Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - 04.10.2021
by Daily end-of-shift report 04 Oct '21

04 Oct '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-10-2021 18:00 − Montag 04-10-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Ransomware: Conti-Erpressergruppe verbittet sich Leaks ihrer Verhandlungs-Chats ∗∗∗ --------------------------------------------- Die Cyberkriminellen hinter der Conti-Ransomware drohen jedem Opfer mit Veröffentlichung seiner Daten, sollten Details über die Erpressung im Netz auftauchen. --------------------------------------------- https://heise.de/-6206790 ∗∗∗ Andoid-Banking-Trojaner Hydra hat es auf Commerzbank-Kunden abgesehen ∗∗∗ --------------------------------------------- Online-Kriminelle versuchen Kunden der Commerzbank abzuzocken. Damit es dazu kommt, müssen Opfer aber mitspielen. --------------------------------------------- https://heise.de/-6207752 ∗∗∗ SMS mit Link zu Fotoalbum verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Zahlreiche NutzerInnen berichten, dass sie SMS mit einem Link zu einem Fotoalbum erhalten. Angeblich wurden dort private Fotos hochgeladen. Achtung: Der Link führt zu Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/sms-mit-link-zu-fotoalbum-verbreitet… ∗∗∗ Webinar: Internetkriminalität - so schützen Sie sich! ∗∗∗ --------------------------------------------- Internetfallen & Betrugsmaschen werden immer ausgeklügelter. Umso wichtiger ist die Fähigkeit, Merkmale einer Betrugsmasche frühzeitig zu erkennen. In einem Webinar geben wir Ihnen einen Überblick über aktuelle Bedrohungen im Internet und zeigen Ihnen, wie Sie sich davor schützen können. --------------------------------------------- https://www.watchlist-internet.at/news/webinar-internetkriminalitaet-so-sch… ∗∗∗ Endpoint Security ist überall gefragt ∗∗∗ --------------------------------------------- Viele Endpunkte mögen auf den ersten Blick unwichtig erscheinen. Aber ungeschützte Systeme mit oder ohne Internetzugang sind ein Einfallstor für Hacker. Deshalb ist ein umfassendes Konzept für Endpoint Security für Unternehmen jeder Größe sehr wichtig. --------------------------------------------- https://www.zdnet.de/88397023/endpoint-security-ist-ueberall-gefragt/ ∗∗∗ New Atom Silo ransomware targets vulnerable Confluence servers ∗∗∗ --------------------------------------------- Atom Silo, a newly spotted ransomware group, is targeting a recently patched and actively exploited Confluence Server and Data Center vulnerability to deploy their ransomware payloads. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-atom-silo-ransomware-tar… ∗∗∗ Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts ∗∗∗ --------------------------------------------- The group uses millions of password combos at the rate of nearly 2,700 login attempts per second with new techniques that push the ATO envelope. --------------------------------------------- https://threatpost.com/proxy-phantom-fraud-ecommerce-accounts/175241/ ∗∗∗ PoC Exploit Released for macOS Gatekeeper Bypass ∗∗∗ --------------------------------------------- Rasmus Sten, a software engineer with F-Secure, has released proof-of-concept (PoC) exploit code for a macOS Gatekeeper bypass that Apple patched in April this year. The PoC exploit targets CVE-2021-1810, a vulnerability that can lead to the bypass of all three protections that Apple implemented against malicious file downloads, namely file quarantine, Gatekeeper, and notarization. --------------------------------------------- https://www.securityweek.com/poc-exploit-released-macos-gatekeeper-bypass ∗∗∗ Boutique "Dark" Botnet Hunting for Crumbs ∗∗∗ --------------------------------------------- [...] But aside from these more visible botnets, there are smaller, "Boutique" botnets. They go after less common vulnerabilities and pick systems that the major botnets find not lucrative enough to go after. Usually, only a few vulnerable devices are exposed. Taking the animal analogy a bit too far: These are like crustaceans on the ocean floor living off what the predators above discard. One such botnet is "Dark Bot". --------------------------------------------- https://isc.sans.edu/diary/rss/27898 ∗∗∗ Expired Lets Encrypt Root Certificate Causes Problems for Many Companies ∗∗∗ --------------------------------------------- A root certificate used by Let’s Encrypt expired on September 30 and, despite being notified a long time in advance, many companies experienced problems. read more --------------------------------------------- https://www.securityweek.com/expired-lets-encrypt-root-certificate-causes-p… ∗∗∗ BazarLoader and the Conti Leaks ∗∗∗ --------------------------------------------- In July, we observed an intrusion that started from a BazarLoader infection and lasted approximately three days. The threat actor’s main priority was to map the domain network, while [...] --------------------------------------------- https://thedfirreport.com/2021/10/04/bazarloader-and-the-conti-leaks/ ∗∗∗ Misconfigured Airflows Leak Thousands of Credentials from Popular Services ∗∗∗ --------------------------------------------- Apache Airflow is the #1 starred open-source workflows application on GitHub Workflow management platforms are an indispensable tool for automating business and IT tasks. These platforms make it easier to create, schedule and monitor workflows. They are typically hosted on the cloud to provide increased accessibility and scalability. On the flip side, misconfigured instances that allow [...] --------------------------------------------- https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-cre… ∗∗∗ Phish, Phished, Phisher: A Quick Peek Inside a Telegram Harvester ∗∗∗ --------------------------------------------- In one of the smaller campaigns we monitored last month (September 2021), the threat actor inadvertently exposed Telegram credentials to their harvester. This opportunity provided us some insight into their operations; a peek behind the curtains we wanted to share. --------------------------------------------- https://blog.nviso.eu/2021/10/04/phish-phished-phisher-a-quick-peek-inside-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache2, fig2dev, mediawiki, plib, and qemu), Fedora (chromium, curl, kernel, kernel-headers, kernel-tools, openssh, rust-addr2line, rust-backtrace, rust-cranelift-bforest, rust-cranelift-codegen, rust-cranelift-codegen-meta, rust-cranelift-codegen-shared, rust-cranelift-entity, rust-cranelift-frontend, rust-cranelift-native, rust-cranelift-wasm, rust-gimli, rust-object, rust-wasmparser, rust-wasmtime-cache, rust-wasmtime-environ, [...] --------------------------------------------- https://lwn.net/Articles/871841/ ∗∗∗ Shodan Verified Vulns 2021-10-01 ∗∗∗ --------------------------------------------- Mit 2021-10-01 sah die Schwachstellenlandschaft in Österreich laut Shodan wie folgt aus: Wie auch in den letzten Monaten dominieren TLS/SSL-Schwachstellen sowie Lücken in Microsofts Exchange Server das Bild. Während Server, die für die im März veröffentlichte und geschlossene "ProxyLogon" Exploit-Chain (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) anfällig sind, mittlerweile eher selten sind, scheinen die im April bzw. Mai [...] --------------------------------------------- https://cert.at/de/aktuelles/2021/10/shodan-verified-vulns-2021-10-01 ∗∗∗ Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series ∗∗∗ --------------------------------------------- BOSCH-SA-741752: The control systems series Rexroth IndraMotion MLC and IndraLogic XLC are affected by multiple vulnerabilities in the web server, which - in combination - ultimately enable an attacker to log in to the system. --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-741752.html ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Netty vulnerability CVE-2021-21295 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55834441 ∗∗∗ OpenSSL vulnerability CVE-2021-3712 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19559038 ∗∗∗ Red Enterprise Linux Advanced Virtualization: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1026 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.10.2021
by Daily end-of-shift report 01 Oct '21

01 Oct '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-09-2021 18:00 − Freitag 01-10-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Hydra malware targets customers of Germanys second largest bank ∗∗∗ --------------------------------------------- The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germanys second-largest financial institution. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hydra-malware-targets-custom… ∗∗∗ Flubot Android malware now spreads via fake security updates ∗∗∗ --------------------------------------------- The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections. --------------------------------------------- https://www.bleepingcomputer.com/news/security/flubot-android-malware-now-s… ∗∗∗ Hackers rob thousands of Coinbase customers using MFA flaw ∗∗∗ --------------------------------------------- Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the companys SMS multi-factor authentication security feature. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-rob-thousands-of-coi… ∗∗∗ New Tool to Add to Your LOLBAS List: cvtres.exe , (Fri, Oct 1st) ∗∗∗ --------------------------------------------- LOLBAS (“Living Off the Land Binaries And Scripts”) is a list of tools[1] that are present on any Windows system because they are provided by Microsoft as useful tools to perform system maintenance, updates, etc. This list is maintained and upgraded regularly. This is a good starting point when you need to investigate suspicious processes activity on a system (proactively or in forensics investigation). --------------------------------------------- https://isc.sans.edu/diary/27892 ∗∗∗ Introduction to ICS Security Part 3 ∗∗∗ --------------------------------------------- In part 3 of the Introduction to ICS blog series, Stephan Mathezer discusses Remote Access Connections into ICS, examines why they here to stay, and reviews the best practices for securing them. --------------------------------------------- https://www.sans.org/blog/introduction-to-ics-security-part-3/ ∗∗∗ Android Trojan GriftHorse, the gift horse you definitely should look in the mouth ∗∗∗ --------------------------------------------- The GriftHorse Android Trojan is a widespread campaign with millions of victims in over 70 countries. --------------------------------------------- https://blog.malwarebytes.com/android/2021/09/android-trojan-grifthorse-the… ∗∗∗ ESET Threat Report T2 2021 ∗∗∗ --------------------------------------------- Unsere Sicherheitsforscher analysieren die Cybersicherheitslage und die ESET-Telemetriedaten im zweiten Drittel des Jahres 2021. --------------------------------------------- https://www.welivesecurity.com/deutsch/2021/09/30/eset-threat-report-t2-202… ∗∗∗ Heute startet der Europäische Monat der Cyber-Sicherheit! ∗∗∗ --------------------------------------------- Wie jedes Jahr steht auch heuer der Oktober ganz im Zeichen der Cyber-Sicherheit. Auch Österreich nimmt wieder an der EU-weiten Kampagne „European Cyber Security Month“ (ESCM) teil. Ziel ist es, das Bewusstsein über die Risiken im Netz zu stärken und gezielt Informationen zur IT-Sicherheit zu verbreiten. --------------------------------------------- https://www.watchlist-internet.at/news/heute-startet-der-europaeische-monat… ∗∗∗ Credential Harvesting at Scale Without Malware ∗∗∗ --------------------------------------------- Email credential harvesting can lead to business email compromise and ransomware. Often, attackers simply ask for victims’ credentials. --------------------------------------------- https://unit42.paloaltonetworks.com/credential-harvesting/ ∗∗∗ Fortinet, Shopify and more report issues after root CA certificate from Lets Encrypt expires ∗∗∗ --------------------------------------------- Experts had been warning for weeks that there would be issues resulting from the expiration of root CA certificates provided by Lets Encrypt. --------------------------------------------- https://www.zdnet.com/article/fortinet-shopify-others-report-issues-after-r… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 11 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, krb5, openssl1.0, and taglib), Fedora (cifs-utils), SUSE (libqt5-qtbase and rubygem-activerecord-4_2), and Ubuntu (linux-raspi, linux-raspi-5.4 and linux-raspi2). --------------------------------------------- https://lwn.net/Articles/871564/ ∗∗∗ Google Patches Two More Exploited Zero-Day Vulnerabilities in Chrome ∗∗∗ --------------------------------------------- Google on Thursday announced the rollout of a Chrome update to address four security vulnerabilities, including two that are already being exploited in the wild. --------------------------------------------- https://www.securityweek.com/google-patches-two-more-exploited-zero-day-vul… ∗∗∗ Command Injection Vulnerability in QVR ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-38 ∗∗∗ Stored XSS Vulnerabilities in Photo Station ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-41 ∗∗∗ Stored XSS Vulnerability in Photo Station ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-42 ∗∗∗ Stored XSS Vulnerability in Image2PDF ∗∗∗ --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-43 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.09.2021
by Daily end-of-shift report 30 Sep '21

30 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-09-2021 18:00 − Donnerstag 30-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ RansomEXX ransomware Linux encryptor may damage victims files ∗∗∗ --------------------------------------------- Cybersecurity firm Profero has discovered that the RansomExx gang does not correctly lock Linux files during encryption, leading to potentially corrupted files. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomexx-ransomware-linux-e… ∗∗∗ Stop That Phish! ∗∗∗ --------------------------------------------- Although ransomware holds a significant mindshare in security, phishing continues to be an effective and efficient tool for threat actors. In this blog, Tim Helming walks through various anti-phishing tools and methods available to defenders. --------------------------------------------- https://www.domaintools.com/resources/blog/stop-that-phish ∗∗∗ An overview of malware hashing algorithms ∗∗∗ --------------------------------------------- VirusTotals "Basic Properties" tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as well as identification, description and detection. But why do so many of them exist and when should you use which hash function? --------------------------------------------- https://www.gdatasoftware.com/blog/2021/09/an-overview-of-malware-hashing-a… ∗∗∗ TLS-Zertifikate: Altes Lets-Encrypt-Root läuft ab ∗∗∗ --------------------------------------------- Bei Fehlkonfigurationen und alten Geräten können Zertifikatsfehler mit Lets Encrypt auftreten. --------------------------------------------- https://www.golem.de/news/tls-zertifikate-altes-let-s-encrypt-root-laeuft-a… ∗∗∗ GhostEmperor: From ProxyLogon to kernel mode ∗∗∗ --------------------------------------------- While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor. --------------------------------------------- https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/ ∗∗∗ What is Cryptocurrency Mining Malware? ∗∗∗ --------------------------------------------- Cryptocurrency mining malware is typically a stealthy malware that farms the resources on a system (computers, smartphones, and other electronic devices connected to the internet) to generate revenue for the cyber criminals controlling it. Instead of using video game consoles or graphics card farms, these particular cryptominers are using the computers and servers of the people around them for their processing power - without permission. --------------------------------------------- https://blog.sucuri.net/2021/09/what-is-cryptocurrency-mining-malware-2.html ∗∗∗ Apple-Pay-Funktion erlaubt angeblich Geldklau von gesperrten iPhones ∗∗∗ --------------------------------------------- Sicherheitsexperten haben die Express-ÖPNV-Funktion auf Herz und Nieren getestet und kommen zu dem Schluss, dass unerwünschte Visa-Zahlungen möglich sind. --------------------------------------------- https://heise.de/-6204960 ∗∗∗ Bericht: Android-Trojaner GriftHorse kassiert bei über 10 Millionen Opfern ab ∗∗∗ --------------------------------------------- Online-Kriminelle sollen mit Trojaner-Apps Abos abschließen und darüber hunderte Millionen Euro erbeutet haben, warnen Sicherheitsforscher. --------------------------------------------- https://heise.de/-6205272 ∗∗∗ A wolf in sheeps clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus ∗∗∗ --------------------------------------------- By Vitor Ventura and Arnaud Zobec. Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware. --------------------------------------------- https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html ∗∗∗ Telemetry Report Shows Patch Status of High-Profile Vulnerabilities ∗∗∗ --------------------------------------------- A record number of new security vulnerabilities (18,352) were reported in 2020. This year, the number is likely to be higher (13,002 by September 1). The problem with a zero-day vulnerability is that it remains a zero-day until it is patched by both the vendor and the user. --------------------------------------------- https://www.securityweek.com/telemetry-report-shows-patch-status-high-profi… ∗∗∗ The Ransomware Threat in 2021 ∗∗∗ --------------------------------------------- New research from Symantec finds that organizations face an unprecedented level of danger from targeted ransomware attacks as the number of adversaries multiply alongside an increased sophistication in tactics. --------------------------------------------- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ra… ∗∗∗ Facebook open-sources internal tool used to detect security bugs in Android apps ∗∗∗ --------------------------------------------- Facebook has open-sourced Mariana Trench, one of its internal security tools, used by its security teams for finding and fixing bugs in Android and Java applications. --------------------------------------------- https://therecord.media/facebook-open-sources-internal-tool-used-to-detect-… ∗∗∗ Ransomware attack disrupts hundreds of bookstores across France, Belgium, and the Netherlands ∗∗∗ --------------------------------------------- Hundreds of bookstores across France, Belgium, and the Netherlands have had their operations disrupted this week after a ransomware attack crippled the IT systems of TiteLive, a French company that operates a SaaS platform for book sales and inventory management. --------------------------------------------- https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-a… ∗∗∗ After the storm - how to move on with NTLM ∗∗∗ --------------------------------------------- I remember that, about 15 years ago, we already flagged the absence of SMB signing as a vulnerability in reports. Though at that time, we circled more around the theoretical risk of someone tampering SMB traffic due to the lack of integrity protection. None of us really had an idea how to make use of that vulnerability. The later obviously changed. --------------------------------------------- https://cyberstoph.org/posts/2021/09/after-the-storm-how-to-move-on-with-nt… ===================== = Vulnerabilities = ===================== ∗∗∗ Linkit - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-042 ∗∗∗ --------------------------------------------- Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field. It does not sufficiently sanitize user input. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit an entity bundle. --------------------------------------------- https://www.drupal.org/sa-contrib-2021-042 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libxstream-java, uwsgi, and weechat), Fedora (libspf2, libvirt, mingw-python3, mono-tools, python-flask-restx, and sharpziplib), Mageia (gstreamer, libgcrypt, libgd, mosquitto, php, python-pillow, qtwebengine5, and webkit2), openSUSE (postgresql12 and postgresql13), SUSE (haproxy, postgresql12, postgresql13, and rabbitmq-server), and Ubuntu (commons-io and linux-oem-5.13). --------------------------------------------- https://lwn.net/Articles/871424/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 12 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Boston Scientific Zoom Latitude ∗∗∗ --------------------------------------------- This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques, Improper Access Control, Missing Support for Integrity Check, and Reliance on Component That is Not Updateable vulnerabilities in the Boston Scientific Zoom Latitude programmer/recorder/monitor (PRM) 3120 model. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01 ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210929… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.09.2021
by Daily end-of-shift report 29 Sep '21

29 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-09-2021 18:00 − Mittwoch 29-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ NSA, CISA share VPN security tips to defend against hackers ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nsa-cisa-share-vpn-security-… ∗∗∗ Why Should I Care About HTTP Request Smuggling? ∗∗∗ --------------------------------------------- HTTP request smuggling is a growing vulnerability, but you can manage the risk with proper server configuration. --------------------------------------------- https://www.darkreading.com/edge-ask-the-experts/why-should-i-care-about-ht… ∗∗∗ DarkHalo after SolarWinds: the Tomiris connection ∗∗∗ --------------------------------------------- We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar. --------------------------------------------- https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104… ∗∗∗ Conti Ransomware Expands Ability to Blow Up Backups ∗∗∗ --------------------------------------------- The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software. --------------------------------------------- https://threatpost.com/conti-ransomware-backups/175114/ ∗∗∗ How nation-state attackers like NOBELIUM are changing cybersecurity ∗∗∗ --------------------------------------------- In the first of a four-part series on the NOBELIUM nation-state attack, we describe the attack and explain why enterprises should be cautious. --------------------------------------------- https://www.microsoft.com/security/blog/2021/09/28/how-nation-state-attacke… ∗∗∗ Serious Security: Let’s Encrypt gets ready to go it alone (in a good way!) ∗∗∗ --------------------------------------------- Lets Encrypt is set to become a mainstream, self-certifying web certificate authority - heres why it took so many years. --------------------------------------------- https://nakedsecurity.sophos.com/2021/09/28/serious-security-lets-encrypt-g… ∗∗∗ Keeping Track of Time: Network Time Protocol and a GPSD Bug, (Wed, Sep 29th) ∗∗∗ --------------------------------------------- The Network Time Protocol (NTP) has been critical in ensuring time is accurately kept for various systems businesses and organizations rely on. --------------------------------------------- https://isc.sans.edu/diary/rss/27886 ∗∗∗ Phone screenshots accidentally leaked online by stalkerware-type company ∗∗∗ --------------------------------------------- Stalkerware-type company pcTattleTale hasnt been very careful about securing the screenshots it sneakily takes from its victims phones. --------------------------------------------- https://blog.malwarebytes.com/stalkerware/2021/09/phone-screenshots-acciden… ∗∗∗ Betrügerische Mail im Namen der Volksbank unterwegs ∗∗∗ --------------------------------------------- Derzeit werden massenhaft betrügerische Phishing-Mails im Namen der Volksbank verschickt. Angeblich wurde eine „irrtümlich ausgeführte Überweisung“ gesperrt. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-mail-im-namen-der-vol… ∗∗∗ New GriftHorse malware has infected more than 10 million Android phones ∗∗∗ --------------------------------------------- Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis. --------------------------------------------- https://therecord.media/new-grifthorse-malware-has-infected-more-than-10-mi… ===================== = Vulnerabilities = ===================== ∗∗∗ AirTags als Echtwelt-Trojaner: Apple lässt XSS-Lücke über Monate offen ∗∗∗ --------------------------------------------- Ein weiterer Sicherheitsforscher hat wegen Verärgerung über Apples zugeknöpftes Bug-Bounty-Programm eine Zero-Day-Schwachstelle veröffentlicht. --------------------------------------------- https://heise.de/-6204364 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (iaito, libssh, radare2, and squashfs-tools), openSUSE (hivex, shibboleth-sp, and transfig), SUSE (python-urllib3 and shibboleth-sp), and Ubuntu (apache2, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, and linux-hwe-5.11, linux-azure, linux-azure-5.11, linux-oracle-5.11). --------------------------------------------- https://lwn.net/Articles/871227/ ∗∗∗ Security Bulletin: Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-bulletin-app-connect-prof… ∗∗∗ Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR + CVE-2021-29967) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affects App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2021-29834 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: IBM Kenexa LCMS Premier On Premise – CVE-2021-2341 (deferred from Oracle Jul 2021 CPU for Java 7.x) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-o… ∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Aspera Web Application (Console, Shares) are affected by jQuery vulnerability (cross-site scripting) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-application-co… ∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU – Jul 2021 – Includes Oracle Jul 2021 CPU (minus CVE-2021-2341) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise… ∗∗∗ Security Bulletin: IBM Kenexa LMS On Premise -CVE-2021-2341 (deferred from Oracle Jul 2021 CPU for Java 7.x) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise… ∗∗∗ F-Secure Internet Gatekeeper: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-1020 ∗∗∗ Elastic Stack Misconfiguration can lead to DDoS or Data Exfiltration ∗∗∗ --------------------------------------------- https://securitythreatnews.com/2021/09/29/elastic-stack-misconfiguration-ca… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.09.2021
by Daily end-of-shift report 28 Sep '21

28 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Montag 27-09-2021 18:00 − Dienstag 28-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor ∗∗∗ --------------------------------------------- In-depth analysis of newly detected NOBELIUM malware: a post-exploitation backdoor that Microsoft Threat Intelligence Center (MSTIC) refers to as FoggyWeb. NOBELIUM uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing certificate, and token-decryption certificate, as well as to download and execute additional components. --------------------------------------------- https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobeli… ∗∗∗ TLS 1.3 and SSL - the current state of affairs, (Tue, Sep 28th) ∗∗∗ --------------------------------------------- It has been over 3 years since the specification for TLS 1.3 was published, and although the protocol has some minor drawbacks, it is undoubtedly the most secure TLS version so far. One would therefore hope that the adoption of TLS 1.3 and its use on web servers around the globe would steadily increase over time (ideally hand in hand with a slow disappearance of older cryptographic protocols, especially the historic SSL 2.0 and SSL 3.0). --------------------------------------------- https://isc.sans.edu/diary/rss/27882 ∗∗∗ Securing mobile devices. A timely reminder ∗∗∗ --------------------------------------------- If you’re commuting again or if you’re responsible for securing your people’s devices it’s a good idea to revisit and review your security admin for mobile devices. This post isn’t breaking any new ground, but it is a good place to start that review process, and think about your security behaviours. --------------------------------------------- https://www.pentestpartners.com/security-blog/securing-mobile-devices-a-tim… ∗∗∗ Vorsicht, wenn die Wohnungsbesichtigung über booking.com abgewickelt werden sollte ∗∗∗ --------------------------------------------- Sie haben endlich Ihre Traumwohnung gefunden? Der einzige Haken: Sie sollten schon vor der Besichtigung eine Kaution bezahlen, die angeblich von booking.com verwaltet wird? Dann sind Sie auf ein betrügerisches Wohnungsinserat gestoßen. Zahlen Sie keinesfalls eine Kaution vor der Besichtigung. Diese Wohnung gibt es nicht und Sie verlieren Ihre geleistete Zahlung! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-wenn-die-wohnungsbesichtigu… ∗∗∗ Highlights From the Unit 42 Cloud Threat Report, 2H 2021 ∗∗∗ --------------------------------------------- In the Unit 42 Cloud Threat Report, 2H 2021, our researchers dive deep into the full scope of supply chain attacks in the cloud and explain often misunderstood details about how they occur. We also provide actionable recommendations any organization can adopt immediately to begin protecting their software supply chains in the cloud. --------------------------------------------- https://unit42.paloaltonetworks.com/cloud-threat-report-2h-2021/ ∗∗∗ Anatomy and Disruption of Metasploit Shellcode ∗∗∗ --------------------------------------------- In April 2021 we went through the anatomy of a Cobalt Strike stager and how some of its signature evasion techniques ended up being ineffective against detection technologies. In this blog post we will go one level deeper and focus on Metasploit, an often-used framework interoperable with Cobalt Strike. --------------------------------------------- https://blog.nviso.eu/2021/09/02/anatomy-and-disruption-of-metasploit-shell… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-21-1116: NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. CVE ID: CVE-2021-34947 --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1116/ ∗∗∗ SSA-728618: Multiple Vulnerabilities in Solid Edge before SE2021MP8 ∗∗∗ --------------------------------------------- Siemens has released a new version for Solid Edge that fixes multiple file parsing vulnerabilities which could be triggered when the application reads files in IFC, JT or OBJ formats. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-728618.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel), openSUSE (gd, grilo, nodejs14, and transfig), Oracle (nodejs:14 and squid), Red Hat (kernel and shim and fwupd), SUSE (apache2, atftp, gd, and python-Pillow), and Ubuntu (apache2, linux, linux-aws, linux-aws-5.11, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, and vim). --------------------------------------------- https://lwn.net/Articles/871096/ ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- D-LINK Router DIR-X1560 < 1.04B04, D-LINK Router DIR-X6060 < 1.02B01 Ein entfernter, anonymer Angreifer kann eine Schwachstelle in verschiedenen D-LINK Routern ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-1019 ∗∗∗ Security Bulletin: IBM Security SOAR is using a version of Elasticsearch that has known vulnerabilities (CVE-2021-22137, CVE-2021-22135) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-usin… ∗∗∗ Security Bulletin: PostgreSQL Vulnerability Affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2021-32029) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerability-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.09.2021
by Daily end-of-shift report 27 Sep '21

27 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-09-2021 18:00 − Montag 27-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Jetzt patchen! Exploit-Code für Chrome und Edge in Umlauf ∗∗∗ --------------------------------------------- Angriffe auf die Webbrowser Chrome und Edge könnten kurz bevor stehen. Reparierte Versionen stehen zum Download bereit. --------------------------------------------- https://heise.de/-6201629 ∗∗∗ He escaped the Dark Web’s biggest bust. Now he’s back ∗∗∗ --------------------------------------------- DeSnake apparently eluded the takedown of AlphaBay and now plans to resurrect it. --------------------------------------------- https://arstechnica.com/?p=1798352 ∗∗∗ BloodyStealer and gaming assets for sale ∗∗∗ --------------------------------------------- We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that ends up on the black market. --------------------------------------------- https://securelist.com/bloodystealer-and-gaming-assets-for-sale/104319/ ∗∗∗ Video: Strings Analysis: VBA & Excel4 Maldoc, (Sat, Sep 25th) ∗∗∗ --------------------------------------------- I did record a video for my diary entry "Strings Analysis: VBA & Excel4 Maldoc", showing how to use CyberChef to analyze a maldoc. --------------------------------------------- https://isc.sans.edu/diary/rss/27874 ∗∗∗ New Android Malware Steals Financial Data from 378 Banking and Wallet Apps ∗∗∗ --------------------------------------------- The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. "The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabrics CEO Cengiz Han Sahin said [...] --------------------------------------------- https://thehackernews.com/2021/09/new-android-malware-steals-financial.html ∗∗∗ New security feature in September 2021 Cumulative Update for Exchange Server ∗∗∗ --------------------------------------------- [...] As part of our continued work to help you protect your Exchange Servers, in the September 2021 Cumulative Update (CU) we have added a new feature called the Microsoft Exchange Emergency Mitigation service. This new service is not a replacement for installing Exchange Server Security Updates (SUs), but [...] --------------------------------------------- https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feat… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel, libxml-security-java, and openssl), Fedora (fetchmail and python-rsa), openSUSE (grafana-piechart-panel and opera), and Red Hat (nodejs:14). --------------------------------------------- https://lwn.net/Articles/870597/ ∗∗∗ Command Injection Vulnerabilities in QVR ∗∗∗ --------------------------------------------- Two command injection vulnerabilities have been reported to affect certain QNAP EOL devices running QVR. If exploited, these vulnerabilities allow remote attackers to run arbitrary commands. --------------------------------------------- https://www.qnap.com/en-us/security-advisory/QSA-21-35 ∗∗∗ GNU C Library (glibc) vulnerability CVE-2021-33574 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43700555 ∗∗∗ LibreSSL: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1014 ∗∗∗ GitHub Enterprise Server: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1015 ∗∗∗ OpenSSH: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1017 ∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php ∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access) ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php ∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php ∗∗∗ FatPipe Networks WARP 10.2.2 Authorization Bypass ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php ∗∗∗ FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php ∗∗∗ Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-3711 and CVE-2021-3712 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affe… ∗∗∗ Security Bulletin: CVE-2021-2341 may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2341-may-affect-… ∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-wo… ∗∗∗ Security Bulletin: Integrated application server and integrated web services for IBM i are affected by CVE-2021-35517 and CVE-2021-36090 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-integrated-application-se… ∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7774) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-j… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.09.2021
by Daily end-of-shift report 24 Sep '21

24 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-09-2021 18:00 − Freitag 24-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Sicherheitsupdates: Kritische Admin-Lücke mit Höchstwertung bedroht Cisco-Geräte ∗∗∗ --------------------------------------------- Der Netzwerkausrüster hat jede Menge Sicherheitslücken geschlossen. Erfolgreiche Attacken können gefährliche Auswirkungen haben. --------------------------------------------- https://heise.de/-6200359 ∗∗∗ Frustriert von Apple: Sicherheitsforscher veröffentlicht 0-Day-Lücken für iOS 15 ∗∗∗ --------------------------------------------- Der Konzern habe nur einen der Bugs still gestopft und nicht weiter reagiert, so der Sicherheitsforscher. Die Lücken geben Apps wohl Zugriff auf Nutzerdaten. --------------------------------------------- https://heise.de/-6200907 ∗∗∗ Malware devs trick Windows validation with malformed certs ∗∗∗ --------------------------------------------- Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malware-devs-trick-windows-v… ∗∗∗ TangleBot Malware Reaches Deep into Android Device Functions ∗∗∗ --------------------------------------------- The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others. --------------------------------------------- https://threatpost.com/tanglebot-malware-device-functions/174999/ ∗∗∗ Keep an Eye on Your Users Mobile Devices (Simple Inventory), (Fri, Sep 24th) ∗∗∗ --------------------------------------------- Today, smartphones are everywhere and became our best friends for many tasks. Probably your users already access their corporate mailbox via a mobile device. If it's not yet the case, you probably have many requests to implement this. They are two ways to achieve this: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/27868 ∗∗∗ Fake-Shop-Alarm: Kaufen Sie keine Fahrräder auf efahrrad-shop.com! ∗∗∗ --------------------------------------------- Der Online-Shop efahrrad-shop.com präsentiert sich auf seiner Webseite als „ausgezeichneter und zertifizierter Online Fahrradfachhandel“. Doch wer sich die Seite genauer anschaut, stößt auf zahlreiche Ungereimtheiten. So findet sich ein fehlerhaftes Impressum auf der Webseite und die angegebenen Preise liegen deutlich unter den üblichen Preisen. Alles Hinweise dafür, dass es sich um einen Fake-Shop handelt. --------------------------------------------- https://www.watchlist-internet.at/news/fake-shop-alarm-kaufen-sie-keine-fah… ∗∗∗ FamousSparrow: A suspicious hotel guest ∗∗∗ --------------------------------------------- Yet another APT group that exploited the ProxyLogon vulnerability in March 2021 --------------------------------------------- https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-gu… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-21-1112: Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1112/ ∗∗∗ SonicWall warns users to patch critical vulnerability “as soon as possible” ∗∗∗ --------------------------------------------- SonicWall is asking SMA 100 series customers to patch their appliances against a vulnerability that could give attackers administrator access. --------------------------------------------- https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwal… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mupdf), Fedora (ghostscript, gifsicle, and ntfs-3g), openSUSE (kernel and nodejs14), and SUSE (curl, ffmpeg, gd, hivex, kernel, nodejs14, python-reportlab, sqlite3, and xen). --------------------------------------------- https://lwn.net/Articles/870365/ ∗∗∗ Apple Releases Security Updates ∗∗∗ --------------------------------------------- Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. CISA encourages users and administrators to review the Apple security page for iOS 12.5.5 and Security Update 2021-006 Catalina and apply the necessary updates as soon as possible. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/apple-releases-se… ∗∗∗ BIG-IP APM XSS vulnerability CVE-2021-23054 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41997459 ∗∗∗ Trend Micro ServerProtect: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1010 ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Public disclosed vulnerability from OpenSSL affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerab… ∗∗∗ Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-i… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.09.2021
by Daily end-of-shift report 23 Sep '21

23 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-09-2021 18:00 − Donnerstag 23-09-2021 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers are scanning for VMware CVE-2021-22005 targets, patch now! ∗∗∗ --------------------------------------------- Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-are-scanning-for-vmw… ∗∗∗ How REvil May Have Ripped Off Its Own Affiliates ∗∗∗ --------------------------------------------- A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments. --------------------------------------------- https://threatpost.com/how-revil-may-have-ripped-off-its-own-affiliates/174… ∗∗∗ Excel Recipe: Some VBA Code with a Touch of Excel4 Macro, (Thu, Sep 23rd) ∗∗∗ --------------------------------------------- Microsoft Excel supports two types of macros. The legacy format is known as “Excel4 macro” and the new (but already used for a while) is based on VBA. We already cover both formats in many diaries. Yesterday, I spotted an interesting sample that implements… both! --------------------------------------------- https://isc.sans.edu/diary/rss/27864 ∗∗∗ iOS 15 und macOS 12: Alte TLS-Versionen haben ausgedient ∗∗∗ --------------------------------------------- Apple will TLS 1.0 und 1.1 bald nicht mehr unterstützen. In iOS 15 & Co gelten die alten Versionen des Verschlüsselungsprotokolls bereits als abgekündigt. --------------------------------------------- https://heise.de/-6199902 ∗∗∗ BulletProofLink: Wo der ganze Phishing-Spam herkommt ∗∗∗ --------------------------------------------- Microsoft beschreibt im Detail, wie auch absolute Neulinge ohne Vorkenntnisse spielend leicht ins Geschäft mit geklauten Zugangsdaten einsteigen können. --------------------------------------------- https://heise.de/-6199720 ∗∗∗ Cyber Threats to Global Electric Sector on the Rise ∗∗∗ --------------------------------------------- The number of cyber intrusions and attacks targeting the Electric sector is increasing and in 2020 Dragos identified three new Activity Groups (AGs) targeting the Electric Sector: [...] --------------------------------------------- https://www.dragos.com/blog/industry-news/cyber-threats-to-global-electric-… ∗∗∗ Plugging the holes: How to prevent corporate data leaks in the cloud ∗∗∗ --------------------------------------------- Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration conundrums. --------------------------------------------- https://www.welivesecurity.com/2021/09/22/plugging-holes-how-prevent-corpor… ∗∗∗ Rückblick auf das zweite Drittel 2021 ∗∗∗ --------------------------------------------- Das zweite Drittel 2021 ist vorbei und wie auch das erste gab es viel zu tun. Microsofts Exchange Server war diesmal nicht die einzige Mailserver-Software, in der kritische Lücken gefunden wurden; exim reihte sich mit gleich 21 Schwachsstellen in die Liste ein. Außerdem ging ab Juni wieder eine DDoS-Erpressungswelle um. --------------------------------------------- https://cert.at/de/blog/2021/9/ruckblick-auf-das-zweite-drittel-2021 ∗∗∗ CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware ∗∗∗ --------------------------------------------- CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/09/22/cisa-fbi-and-nsa-… ∗∗∗ CISA Releases Guidance: IPv6 Considerations for TIC 3.0 ∗∗∗ --------------------------------------------- The federal government has prioritized the transition of federal networks to Internet Protocol version 6 (IPv6) since the release of Office of Management and Budget (OMB) Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07. That memorandum specifically entrusts CISA with enhancing the Trusted Internet Connections (TIC) program to fully support the implementation of IPv6 in federal IT systems. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/cisa-releases-gui… ∗∗∗ Securing Microservices ∗∗∗ --------------------------------------------- Do you remember how it felt to get your first email account? Not only were you able to communicate with multiple people in a fast and efficient manner, it also gave you an online identity you could use to access a wide range of services. As time progressed, though, you became increasingly aware of email’s […] --------------------------------------------- https://www.intezer.com/blog/cloud-security/securing-microservices/ ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal Security Advisories ∗∗∗ --------------------------------------------- Drupal hat 12 Security Advisories zu "Contributed projects", d.h. Software, die nicht vom Drupal-Team selbst entwickelt wird, veröffentlicht. Vier davon werden als "Critical" eingestuft. --------------------------------------------- https://www.drupal.org/security/contrib ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBMs PSIRT hat 26 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco hat 31 Security Advisories veröffentlicht. Drei davon werden als "Critical" eingestuft, 13 als "High". --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&first… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ruby-kaminari and tomcat8), Mageia (389-ds-base, ansible, apache, apr, cpio, curl, firefox, ghostscript, gifsicle, gpac, libarchive, libgd, libssh, lynx, nextcloud-client, openssl, postgresql, proftpd, python3, thunderbird, tor, and vim), openSUSE (chromium, ffmpeg, grilo, hivex, linuxptp, and samba), Oracle (go-toolset:ol8, kernel, kernel-container, krb5, mysql:8.0, and nodejs:12), SUSE (ffmpeg, firefox, grilo, hivex, kernel, linuxptp, nodejs14, and --------------------------------------------- https://lwn.net/Articles/870190/ ∗∗∗ Trane Symbio ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Code Injection vulnerability in Trane Symbio 700 and Symbio 800 controllers. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01 ∗∗∗ Trane Tracer ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Code Injection vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge building automation products. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.09.2021
by Daily end-of-shift report 22 Sep '21

22 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-09-2021 18:00 − Mittwoch 22-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Apple users warned: Clicking this attachment will take over your macOS ∗∗∗ --------------------------------------------- A code execution bug in Apple's macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn't fully patched it yet, as tested by Ars. --------------------------------------------- https://arstechnica.com/?p=1797268 ∗∗∗ Datenanalyse: Steigende Zahl automatisierter Cyberangriffe ∗∗∗ --------------------------------------------- Automatisierung ist seit Jahren ein wichtiges Thema. Auch Online-Kriminelle haben laut eine Analyse die Vorteile für sich entdeckt. Kriminelle Hacker setzen nach einer neuen Datenanalyse bei Cyberangriffen immer häufiger auf automatisierte Massenattacken. Seltener werden dagegen gezielte Angriffe, bei denen Hacker noch persönlich am Computer sitzen... --------------------------------------------- https://heise.de/-6198205 ∗∗∗ Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners ∗∗∗ --------------------------------------------- We strongly recommend updating immediately to the latest patched version of Ninja Forms to patch these security issues, which is version 3.5.8.2 of Ninja Forms at the time of this publication. --------------------------------------------- https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-… ∗∗∗ Bei diesen Investitionsplattformen verlieren Sie Ihr Geld ∗∗∗ --------------------------------------------- Im Internet findet man unzählige Möglichkeiten, Geld einfach und unkompliziert zu investieren. Auf Trading-Plattformen wie infinitycapitalg.com, suntonfx.com oder windsorglobalaustria.com werden hohe Gewinnchancen, auch ohne großes Finanzwissen versprochen. Klingt zwar sehr verlockend, führt in Wahrheit aber zu sehr hohen Verlusten! Unser Tipp: Checken Sie die Investorenwarnungen der Finanzmarktaufsicht. --------------------------------------------- https://www.watchlist-internet.at/news/bei-diesen-investitionsplattformen-v… ∗∗∗ Microsoft Exchange Autodiscover-Designfehler ermöglicht Abgriff von Zugangsdaten ∗∗∗ --------------------------------------------- Sicherheitsforscher von Guardicore sind in Microsoft Exchange auf einen Designfehler gestoßen, der es Angreifern ermöglicht, über externe Autodiscover-Domains die Anmeldedaten von Domains abzugreifen. Möglich wird dies, weil sich Autodiscover-Domains außerhalb der Domäne des Nutzers (aber noch in derselben TLD) missbrauchen lassen. --------------------------------------------- https://www.borncity.com/blog/2021/09/22/microsoft-exchange-autodiscover-de… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-21-1104: McAfee Endpoint Security Incorrect Permission Assignment Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Endpoint Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1104/ ∗∗∗ Patch now! Insecure Hikvision security cameras can be taken over remotely ∗∗∗ --------------------------------------------- The vulnerability found by Watchfull_IP is listed under CVE-2021-36260 and could allow an unauthenticated attacker to gain full access to the device and possibly perform lateral movement into internal networks.. --------------------------------------------- https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-no… ∗∗∗ September 22, 2021 TNS-2021-16 [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1 ∗∗∗ --------------------------------------------- One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable opted to upgrade the bundled OpenSSL components to address the potential impact of these issues. Tenable.sc patch SC-202109.1 updates OpenSSL to version 1.1.1l to address the identified vulnerabilities. --------------------------------------------- http://www.tenable.com/security/tns-2021-16 ∗∗∗ VMSA-2021-0020 ∗∗∗ --------------------------------------------- Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. CVSSv3 Range: 4.3-9.8 CVE(s): CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22016, CVE-2021-22017, CVE-2021-22018, CVE-2021-22019, CVE-2021-22020 --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2021-0020.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (grilo), Fedora (curl, firefox, mingw-python-pillow, python-pillow, python2-pillow, and webkit2gtk3), openSUSE (chromium, grafana-piechart-panel, kernel, libcroco, php-composer, and xen), Oracle (curl, kernel, and nss and nspr), Red Hat (nodejs:12), Slackware (alpine), SUSE (ghostscript, grafana-piechart-panel, kernel, and xen), and Ubuntu (linux, linux-hwe, linux-hwe-5.11, linux-hwe-5.4, linux-raspi, linux-raspi-5.4, and linux-raspi2). --------------------------------------------- https://lwn.net/Articles/870002/ ∗∗∗ Apple iTunes: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Ein entfernter Angreifer kann mehrere Schwachstellen in Apple iTunes ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0997 ∗∗∗ Apple Safari: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- Ein entfernter Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0996 ∗∗∗ Apple macOS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, Informationen offenzulegen, seine Privilegien zu erhöhen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0994 ∗∗∗ Apple macOS: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apple macOS ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-1000 ∗∗∗ Security Advisory - Server-Side Request Forgery Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-… ∗∗∗ Security Advisory - Improper File Upload Control Vulnerability in Huawei FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-… ∗∗∗ Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-… ∗∗∗ Security Bulletin: IBM® Java™ SDK Technology Edition affects IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA) (CVE-2020-14781,CVE-2020-14782) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-technology-e… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM QRadar Azure marketplace images include Open Management Infrastructure RPM, which is vulnerable to Remote Code Execution (CVE-2021-38647) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-azure-marketpl… ∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29800) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-mana… ∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities (CVE-2021-3538, CVE-2021-33502, CVE-2021-3450, CVE-2021-3449) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-ins… ∗∗∗ Security Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-… ∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulner… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2021-3712) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclose… ∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise v11, v12 (CVE-2020-7608) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-j… ∗∗∗ Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnera… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.09.2021
by Daily end-of-shift report 21 Sep '21

21 Sep '21

===================== = End-of-Day report = ===================== Timeframe: Montag 20-09-2021 18:00 − Dienstag 21-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ A guide to combatting human-operated ransomware: Part 1 ∗∗∗ --------------------------------------------- As human-operated ransomware is on the rise, Microsoft’s Detection and Response Team (DART) shares how they investigate these attacks and what to consider when faced with a similar event in your organization. --------------------------------------------- https://www.microsoft.com/security/blog/2021/09/20/a-guide-to-combatting-hu… ∗∗∗ Mama Always Told Me Not to Trust Strangers without Certificates (Moar Netgear Pwnage) ∗∗∗ --------------------------------------------- This blog post details a vulnerability, the exploitation of which results in Remote Code Execution (RCE) as root, that impacts many modern Netgear Small Offices/Home Offices (SOHO) devices. The vulnerability isn’t your typical router vulnerability, in that the source of the vulnerability is located within a third-party component included in the firmware of many Netgear devices. This code is part of Circle, which adds parental control features to these devices. --------------------------------------------- https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html ∗∗∗ Does Your Organization Have a Security.txt File? ∗∗∗ --------------------------------------------- It happens all the time: Organizations get hacked because there isnt an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isnt entirely clear who should get the report when remote access to an organizations internal network is being sold in the cybercrime underground. In a bid to minimize these scenarios, a growing number of major companies are adopting "Security.txt," a proposed new Internet standard... --------------------------------------------- https://krebsonsecurity.com/2021/09/does-your-organization-have-a-security-… ∗∗∗ TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines ∗∗∗ --------------------------------------------- Cisco Talos found a previously undiscovered backdoor from the Turla APT that we are seeing in the wild. This simple backdoor is likely used as a second-chance backdoor to maintain access to the system, even if the primary malware is removed. It could also be used as a second-stage dropper to infect the system with additional malware. --------------------------------------------- https://blog.talosintelligence.com/2021/09/tinyturla.html ∗∗∗ OpenOffice Vulnerability Exposes Users to Code Execution Attacks ∗∗∗ --------------------------------------------- A buffer overflow vulnerability in Apache OpenOffice could be exploited to execute arbitrary code on target machines using malicious documents. Tracked as CVE-2021-33035 and discovered by security researcher Eugene Lim, the bug affects OpenOffice versions up to 4.1.10, with patches deployed in the 4.1.11 beta only, meaning that most installations out there are likely vulnerable. --------------------------------------------- https://www.securityweek.com/openoffice-vulnerability-exposes-users-code-ex… ∗∗∗ Vorsicht beim Welpen-Kauf im Internet! ∗∗∗ --------------------------------------------- Wollen Sie online einen Hundewelpen kaufen? Wenn ja, dann stoßen Sie möglicherweise auf unseriöse Angebote. Der Watchlist Internet werden derzeit zahlreiche Seiten gemeldet, die angeben Rasse-Hundewelpen zu verkaufen und das meist zu einem günstigen Preis. Nicht nur die Preise, sondern auch liebevolle Fotos und Beschreibungen verlocken dazu, einen Kauf zu tätigen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-beim-welpen-kauf-im-interne… ∗∗∗ Russian security firm sinkholes part of the dangerous Meris DDoS botnet ∗∗∗ --------------------------------------------- Rostelecom-Solar, the cybersecurity division of Russian telecom giant Rostelecom, said on Monday that it sinkholed a part of the Meris DDoS botnet after identifying a mistake from the malwares creators. --------------------------------------------- https://therecord.media/russian-security-firm-sinkholes-part-of-the-dangero… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 21 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (webkit2gtk, wpewebkit, and xen), Oracle (kernel), Red Hat (curl, go-toolset:rhel8, krb5, mysql:8.0, nodejs:12, and nss and nspr), and Ubuntu (curl and tiff). --------------------------------------------- https://lwn.net/Articles/869923/ ∗∗∗ Apple iOS & iPadOS: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- iOS 15 und iPadOS 15 sowie iOS 14.8 und iPadOS 14.8 veröffentlicht. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0993 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily