen. --------------------------------------------- https://heise.de/-6179591 ∗∗∗ SMS: Vorsicht vor gefälschter Sendungsverfolgung ∗∗∗ --------------------------------------------- Kriminelle versenden momentan per SMS gefälschte Paketinformationen zu einer Bestellung. In der Nachricht heißt es, dass Ihr Paket nicht zugestellt werden konnte oder eine Sendungsverfolgung nun möglich ist. Sie werden aufgefordert, auf einen Link zu klicken. Achtung: Der Link führt in eine Internetfalle. --------------------------------------------- https://www.watchlist-internet.at/news/sms-vorsicht-vor-gefaelschter-sendun… ∗∗∗ STRRAT: a Java-based RAT that doesnt care if you have Java, (Wed, Sep 1st) ∗∗∗ --------------------------------------------- STRRAT was discovered earlier this year as a Java-based Remote Access Tool (RAT) that does not require a preinstalled Java Runtime Environment (JRE). It has been distributed through malicious spam (malspam) during 2021. Today's diary reviews an infection generated using an Excel spreadsheet discovered on Monday, 2021-08-30. --------------------------------------------- https://isc.sans.edu/diary/rss/27798 ∗∗∗ This is why the Mozi botnet will linger on ∗∗∗ --------------------------------------------- The botnet continues to haunt IoT devices, and likely will for some time to come. --------------------------------------------- https://www.zdnet.com/article/this-is-why-the-mozi-botnet-will-linger-on/ ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 52 Security Bulletins zu diversen Schwachstellen veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/2021/08/ ∗∗∗ Mehrere Schwachstellen in Moxa Netzwerkgeräten ∗∗∗ --------------------------------------------- Mehrere Geräte, entwickelt von MOXA Inc., sind anfällig auf verschiedene Schwachstellen wie Command Injection und Cross-Site Scripting in der Config-Upload Funktion. Des weiteren wurde veraltete Software identifiziert und eine Stichprobe (CVE-2015-0235) davon wurde auch mithilfe eines öffentlichen exploits getestet. Alle Schwachstellen wurden durch Emulation des Gerätes mit der MEDUSA scalable firmware runtime verifiziert. --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/mehrere-schwachstelle… ∗∗∗ Over 1 Million Sites Affected by Gutenberg Template Library & Redux Framework Vulnerabilities ∗∗∗ --------------------------------------------- On August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed on over 1 million WordPress sites. One vulnerability allowed users with lower permissions, such as contributors, to install and activate arbitrary plugins and delete any [...] --------------------------------------------- https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-red… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind, GNOME, hivex, kernel, and sssd), Debian (gpac and squashfs-tools), Fedora (c-ares and openssl), openSUSE (dovecot23), Oracle (bind, hivex, kernel, and sssd), Red Hat (kernel), Scientific Linux (bind, hivex, kernel, libsndfile, libX11, and sssd), Slackware (ntfs), SUSE (dovecot23), and Ubuntu (ntfs-3g). --------------------------------------------- https://lwn.net/Articles/868015/ ∗∗∗ Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack ∗∗∗ --------------------------------------------- A serious vulnerability affecting the Linphone Session Initiation Protocol (SIP) client suite can allow malicious actors to remotely crash applications, industrial cybersecurity firm Claroty warned on Tuesday. read more --------------------------------------------- https://www.securityweek.com/vulnerability-allows-remote-dos-attacks-agains… ∗∗∗ Sensormatic Electronics KT-1 ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Use of Unmaintained Third-party Components vulnerability in Sensormatic Electronics KT-1 Ethernet-ready single-door controller. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-243-01 ∗∗∗ Philips Patient Monitoring Devices (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSMA-20-254-01 Philips Patient Monitoring Devices that was published September 10, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate Revocation, Improper Handling of Length Parameter Inconsistency, Improper Validation of Syntactic Correctness of Input, [...] --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 ∗∗∗ Node.js: Mehrere Schwachstellen ermöglichen Manipulation von Dateien ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0932 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily September 2021