Daily

daily@lists.cert.at

1 participants
3150 discussions

Tageszusammenfassung - 10.11.2021
by Daily end-of-shift report 10 Nov '21

10 Nov '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-11-2021 18:00 − Mittwoch 10-11-2021 18:00 Handler: Stephan Richter Co-Handler: Wolfgang Menezes ===================== = News = ===================== ∗∗∗ Researcher Details Vulnerabilities Found in AWS API Gateway ∗∗∗ --------------------------------------------- AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them. --------------------------------------------- https://www.darkreading.com/vulnerabilities-threats/researcher-details-vuln… ∗∗∗ Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog ∗∗∗ --------------------------------------------- Using static and dynamic techniques, Claroty’s Team82 and JFrog discovered 14 vulnerabilities affecting the latest version of BusyBox. All vulnerabilities were privately disclosed and fixed by BusyBox in version 1.34.0. --------------------------------------------- https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by… ∗∗∗ Patchday: Microsoft warnt vor Attacken auf Excel und Exchange ∗∗∗ --------------------------------------------- Abermals haben es Angreifer Exchange Server abgesehen. Außerdem gibt es wichtige Sicherheitsupdates für Azure, Office, Windows & Co. --------------------------------------------- https://heise.de/-6263036 ∗∗∗ Patchday: SAP schließt kritische Sicherheitslücke ∗∗∗ --------------------------------------------- Am Patch-Tuesday hat auch SAP Aktualisierungen für seine Produkte veröffentlicht. Ein Fix behandelt eine kritische Lücke im ABAP Platform Kernel. --------------------------------------------- https://heise.de/-6263099 ∗∗∗ Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton ∗∗∗ --------------------------------------------- Today, we’re disclosing another 10 vulnerabilities in Azure Sphere — two of which are on the Linux side, seven that exist in Security Monitor and one in the Pluton security subsystem. --------------------------------------------- https://blog.talosintelligence.com/2021/11/cisco-talos-finds-10-vulnerabili… ∗∗∗ Achtung: Momentan kursieren zahlreiche E-Mails mit Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden momentan gefälschte E-Mails im Namen von Electrolux, Weitzer Parkett Vertriebs GmbH und der TU Wien. Wer ein komisches E-Mail mit der Aufforderung einen Anhang zu öffnen erhält, sollte besonders vorsichtig sein. Im Anhang befindet sich Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-momentan-kursieren-zahlreich… ===================== = Vulnerabilities = ===================== ∗∗∗ AMD Server Vulnerabilities – November 2021 ∗∗∗ --------------------------------------------- During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC™ AGESA™ PI packages. --------------------------------------------- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- Cloud Pak for Multicloud Management Infrastructure Management, Cloud Pak for Multicloud Management Managed Services, Rational Business Developer, InfoSphere Information Server --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Open Design Alliance (ODA) Security Advisories ∗∗∗ --------------------------------------------- ODA PRC SDK, Drawings SDK, ODA Viewer --------------------------------------------- https://www.opendesign.com/security-advisories ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openjdk-8 and samba), Fedora (community-mysql, firefox, and vim), openSUSE (binutils, kernel, and tinyxml), Red Hat (annobin, autotrace, babel, bind, binutils, bluez, compat-exiv2-026, container-tools:2.0, container-tools:3.0, container-tools:rhel8, cups, curl, dnf, dnsmasq, edk2, exiv2, file, file-roller, firefox, gcc, gcc-toolset-10-annobin, gcc-toolset-10-binutils, gcc-toolset-10-gcc, gcc-toolset-11-annobin, gcc-toolset-11-binutils,[...] --------------------------------------------- https://lwn.net/Articles/875708/ ∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/11/09/adobe-releases-se… ∗∗∗ BSRT-2021-003 Vulnerabilities Impact BlackBerry Protect for Windows ∗∗∗ --------------------------------------------- https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumbe… ∗∗∗ ZDI-21-1302: Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1302/ ∗∗∗ ZDI-21-1301: Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1301/ ∗∗∗ ZDI-21-1300: Ivanti Avalanche User Management Improper Authentication Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1300/ ∗∗∗ ZDI-21-1299: Ivanti Avalanche Filestore Management Arbitrary File Upload Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1299/ ∗∗∗ ZDI-21-1298: Ivanti Avalanche JNLP File Improper Access Control Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1298/ ∗∗∗ Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571) ∗∗∗ --------------------------------------------- https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signa… ∗∗∗ INTEL-SA-00481 ∗∗∗ --------------------------------------------- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0… ∗∗∗ INTEL-SA-00560 ∗∗∗ --------------------------------------------- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0… ∗∗∗ INTEL-SA-00568 ∗∗∗ --------------------------------------------- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0… ∗∗∗ INTEL-SA-00569 ∗∗∗ --------------------------------------------- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0… ∗∗∗ INTEL-SA-00567 ∗∗∗ --------------------------------------------- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0… ∗∗∗ VMSA-2021-0025 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2021-0025.html ∗∗∗ Samba 4.15.2, 4.14.10, 4.13.14 security releases available ∗∗∗ --------------------------------------------- https://lwn.net/Articles/875565/ ∗∗∗ Philips MRI 1.5T and 3T ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01 ∗∗∗ OSIsoft PI Vision ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-313-05 ∗∗∗ OSIsoft PI Web API ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-313-06 ∗∗∗ NVIDIA GPU Display Driver Advisory - October 2021 ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500449-NVIDIA-GPU-DISPLAY-DRIV… ∗∗∗ NetApp Clustered Data ONTAP Vulnerabilities ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500448-NETAPP-CLUSTERED-DATA-O… ∗∗∗ Realtek Driver Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500447-REALTEK-DRIVER-PRIVILEG… ∗∗∗ Multi-vendor BIOS Security Vulnerabilities (November 2021) ∗∗∗ --------------------------------------------- http://support.lenovo.com/product_security/PS500446-MULTI-VENDOR-BIOS-SECUR… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.11.2021
by Daily end-of-shift report 09 Nov '21

09 Nov '21

===================== = End-of-Day report = ===================== Timeframe: Montag 08-11-2021 18:00 − Dienstag 09-11-2021 18:00 Handler: Dimitri Robl Co-Handler: Wolfgang Menezes ===================== = News = ===================== ∗∗∗ Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus ∗∗∗ --------------------------------------------- Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322. --------------------------------------------- https://www.microsoft.com/security/blog/2021/11/08/threat-actor-dev-0322-ex… ∗∗∗ Abcbot, an evolving botnet ∗∗∗ --------------------------------------------- Business on the cloud and security on the cloud is one of the industry trends in recent years. 360Netlab is also continuing to focus on security incidents and trends on the cloud from its own expertise in the technology field. The following is a recent security incident we observed, --------------------------------------------- https://blog.netlab.360.com/abcbot_an_evolving_botnet_en/ ∗∗∗ (Ab)Using Security Tools & Controls for the Bad, (Mon, Nov 8th) ∗∗∗ --------------------------------------------- As security practitioners, we give daily advice to our customers to increase the security level of their infrastructures. Install this tool, enable this feature, disable this function, etc. When enabled, these techniques can also be (ab)used by attackers to perform nasty actions. --------------------------------------------- https://isc.sans.edu/diary/rss/28014 ∗∗∗ WooCommerce Skimmer Spoofs Checkout Page ∗∗∗ --------------------------------------------- Recently a client of ours was reporting a bogus checkout page appearing on their website. When trying to access their “my-account” page an unfamiliar prompt appeared in their browser soliciting credit card billing information: This form was foreign to our client and was clearly placed during a website compromise. Interestingly, the website itself doesn’t even accept payments at all. If this was an attempt at a targeted credit card theft infection (as quite a few of them are) [...] --------------------------------------------- https://blog.sucuri.net/2021/11/woocommerce-skimmer-spoofs-checkout-page.ht… ∗∗∗ ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Security Flaws ∗∗∗ --------------------------------------------- Industrial giants Siemens and Schneider Electric have released a total of 20 Patch Tuesday advisories to address more than 50 vulnerabilities affecting their products. --------------------------------------------- https://www.securityweek.com/ics-patch-tuesday-siemens-and-schneider-electr… ∗∗∗ „media-markt-outlet.de“ ist Fake ∗∗∗ --------------------------------------------- Die Webseite media-markt-outlet.de gibt vor, ein Outlet-Store von Media Markt zu sein. Da es sich bei diesem Fake-Shop angeblich um ein Outlet handelt, erscheinen die günstigen Preise auf dem ersten Blick nicht untypisch. Doch Vorsicht: media-markt-outlet.de ist Fake - Sie erhalten trotz Bezahlung keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/media-markt-outletde-ist-fake/ ∗∗∗ The Invisible JavaScript Backdoor ∗∗∗ --------------------------------------------- A few months ago we saw a post on the r/programminghorror subreddit: A developer describes the struggle of identifying a syntax error resulting from an invisible Unicode character hidden in JavaScript source code. This post inspired an idea: What if a backdoor literally cannot be seen and thus evades detection even from thorough code reviews? --------------------------------------------- https://certitude.consulting/blog/en/invisible-backdoor/ ===================== = Vulnerabilities = ===================== ∗∗∗ Jetzt patchen! Attacken auf CMS Sitecore Experience Platform beobachtet ∗∗∗ --------------------------------------------- Angreifer haben es derzeit auf eine Schadcode-Lücke im Content Management System Sitecore XP abgesehen. Sicherheitspatches gibt es bereits seit Oktober 2021. --------------------------------------------- https://heise.de/-6262157 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, grafana, jenkins, opera, and thunderbird), Debian (botan1.10 and ckeditor), openSUSE (chromium, kernel, qemu, and rubygem-activerecord-5_1), SUSE (qemu and rubygem-activerecord-5_1), and Ubuntu (docker.io, kernel, linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux, linux-aws, linux-aws-5.4, linux-azure, [...] --------------------------------------------- https://lwn.net/Articles/875531/ ∗∗∗ Adobe Patches Critical RoboHelp Server Security Flaw ∗∗∗ --------------------------------------------- Software maker Adobe on Tuesday released patches to cover at least four documented security defects that expose users to malicious hacker attacks. The most serious of the flaw was addressed in RoboHelp Server and is rated “critical” because it exposes corporate environments to arbitrary code execution attacks. --------------------------------------------- https://www.securityweek.com/adobe-patches-critical-robohelp-server-securit… ∗∗∗ IPAS: Security Advisories for November 2021 ∗∗∗ --------------------------------------------- Hi everyone, Today we released 25 security advisories addressing 72 vulnerabilities. Through our internal security research and the investment we make in our bug bounty programs, 96% of the issues being addressed today are the result of our proactive product security assurance efforts. Given that almost half of today’s advisories address drivers in various components, [...] --------------------------------------------- https://blogs.intel.com/technology/2021/11/intel-security-advisories-for-no… ∗∗∗ NUCLEUS:13 vulnerabilities impact Siemens medical & industrial equipment ∗∗∗ --------------------------------------------- Security researchers have disclosed today a set of 13 vulnerabilities that impact a crucial Siemens software library that is included with medical devices, automotive, and industrial systems. --------------------------------------------- https://therecord.media/nucleus13-vulnerabilities-impact-siemens-medical-in… ∗∗∗ Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX330728 ∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Ant vulnerability (CVE-2021-36374) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2021-2388, CVE-2021-2369, CVE-2021-2432) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Ant vulnerability (CVE-2021-36373) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact… ∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by CVE-2021-23509 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterpris… ∗∗∗ Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in Golang ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affecte… ∗∗∗ Security Bulletin: A vulnerability in Apache Commons Compress Library affects IBM LKS ART and Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache… ∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK (July 2021) affects IBM InfoSphere Information Server (CVE-2021-2432) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-25648, CVE-2021-31535, CVE-2021-20305, CVE-2020-25692) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-securi… ∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-4152, CVE-2020-4160, CVE-2020-4153) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-securi… ∗∗∗ Security Bulletin: IBM Safer Payments v5.7 to v6.3 releases are affected by an OpenSSL Security Advisory (CVE-2021-3711) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-safer-payments-v5-7-t… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (Nov. 2021 V1) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.11.2021
by Daily end-of-shift report 08 Nov '21

08 Nov '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 05-11-2021 18:00 − Montag 08-11-2021 18:00 Handler: Dimitri Robl Co-Handler: Wolfgang Menezes ===================== = News = ===================== ∗∗∗ Unbekannte infiltrieren Paketmanager npm und verseuchen Tools mit Schadcode ∗∗∗ --------------------------------------------- Die Betreiber des Paketmanagers npm warnen davor, dass Unbefugte die Pakete coa und rc trojanisiert haben. --------------------------------------------- https://heise.de/-6260153 ∗∗∗ Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer ∗∗∗ --------------------------------------------- A malicious campaign against ManageEngine ADSelfService Plus used Godzilla webshells, the NGLite backdoor and KdcSponge, a credential stealer. --------------------------------------------- https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/ ∗∗∗ Pwn2Own: Printer plays AC/DC, Samsung Galaxy S21 hacked twice ∗∗∗ --------------------------------------------- Trend Micros ZDI has awarded $1,081,250 for 61 zero-days exploited at Pwn2Own Austin 2021, with competitors successfully pwning the Samsung Galaxy S21 again and hacking an HP LaserJet printer to play AC/DCs Thunderstruck on the contests third day. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pwn2own-printer-plays-ac-dc-… ∗∗∗ Sitecore XP RCE flaw patched last month now actively exploited ∗∗∗ --------------------------------------------- The Australian Cyber Security Center (ACSC) is alerting web admins of the active exploitation of CVE-2021-42237, a remote code execution flaw in the Sitecore Experience Platform (Sitecore XP). --------------------------------------------- https://www.bleepingcomputer.com/news/security/sitecore-xp-rce-flaw-patched… ∗∗∗ Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory, (Sun, Nov 7th) ∗∗∗ --------------------------------------------- I made a video showing the steps to take to decrypt Cobalt Strike traffic that I covered in my diary entry "Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory". --------------------------------------------- https://isc.sans.edu/diary/rss/28008 ∗∗∗ ICS Threat Hunting: “Theyre Shootin’ at the Lights!” - PART 2 ∗∗∗ --------------------------------------------- [...] In this PART 2 of the blog series we will: Identify several critical and targeted ICS assets to protect, Identify related data sources for those assets, Focus on aspects of threat intel to use for a hunt, Build a threat hunt package template to prepare for executing the actual hunt --------------------------------------------- https://www.sans.org/blog/ics-threat-hunting-they-are-shootin-at-the-lights… ∗∗∗ TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access ∗∗∗ --------------------------------------------- NCC Group’s global Cyber Incident Response Team have observed an increase in Clop ransomware victims in the past weeks. The surge can be traced back to a vulnerability in SolarWinds Serv-U that is being abused by the TA505 threat actor. TA505 is a known cybercrime threat actor, who is known for extortion attacks using the [...] --------------------------------------------- https://blog.fox-it.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnera… ∗∗∗ DDoS Attack Trends for Q3 2021 ∗∗∗ --------------------------------------------- The third quarter of 2021 was a busy quarter for DDoS attackers. Cloudflare observed and mitigated record-setting HTTP DDoS attacks, terabit-strong network-layer attacks, one of the largest botnets ever deployed (Meris), and more recently, ransom DDoS attacks on voice over IP (VoIP) service providers and their network infrastructure around the world. --------------------------------------------- https://blog.cloudflare.com/ddos-attack-trends-for-2021-q3/ ∗∗∗ ASEC Weekly Malware Statistics (October 25th, 2021 – October 31st, 2021) ∗∗∗ --------------------------------------------- The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 25th, 2021 (Monday) to October 31st, 2021 (Sunday). For the main category, info-stealer ranked top with 48.3%, followed by RAT (Remote Administration Tool) malware with 24.5%, Downloader with 18.3%, Backdoor malware with 4.6%, Ransomware with 4.1%, and Banking malware with 0.2%. --------------------------------------------- https://asec.ahnlab.com/en/28464/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (containerd, redis, and sqlalchemy), Fedora (kernel, radeontop, rpki-client, and webkit2gtk3), openSUSE (java-1_8_0-openj9, libvirt, mailman, transfig, and webkit2gtk3), Oracle (thunderbird), SUSE (libvirt), and Ubuntu (icu). --------------------------------------------- https://lwn.net/Articles/875420/ ∗∗∗ Security Bulletin:Multiple Security Vulnerabilities fixed in Openssl as shipped with IBM Security Verify products (CVE-2021-3711, CVE-2021-3712) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletinmultiple-security-vulnerab… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Cross-Site Scripting in Guardium STAP vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: XSS vulerability in Dojo affects IBM Tivoli Business Service Manager (CVE-2018-15494) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-xss-vulerability-in-dojo-… ∗∗∗ Security Bulletin: IBM MQ Appliance vulnerable to a denial of service attack (CVE-2021-29843) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-vulnerab… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple Apache Commons FileUpload vulnerabilities affects IBM Tivoli Business Service Manager (CVE-2014-0034, CVE-2014-0050, CVE-2013-2186, CVE-2016-3092) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-apache-commons-f… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.11.2021
by Daily end-of-shift report 05 Nov '21

05 Nov '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 04-11-2021 18:00 − Freitag 05-11-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Phishing emails deliver spooky zombie-themed MirCop ransomware ∗∗∗ --------------------------------------------- A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes. --------------------------------------------- https://www.bleepingcomputer.com/news/security/phishing-emails-deliver-spoo… ∗∗∗ Bluetooth-Lücken Braktooth: Das Patchen geht nur schleppend voran ∗∗∗ --------------------------------------------- Für Braktooth-Attacken anfällige Bluetooth-Geräte könnten zeitnah in den Fokus von Angreifern rücken. Patches sind noch längst nicht flächendeckend verfügbar. --------------------------------------------- https://heise.de/-6254474 ∗∗∗ SSL certificate research highlights pitfalls for company data, competition ∗∗∗ --------------------------------------------- Analysis reveals hidden risks for organizations that do not monitor their certificate usage. --------------------------------------------- https://www.zdnet.com/article/ssl-certificate-research-highlights-pitfalls-… ∗∗∗ The IoT is getting a lot bigger, but security is still getting left behind ∗∗∗ --------------------------------------------- Four in five Internet of Things device vendors dont provide any information on how to disclose security vulnerabilities. That means problems just dont get fixed. --------------------------------------------- https://www.zdnet.com/article/the-iot-is-getting-a-lot-bigger-but-security-… ∗∗∗ Malware found in coa and rc, two npm packages with 23M weekly downloads ∗∗∗ --------------------------------------------- The security team of the npm JavaScript package manager has warned users that two of its most popular packages had been hijacked by a threat actor who released new versions laced with what appeared to be password-stealing malware. --------------------------------------------- https://therecord.media/malware-found-in-coa-and-rc-two-npm-packages-with-2… ∗∗∗ Datenbank mit Millionen Daten von VPN-Nutzern ungeschützt im Internet (Okt. 2021) ∗∗∗ --------------------------------------------- Wer VPN-Anbieter nutzt, muss sich auf deren Sicherheit und Integrität verlassen können. Sicherheitsforscher Bob Diachenko von comparitech ist kürzlich im Internet auf eine ungeschützte Datenbank (kein Passwort) gestoßen, die mehr als 300 Millionen Datensätze mit den persönlichen Daten [...] --------------------------------------------- https://www.borncity.com/blog/2021/11/05/datenbank-mit-millionen-daten-von-… ∗∗∗ Phishing PDF Files with CAPTCHA Screen Being Mass-distributed ∗∗∗ --------------------------------------------- Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by AhnLab’s ASD infrastructure since July up till now amount to 1,500,000. --------------------------------------------- https://asec.ahnlab.com/en/28431/ ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-21-1278: Hewlett Packard Enterprise iLO Amplifier Pack backup Directory Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise iLO Amplifier Pack. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1278/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python3.5, redis, and udisks2), Fedora (rust), openSUSE (binutils, java-1_8_0-openj9, and qemu), Oracle (firefox and httpd), Red Hat (thunderbird), Scientific Linux (thunderbird), and SUSE (binutils, qemu, and systemd). --------------------------------------------- https://lwn.net/Articles/875212/ ∗∗∗ SYSS-2021-048/SYSS-2021-049: PHP Event Calendar – SQL Injection und Persistent Cross-Site Scripting ∗∗∗ --------------------------------------------- Im "PHP Event Calendar" wurden zwei Sicherheitslücken gefunden. So kann die Datenbank ausgelesen oder die Sitzung anderer Nutzer kompromittiert werden. --------------------------------------------- https://www.syss.de/pentest-blog/syss-2021-048/syss-2021-049-php-event-cale… ∗∗∗ D-LINK Router: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1157 ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OpenLDAP vulnerability (CVE-2020-25692) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2021-29753 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vu… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by the following vulnerabilities ( CVE-2021-29773, CVE-2021-2161) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in Golang ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affecte… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Reliance on Untrusted Inputs in Security Descision ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Weak Password Policy vulnerability (CVE-2021-20418) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilites ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.11.2021
by Daily end-of-shift report 04 Nov '21

04 Nov '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-11-2021 18:00 − Donnerstag 04-11-2021 18:00 Handler: Dimitri Robl Co-Handler: Wolfgang Menezes ===================== = News = ===================== ∗∗∗ Wichtige Cisco-Updates: Recycelte SSH-Keys vereinfachten unbefugte Root-Zugriffe ∗∗∗ --------------------------------------------- Neue Versionen schließen eine kritische Lücke in Ciscos Policy Suite. Auch Catalyst PON Switches & weitere Produkte wurden gegen Angriffe abgesichert. --------------------------------------------- https://heise.de/-6251668 ∗∗∗ BSI-Paper: Technische Grundlagen sicherer Messenger-Dienste ∗∗∗ --------------------------------------------- Milliardenfach kommt weltweit ein Kommunikationsmittel zum Zuge: Messenger-Dienste. Die kurze geschriebene oder gesprochene Nachricht überrundet schon lange die SMS. Doch wie funktionieren Messenger? Was macht sie sicher und was eher nicht? Auf diese und weitere Fragen gibt das BSI-Paper „Moderne Messenger – heute verschlüsselt, morgen interoperabel?“ Antwort. --------------------------------------------- https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse202… ∗∗∗ Cyberkriminelle verkaufen Zugänge zu internationalen Logistikfirmen ∗∗∗ --------------------------------------------- Es handelt sich oft um Schwachstellen in RDP und VPN. Angeboten werden aber auch gestohlene Zugangsdaten. Sicherheitsforscher warnen vor weiteren negativen Folgen für die Lieferkette. --------------------------------------------- https://www.zdnet.de/88397581/cyberkriminelle-verkaufen-zugaenge-zu-interna… ∗∗∗ Betrug mit Verdopplung Ihrer Bitcoins und Kryptowährungen! ∗∗∗ --------------------------------------------- Kriminelle machen ein attraktives Angebot: Sie versprechen eine Verdopplung eingezahlter Kryptowährungen durch einfaches Übetragen auf eine Wallet. Der Haken an der Sache: Übertragene Währungen sind verloren, denn sie landen direkt auf den Wallets der Kriminellen. Genau das passiert auch auf spacegetbonus.com mit Bitcoin, Ethereum und Dogecoin! --------------------------------------------- https://www.watchlist-internet.at/news/betrug-mit-verdopplung-ihrer-bitcoin… ∗∗∗ Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware ∗∗∗ --------------------------------------------- A new threat actor is hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-exchange-proxyshel… ∗∗∗ Samsung Galaxy S21 hacked on second day of Pwn2Own Austin ∗∗∗ --------------------------------------------- Contestants hacked the Samsung Galaxy S21 smartphone during the second day of the Pwn2Own Austin 2021 competition, as well as routers, NAS devices, speakers, and printers from Cisco, TP-Link, Western Digital, Sonos, Canon, Lexmark, and HP. --------------------------------------------- https://www.bleepingcomputer.com/news/security/samsung-galaxy-s21-hacked-on… ∗∗∗ 5 MITRE ATT&CK Tactics Most Frequently Detected by Cisco Secure Firewalls ∗∗∗ --------------------------------------------- Cisco Security examines the most frequently encountered MITRE ATT&CK tactics and techniques. --------------------------------------------- https://www.darkreading.com/edge-threat-monitor/5-mitre-attck-tactics-most-… ∗∗∗ Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns ∗∗∗ --------------------------------------------- Much has been written about the role of webinjects in the evolution of banking trojans, facilitating the interception and manipulation of victim connections to the customer portals of a burgeoning list of targets which now includes e-commerce, retail, and telecommunications brands. --------------------------------------------- https://team-cymru.com/blog/2021/11/03/webinject-panel-administration-a-van… ∗∗∗ Credit card skimmer evades Virtual Machines ∗∗∗ --------------------------------------------- After code obfuscation, anti-debugger tricks we now see virtual machine detection used by credit card skimmers. --------------------------------------------- https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimm… ∗∗∗ The Vagabon Kit Highlights ‘Frankenstein’ Trend in Phishing ∗∗∗ --------------------------------------------- In early 2021, RiskIQ first detected a new phishing campaign targeting PayPal. The campaign, authored by an actor calling themself "Vagabon," looks to collect PayPal login credentials and complete credit card information from the victim. The kit doesnt display many unique characteristics and is a textbook example of a "Frankenstein" kit. In this increasingly popular trend, threat actors piece together new phish kits from modular, free, or readily available kits and services. --------------------------------------------- https://www.riskiq.com/blog/external-threat-management/vagabon-kit-frankens… ∗∗∗ Conducting Digital Forensics Incident Response (DFIR) on an Infected GitLab Server ∗∗∗ --------------------------------------------- GitLab servers are under attack with a now-patched critical vulnerability Earlier this week we investigated an incident that occurred on a new Intezer Protect user’s GitLab server. After the user installed the Intezer Protect sensor on their server, an initial runtime scan was performed. An alert was immediately triggered on the execution of a malicious metasploit [...] --------------------------------------------- https://www.intezer.com/blog/cloud-security/dfir-infected-gitlab-server/ ∗∗∗ Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3 ∗∗∗ --------------------------------------------- We decrypt Cobalt Strike traffic with cryptographic keys extracted from process memory. This series of blog posts describes different methods to decrypt Cobalt Strike traffic. --------------------------------------------- https://blog.nviso.eu/2021/11/03/cobalt-strike-using-process-memory-to-decr… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical RCE Vulnerability Reported in Linux Kernels TIPC Module ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed a security flaw in the Linux Kernels Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. The heap overflow vulnerability "can be exploited locally or remotely within a network to gain kernel [...] --------------------------------------------- https://thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.ht… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (ansible, chromium, kernel, mupdf, python-PyMuPDF, rust, and zathura-pdf-mupdf), openSUSE (qemu and webkit2gtk3), Red Hat (firefox and kpatch-patch), Scientific Linux (firefox), SUSE (qemu, tomcat, and webkit2gtk3), and Ubuntu (firefox and thunderbird). --------------------------------------------- https://lwn.net/Articles/875106/ ∗∗∗ Beckhoff: Relative path traversal vulnerability through TwinCAT OPC UA Server ∗∗∗ --------------------------------------------- [...] Summary: Through specific nodes of the server configuration interface of the TwinCAT OPC UA Server administrators are able to remotely create and delete any files on the system which the server is running on, though this access should have been restricted to specific directories. In case that configuration interface is combined with not recommended settings to allow anonymous access via the TwinCAT OPC UA Server then this kind of file access is even possible for any unauthenticated user from remote. --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2021-051/ ∗∗∗ VISAM VBASE Editor ∗∗∗ --------------------------------------------- This advisory contains mitigations for Improper Access Control, Cross-site Scripting, Using Components with Known Vulnerabilities, and Improper Restriction of XML External Entity Reference vulnerabilities in the VISAM VBASE Editor automation platform. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-308-01 ∗∗∗ AzeoTech DAQFactory ∗∗∗ --------------------------------------------- This advisory contains mitigations for Use of Inherently Dangerous Function, Deserialization of Untrusted Data, Cleartext Transmission of Sensitive Information, and Modification of Assumed-Immutable Data (MAID) vulnerabilities in the AzeoTech DAQFactory software and application development platform. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02 ∗∗∗ BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities ∗∗∗ --------------------------------------------- On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary code execution. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/11/04/braktooth-proof-c… ∗∗∗ Security Bulletin: Vulnerability in Oracle, Java SE Affecting Watson Speech Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-oracle-j… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Bouncy Castle vulnerability (CVE-2020-26939) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Reflected cross-site scripting vulnerability in IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scr… ∗∗∗ Grafana: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1154 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.11.2021
by Daily end-of-shift report 03 Nov '21

03 Nov '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 02-11-2021 18:00 − Mittwoch 03-11-2021 18:00 Handler: Dimitri Robl Co-Handler: Wolfgang Menezes ===================== = News = ===================== ∗∗∗ A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions ∗∗∗ --------------------------------------------- This article provides an overview of what the App Sandbox is and the vulnerability details as disclosed to Apple. --------------------------------------------- https://perception-point.io/a-technical-analysis-of-cve-2021-30864-bypassin… ∗∗∗ Ransomware: "BlackMatter"-Gang will aufhören – mal wieder ∗∗∗ --------------------------------------------- Druck von Ermittlern veranlasst BlackMatter zum Aufhören. Ein endgültiger Abschied der alten Hasen aus dem Erpresser-Business scheint aber eher fraglich. --------------------------------------------- https://heise.de/-6247924 ∗∗∗ Sicherheitsforscher warnen vor zehntausenden verwundbaren GitLab-Servern ∗∗∗ --------------------------------------------- Obwohl es bereits mehrere Monate Sicherheitspatches für eine kritische Lücke gibt, sind einem Bericht zufolge immer noch viele GitLab-Server angreifbar. --------------------------------------------- https://heise.de/-6249588 ∗∗∗ This Steam phish baits you with free Discord Nitro ∗∗∗ --------------------------------------------- Theres another scam making rounds on Discord. And its cleverly phishing for Steam credentials. --------------------------------------------- https://blog.malwarebytes.com/malwarebytes-news/2021/11/this-steam-phish-ba… ∗∗∗ Kleinanzeigenbetrug mit angeblichem Post-Kurier boomt! ∗∗∗ --------------------------------------------- Zahlreiche LeserInnen wenden sich derzeit an uns, da Kriminelle eine gefälschte Webseite der Post für Kleinanzeigenbetrug verwenden. Dabei suchen die BetrügerInnen auf Willhaben, Ebay, Shpock und Co. nach teuren Angeboten und erklären den VerkäuferInnen, dass der Kauf über einen Kurierdienst der Post abgewickelt werden soll. --------------------------------------------- https://www.watchlist-internet.at/news/kleinanzeigenbetrug-mit-angeblichem-… ∗∗∗ Almost half of rootkits are used for cyberattacks against government organizations ∗∗∗ --------------------------------------------- On Wednesday, Positive Technologies released a report on the evolution and application of rootkits in cyberattacks, noting that 77% of rootkits are utilized for cyberespionage. --------------------------------------------- https://www.zdnet.com/article/almost-half-of-rootkits-are-used-to-strike-go… ∗∗∗ "Trojan Source": Was ist da dran? ∗∗∗ --------------------------------------------- An sich schätze ich Brian Krebs, er schreibt wirklich gute Artikel, aber bei ‘Trojan Source’ Bug Threatens the Security of All Code hat er etwas übertrieben. --------------------------------------------- https://cert.at/de/aktuelles/2021/11/trojan-source-was-ist-da-dran ∗∗∗ CISA Issues BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities ∗∗∗ --------------------------------------------- CISA has issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to addresses vulnerabilities that establishes specific timeframes for federal civilian agencies to remediate vulnerabilities that are being actively exploited by known adversaries. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/cisa-issues-bod-2… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco hat 16 Security Advisories veröffentlicht. Zwei davon werden als "Critical" eingestuft, zwei als "High", und zwölf als "Medium". --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&secur… ∗∗∗ Patchday: Angreifer attackieren gezielt Android-Geräte ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für verschiedene Android-Versionen. Eine Lücke im Kernel nutzen Angreifer derzeit aus. --------------------------------------------- https://heise.de/-6247997 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (CuraEngine, curl, firefox, php, and vim), openSUSE (apache2, pcre, salt, transfig, and util-linux), Oracle (.NET 5.0, curl, kernel, libsolv, python3, samba, and webkit2gtk3), and Red Hat (flatpak). --------------------------------------------- https://lwn.net/Articles/874980/ ∗∗∗ ZDI-21-1277: (0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1277/ ∗∗∗ ZDI-21-1276: (0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1276/ ∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Huawei Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211103-… ∗∗∗ Security Bulletin: Vulnerabilities in HAProxy Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-haprox… ∗∗∗ Security Vulnerabilities fixed in Thunderbird 91.3 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/ ∗∗∗ Red Hat Integration - Service Registry: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-1143 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.11.2021
by Daily end-of-shift report 02 Nov '21

02 Nov '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-10-2021 18:00 − Dienstag 02-11-2021 18:00 Handler: Wolfgang Menezes Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Trojan Source: Programmiersprachen lassen sich per Unicode trojanisieren ∗∗∗ --------------------------------------------- Ein Forschungsteam zeigt systematisch, wie sich mit Unicode-Tricks Code manipulieren lässt. Open-Source-Communitys und die IT-Industrie reagieren. --------------------------------------------- https://www.golem.de/news/trojan-source-programmiersprachen-lassen-sich-per… ∗∗∗ BlackMatter Ransomware Operators Develop Custom Data Exfiltration Tool ∗∗∗ --------------------------------------------- The cybercriminals operating the BlackMatter ransomware have started using a custom data exfiltration tool in their attacks, Symantec reports. --------------------------------------------- https://www.securityweek.com/blackmatter-ransomware-operators-develop-custo… ∗∗∗ FBI Publishes IOCs for Hello Kitty Ransomware ∗∗∗ --------------------------------------------- The Federal Bureau of Investigation (FBI) has published a flash alert to share details on the tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs) associated with the Hello Kitty ransomware, which is also known as FiveHands. --------------------------------------------- https://www.securityweek.com/fbi-publishes-iocs-hello-kitty-ransomware ∗∗∗ Webseiten-BetreiberInnen aufgepasst: Gefälschte E-Mails von WORLD4YOU im Umlauf ∗∗∗ --------------------------------------------- Zahlreiche Webseiten-BetreiberInnen erhalten momentan betrügerische E-Mails im Namen von Wordl4You. In den betrügerischen E-Mails wird behauptet, dass die Domain gesperrt wurde, abgelaufen ist oder verlängert werden muss. --------------------------------------------- https://www.watchlist-internet.at/news/webseiten-betreiberinnen-aufgepasst-… ∗∗∗ EU Digital Green Certificate: Was gilt eigentlich bei uns? ∗∗∗ --------------------------------------------- Nachdem der digitale grüne Pass gerade in den Medien ist, und ich für den Standard den Erklärbären mache, will ich hier ein paar technische Informationen dokumentieren, die für einen Zeitungsartikel dann doch zu technisch sind. --------------------------------------------- https://cert.at/de/blog/2021/10/eu-digital-green-certificate-was-gilt-eigen… ∗∗∗ Shodan Verified Vulns 2021-11-01 ∗∗∗ --------------------------------------------- Das "Cyber-Security-Month" Oktober ist vorbei, aber, wie ein Blick in unsere Shodan-Daten vom 2021-11-01 verrät, hatte es keinen direkt sichtbaren Effekt: Die Veränderungen zu Anfang Oktober sind überschaubar. --------------------------------------------- https://cert.at/de/aktuelles/2021/11/shodan-verified-vulns-2021-11-01 ∗∗∗ From Zero to Domain Admin ∗∗∗ --------------------------------------------- This report will go through an intrusion from July that began with an email, which included a link to Google’s Feed Proxy service that was used to download a malicious Word document. --------------------------------------------- https://thedfirreport.com/2021/11/01/from-zero-to-domain-admin/ ===================== = Vulnerabilities = ===================== ∗∗∗ Android November patch fixes actively exploited kernel bug ∗∗∗ --------------------------------------------- Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-november-patch-fixes… ∗∗∗ Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild ∗∗∗ --------------------------------------------- A now-patched critical remote code execution (RCE) vulnerability in GitLabs web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. --------------------------------------------- https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- Tivoli Composite Application Manager for Transactions, InfoSphere Information Server, InfoSphere DataStage Flow Designer, API Connect, Application Discovery and Delivery Intelligence, MessageGateway, PowerSC. --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Firefox-Updates schließen zahlreiche Sicherheitslücken ∗∗∗ --------------------------------------------- Die Entwickler der Mozilla Foundation haben im Webbrowser Firefox mehr als ein Dutzend Sicherheitslücken gestopft. --------------------------------------------- https://heise.de/-6245344 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind, chromium, freerdp, opera, webkit2gtk, and wpewebkit), Debian (cron, cups, elfutils, ffmpeg, libmspack, libsdl1.2, libsdl2, opencv, and tiff), Fedora (java-latest-openjdk, stb, and thunderbird), Mageia (cairo, cloud-init, docker, ffmpeg, libcaca, php, squid, and webkit2), openSUSE (busybox, chromium, civetweb, containerd, docker, runc, dnsmasq, fetchmail, flatpak, go1.16, krb5, ncurses, python, python-Pygments, squid, strongswan, transfig, webkit2gtk). --------------------------------------------- https://lwn.net/Articles/874623/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (asterisk, bind9, glusterfs, and openjdk-11), Fedora (ansible and CuraEngine), openSUSE (mailman and opera), Oracle (binutils and flatpak), Red Hat (curl, flatpak, java-1.8.0-ibm, kernel, kernel-rt, libsolv, python3, samba, and webkit2gtk3), Scientific Linux (binutils and flatpak), SUSE (binutils and transfig), and Ubuntu (ceph and mailman). --------------------------------------------- https://lwn.net/Articles/874818/ ∗∗∗ Kaspersky Patches Vulnerability That Can Lead to Unbootable System ∗∗∗ --------------------------------------------- Kaspersky published two advisories on Monday to warn customers about a vulnerability that can lead to unbootable systems and a phishing campaign involving messages sent from a Kaspersky email address. --------------------------------------------- https://www.securityweek.com/kaspersky-patches-vulnerability-can-lead-unboo… ∗∗∗ November 1, 2021 TNS-2021-18 [R1] Nessus 10.0.0 Fixes One Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2021-18 ∗∗∗ Synology-SA-21:27 ISC BIND ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_21_27 ∗∗∗ Sensormatic Electronics VideoEdge ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-306-01 ∗∗∗ WECON PI Studio (Update A) ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/ICSA-18-277-01 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.10.2021
by Daily end-of-shift report 29 Oct '21

29 Oct '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-10-2021 18:00 − Freitag 29-10-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Wie Ransomware eine Stadtverwaltung Tage lang lahmlegte ∗∗∗ --------------------------------------------- Neustadt am Rübenberge war Ziel eines großen IT-Angriffs. Der Fall zeigt, wie stark sich das auswirken kann, welche Lehren Institutionen daraus ziehen sollten. --------------------------------------------- https://heise.de/-6236592 ∗∗∗ Betrügerische Mails und SMS im Namen der Volksbank im Umlauf! ∗∗∗ --------------------------------------------- Derzeit geben sich BetrügerInnen vermehrt als Volksbank aus, um per Mail oder SMS an die Online-Banking-Zugangsdaten von potenziellen Opfer zu kommen. Die Kriminellen behaupten dabei, dass eine App installiert werden müsste oder der Zugang zu dieser App gesperrt wurde. Achtung: Es handelt sich um Phishing und Smishing! --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-mails-und-sms-im-name… ∗∗∗ SEO Poisoning Used to Distribute Ransomware ∗∗∗ --------------------------------------------- This tactic - used to distribute REvil ransomware and the SolarMarker backdoor - is part of a broader increase in such attacks in recent months, researchers say. --------------------------------------------- https://www.darkreading.com/attacks-breaches/seo-poisoning-used-to-distribu… ∗∗∗ Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App ∗∗∗ --------------------------------------------- Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency. --------------------------------------------- https://threatpost.com/chrome-deliver-malware-as-legit-win-10-app/175884/ ∗∗∗ Pink, a botnet that competed with the vendor to control the massive infected devices ∗∗∗ --------------------------------------------- Most of the following article was completed around early 2020, at that time the vendor was trying different ways to recover the massive amount of infected devices, we shared our findings with the vendor, as well as to CNCERT, and decided to not publish the blog while the vendors working [...] --------------------------------------------- https://blog.netlab.360.com/pink-en/ ∗∗∗ This New Android Malware Can Gain Root Access to Your Smartphones ∗∗∗ --------------------------------------------- An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. The malware has been named "AbstractEmu" owing to its use of code abstraction and anti-emulation checks to avoid running while under analysis. --------------------------------------------- https://thehackernews.com/2021/10/this-new-android-malware-can-gain-root.ht… ∗∗∗ Update your OptinMonster WordPress plugin immediately ∗∗∗ --------------------------------------------- We look at a recent WordPress plugin compromise, explain what it is, and also what you have to do to ensure your blog and visitors are safe. --------------------------------------------- https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/update-y… ∗∗∗ Network Scanning Traffic Observed in Public Clouds ∗∗∗ --------------------------------------------- Cybercriminals can use scanning results to identify potential victims. We share our observations of network scanning traffic in public clouds. --------------------------------------------- https://unit42.paloaltonetworks.com/cloud-network-scanning-traffic/ ∗∗∗ NSA-CISA Series on Securing 5G Cloud Infrastructures ∗∗∗ --------------------------------------------- The National Security Agency (NSA) and CISA have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. Security Guidance for 5G Cloud Infrastructures – Part I: Prevent and Detect Lateral Movement provides recommendations for mitigating lateral movement attempts by threat actors who have gained initial access to cloud infrastructures. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/10/28/nsa-cisa-series-s… ===================== = Vulnerabilities = ===================== ∗∗∗ All Windows versions impacted by new LPE zero-day vulnerability ∗∗∗ --------------------------------------------- A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/all-windows-versions-impacte… ∗∗∗ Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X ∗∗∗ --------------------------------------------- CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities. --------------------------------------------- https://jvn.jp/en/jp/JVN69304877/ ∗∗∗ Shrootless: Microsoft finds Apple macOS vulnerability ∗∗∗ --------------------------------------------- Shrootless is a vulnerability found in macOS that can bypass the System Integrity Protection by abusing inherited permissions. --------------------------------------------- https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/shrootle… ∗∗∗ XSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites ∗∗∗ --------------------------------------------- On August 19, 2021, the Wordfence Threat Intelligence team began the disclosure process for a reflected Cross-Site Scripting(XSS) vulnerability we found in NextScripts: Social Networks Auto-Poster, a WordPress plugin with over 100,000 installations. --------------------------------------------- https://www.wordfence.com/blog/2021/10/xss-vulnerability-in-nextscripts-soc… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, gpsd, jbig2dec, libdatetime-timezone-perl, tzdata, webkit2gtk, and wpewebkit), Fedora (flatpak, java-1.8.0-openjdk, java-11-openjdk, and php), SUSE (qemu), and Ubuntu (bind9). --------------------------------------------- https://lwn.net/Articles/874354/ ∗∗∗ Sensormatic Electronics victor ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in Sensormatic Electronics victor video management systems. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-301-01 ∗∗∗ Delta Electronics DOPSoft (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-21-238-04 Delta Electronics DOPSoft that was published August 26, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in Delta Electronics DOPSoft HMI editing software. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-238-04 ∗∗∗ GoCD Authentication Vulnerability ∗∗∗ --------------------------------------------- GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/10/29/gocd-authenticati… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Advisory: RCE Vulnerability in Automation Studio ∗∗∗ --------------------------------------------- https://www.br-automation.com/downloads_br_productcatalogue/assets/16341384… ∗∗∗ Advisory: ZipSlip Vulnerability in Automation Studio Project Import ∗∗∗ --------------------------------------------- https://www.br-automation.com/downloads_br_productcatalogue/assets/16341384… ∗∗∗ Advisory: DLL Hijacking Vulnerability in Automation Studio ∗∗∗ --------------------------------------------- https://www.br-automation.com/downloads_br_productcatalogue/assets/16341384… ∗∗∗ ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS) ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN60553023/ ∗∗∗ ZDI-21-1273: (0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1273/ ∗∗∗ ZDI-21-1272: (0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1272/ ∗∗∗ ZDI-21-1271: (0Day) Bitdefender Endpoint Security Unnecessary Privileges Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1271/ ∗∗∗ ZDI-21-1270: (0Day) Bitdefender Endpoint Security Unnecessary Privileges Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1270/ ∗∗∗ ZDI-21-1275: NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1275/ ∗∗∗ ZDI-21-1274: NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1274/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.10.2021
by Daily end-of-shift report 28 Oct '21

28 Oct '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-10-2021 18:00 − Donnerstag 28-10-2021 18:00 Handler: Wolfgang Menezes Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ QR Codes Help Attackers Sneak Emails Past Security Controls ∗∗∗ --------------------------------------------- A recently discovered campaign shows how attackers are constantly developing new techniques to deceive phishing victims. --------------------------------------------- https://www.darkreading.com/attacks-breaches/qr-codes-help-attackers-sneak-… ∗∗∗ How we took part in MLSEC and (almost) won ∗∗∗ --------------------------------------------- How we took part in the Machine Learning Security Evasion Competition (MLSEC) — a series of trials testing contestants’ ability to create and attack machine learning models. --------------------------------------------- https://securelist.com/how-we-took-part-in-mlsec-and-almost-won/104699/ ∗∗∗ EU’s Green Pass Vaccination ID Private Key Leaked ∗∗∗ --------------------------------------------- The private key used to sign the vaccine passports was leaked and is being passed around to create fake passes for the likes of Mickey Mouse and Adolf Hitler. --------------------------------------------- https://threatpost.com/eus-green-pass-vaccination-id-private-key-leaked/175… ∗∗∗ New Wslink Malware Loader Runs as a Server and Executes Modules in Memory ∗∗∗ --------------------------------------------- Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed "Wslink" by ESET, this previously undocumented malware stands apart from the rest in that it runs as a server and executes received modules in memory. --------------------------------------------- https://thehackernews.com/2021/10/new-wslink-malware-loader-runs-as.html ∗∗∗ Threat profile: Ranzy Locker ransomware ∗∗∗ --------------------------------------------- What you need to know about Ranzy Locker ransomware. --------------------------------------------- https://blog.malwarebytes.com/ransomware/2021/10/threat-profile-ranzy-locke… ∗∗∗ PSA: Widespread Remote Working Scam Underway ∗∗∗ --------------------------------------------- Attackers are posting jobs pretending to be from existing companies and steal money and/or personal information from jobseekers. --------------------------------------------- https://www.wordfence.com/blog/2021/10/psa-widespread-remote-working-scam-u… ∗∗∗ Trends und Entwicklungen bei Fake-Shops ∗∗∗ --------------------------------------------- Fake-Shops gibt es wie Sand am Meer - und auch sie entwickeln sich nach Trends: Von E-Bikes bis zur Playstation5. Diese Trends sind von der Saison, aber auch von Angebot und Nachfrage abhängig. Was die Watchlist Internet im letzten Jahr über Fake-Shop-Trends erfahren hat, lesen Sie hier. --------------------------------------------- https://www.watchlist-internet.at/news/trends-und-entwicklungen-bei-fake-sh… ∗∗∗ Free decrypters released for AtomSilo, Babuk, and LockFile ransomware strains ∗∗∗ --------------------------------------------- Antivirus maker and cyber-security firm Avast has released today free decryption utilities to recover files that have been encrypted by three ransomware strains—AtomSilo, Babuk, and LockFile. --------------------------------------------- https://therecord.media/free-decrypters-released-for-atomsilo-babuk-and-loc… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- Cisco hat 19 Security Advisories veröffentlicht. Keines davon wird als "Critical" eingestuft, neun als "High". --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&lastP… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (salt), Slackware (bind), SUSE (salt), and Ubuntu (php5, php7.0, php7.2, php7.4, php8.0). --------------------------------------------- https://lwn.net/Articles/874210/ ∗∗∗ 2021 CWE Most Important Hardware Weaknesses ∗∗∗ --------------------------------------------- The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List. The 2021 Hardware List is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in hardware. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/10/28/2021-cwe-most-imp… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.10.2021
by Daily end-of-shift report 27 Oct '21

27 Oct '21

===================== = End-of-Day report = ===================== Timeframe: Montag 25-10-2021 18:00 − Mittwoch 27-10-2021 18:00 Handler: Dimitri Robl Co-Handler: Wolfgang Menezes ===================== = News = ===================== ∗∗∗ Babuk ransomware decryptor released to recover files for free ∗∗∗ --------------------------------------------- Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free. --------------------------------------------- https://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-r… ∗∗∗ Vorsicht: Neue Betrugswelle mit vermeintlichen DHL-SMS ∗∗∗ --------------------------------------------- Wieder sind betrügerische SMS zu Paketlieferungen im Umlauf. Ziel ist es, eine Schadsoftware aufs Handy zu bringen. --------------------------------------------- https://futurezone.at/digital-life/betrug-dhl-sms-phishing-ausstehendes-pak… ∗∗∗ Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads ∗∗∗ --------------------------------------------- UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service. --------------------------------------------- https://threatpost.com/android-scammed-sms-fraud-tik-tok/175739/ ∗∗∗ Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users ∗∗∗ --------------------------------------------- The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet. --------------------------------------------- https://threatpost.com/mozilla-firefox-blocks-malicious-add-ons-installed-b… ∗∗∗ Conti Ransom Gang Starts Selling Access to Victims ∗∗∗ --------------------------------------------- The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Contis malware who refuse to negotiate a ransom payment are added to Contis victim shaming blog, where confidential files stolen from victims may be published or sold. --------------------------------------------- https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access… ∗∗∗ „Hallo Mama“ - Vorsicht vor Betrug über WhatsApp! ∗∗∗ --------------------------------------------- Aktuell versuchen BetrügerInnen über WhatsApp an das Geld von potentiellen Opfern zu kommen. Dafür geben Sie sich in einer Nachricht als Tochter oder Sohn der EmpfängerInnen aus und fordern die Überweisung von mehreren tausend Euro. --------------------------------------------- https://www.watchlist-internet.at/news/hallo-mama-vorsicht-vor-betrug-ueber… ===================== = Vulnerabilities = ===================== ∗∗∗ WordPress: Erneute Sicherheitslücke im Plugin Ninja Forms ∗∗∗ --------------------------------------------- Das beliebte Formular-Framework ist erneut von einer Sicherheitslücke betroffen. Das WordPress-Plugin ist auf mehr als einer Million Webseiten aktiv. --------------------------------------------- https://heise.de/-6229249 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php7.3 and php7.4), Mageia (kernel and kernel-linus), openSUSE (chromium and virtualbox), Oracle (xstream), Red Hat (kernel, rh-ruby30-ruby, and samba), and Ubuntu (binutils and mysql-5.7). --------------------------------------------- https://lwn.net/Articles/874045/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mosquitto and php7.0), Fedora (python-django-filter and qt), Mageia (fossil, opencryptoki, and qtbase5), openSUSE (apache2, busybox, dnsmasq, ffmpeg, pcre, and wireguard-tools), Red Hat (kpatch-patch), SUSE (apache2, busybox, dnsmasq, ffmpeg, java-11-openjdk, libvirt, open-lldp, pcre, python, qemu, util-linux, and wireguard-tools), and Ubuntu (apport and libslirp). --------------------------------------------- https://lwn.net/Articles/874143/ ∗∗∗ Belden Security Bulletin – BSECV-2020-03: Potential denial of service vulnerability in PROFINET Devices via DCE-RPC Packets ∗∗∗ --------------------------------------------- A vulnerability in the PROFINET stack implementation in Classic Firmware, HiOS, and HiLCOS could lead to a denial of service via an out of memory condition. --------------------------------------------- https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=13688&mediaformat… ∗∗∗ Security Bulletin: A vulnerability exists in the restricted shell of the IBM FlashSystem 900 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in… ∗∗∗ Security Bulletin: Cross-Site Scripting Vulnerability Affects Dashboard UI of IBM Sterling B2B Integrator (CVE-2021-29764) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vuln… ∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-wo… ∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software – September 2021 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-a… ∗∗∗ Security Bulletin: Openstack Compute (Nova) noVNC proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-openstack-compute-nova-no… ∗∗∗ Security Bulletin: Insufficient session expiration in IBM i2 iBase ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-insufficient-session-expi… ∗∗∗ Grafana vulnerability CVE-2021-39226 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K22322802 ∗∗∗ Paessler PRTG: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1114 ∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-1121 ∗∗∗ Fuji Electric Tellus Lite V-Simulator and V-Server Lite ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-299-01 ∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/10/27/adobe-releases-se… ∗∗∗ Apple Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/10/27/apple-releases-se… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily