[CERT-daily] Tageszusammenfassung - 02.11.2021
Daily end-of-shift report
team at cert.at
Tue Nov 2 18:11:03 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 29-10-2021 18:00 − Dienstag 02-11-2021 18:00
Handler: Wolfgang Menezes
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Trojan Source: Programmiersprachen lassen sich per Unicode trojanisieren ∗∗∗
---------------------------------------------
Ein Forschungsteam zeigt systematisch, wie sich mit Unicode-Tricks Code manipulieren lässt. Open-Source-Communitys und die IT-Industrie reagieren.
---------------------------------------------
https://www.golem.de/news/trojan-source-programmiersprachen-lassen-sich-per-unicode-trojanisieren-2111-160751-rss.html
∗∗∗ BlackMatter Ransomware Operators Develop Custom Data Exfiltration Tool ∗∗∗
---------------------------------------------
The cybercriminals operating the BlackMatter ransomware have started using a custom data exfiltration tool in their attacks, Symantec reports.
---------------------------------------------
https://www.securityweek.com/blackmatter-ransomware-operators-develop-custom-data-exfiltration-tool
∗∗∗ FBI Publishes IOCs for Hello Kitty Ransomware ∗∗∗
---------------------------------------------
The Federal Bureau of Investigation (FBI) has published a flash alert to share details on the tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs) associated with the Hello Kitty ransomware, which is also known as FiveHands.
---------------------------------------------
https://www.securityweek.com/fbi-publishes-iocs-hello-kitty-ransomware
∗∗∗ Webseiten-BetreiberInnen aufgepasst: Gefälschte E-Mails von WORLD4YOU im Umlauf ∗∗∗
---------------------------------------------
Zahlreiche Webseiten-BetreiberInnen erhalten momentan betrügerische E-Mails im Namen von Wordl4You. In den betrügerischen E-Mails wird behauptet, dass die Domain gesperrt wurde, abgelaufen ist oder verlängert werden muss.
---------------------------------------------
https://www.watchlist-internet.at/news/webseiten-betreiberinnen-aufgepasst-gefaelschte-e-mails-von-world4you-im-umlauf/
∗∗∗ EU Digital Green Certificate: Was gilt eigentlich bei uns? ∗∗∗
---------------------------------------------
Nachdem der digitale grüne Pass gerade in den Medien ist, und ich für den Standard den Erklärbären mache, will ich hier ein paar technische Informationen dokumentieren, die für einen Zeitungsartikel dann doch zu technisch sind.
---------------------------------------------
https://cert.at/de/blog/2021/10/eu-digital-green-certificate-was-gilt-eigentlich-bei-uns
∗∗∗ Shodan Verified Vulns 2021-11-01 ∗∗∗
---------------------------------------------
Das "Cyber-Security-Month" Oktober ist vorbei, aber, wie ein Blick in unsere Shodan-Daten vom 2021-11-01 verrät, hatte es keinen direkt sichtbaren Effekt: Die Veränderungen zu Anfang Oktober sind überschaubar.
---------------------------------------------
https://cert.at/de/aktuelles/2021/11/shodan-verified-vulns-2021-11-01
∗∗∗ From Zero to Domain Admin ∗∗∗
---------------------------------------------
This report will go through an intrusion from July that began with an email, which included a link to Google’s Feed Proxy service that was used to download a malicious Word document.
---------------------------------------------
https://thedfirreport.com/2021/11/01/from-zero-to-domain-admin/
=====================
= Vulnerabilities =
=====================
∗∗∗ Android November patch fixes actively exploited kernel bug ∗∗∗
---------------------------------------------
Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/android-november-patch-fixes-actively-exploited-kernel-bug/
∗∗∗ Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild ∗∗∗
---------------------------------------------
A now-patched critical remote code execution (RCE) vulnerability in GitLabs web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks.
---------------------------------------------
https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
Tivoli Composite Application Manager for Transactions, InfoSphere Information Server, InfoSphere DataStage Flow Designer, API Connect, Application Discovery and Delivery Intelligence, MessageGateway, PowerSC.
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Firefox-Updates schließen zahlreiche Sicherheitslücken ∗∗∗
---------------------------------------------
Die Entwickler der Mozilla Foundation haben im Webbrowser Firefox mehr als ein Dutzend Sicherheitslücken gestopft.
---------------------------------------------
https://heise.de/-6245344
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (bind, chromium, freerdp, opera, webkit2gtk, and wpewebkit), Debian (cron, cups, elfutils, ffmpeg, libmspack, libsdl1.2, libsdl2, opencv, and tiff), Fedora (java-latest-openjdk, stb, and thunderbird), Mageia (cairo, cloud-init, docker, ffmpeg, libcaca, php, squid, and webkit2), openSUSE (busybox, chromium, civetweb, containerd, docker, runc, dnsmasq, fetchmail, flatpak, go1.16, krb5, ncurses, python, python-Pygments, squid, strongswan, transfig, webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/874623/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (asterisk, bind9, glusterfs, and openjdk-11), Fedora (ansible and CuraEngine), openSUSE (mailman and opera), Oracle (binutils and flatpak), Red Hat (curl, flatpak, java-1.8.0-ibm, kernel, kernel-rt, libsolv, python3, samba, and webkit2gtk3), Scientific Linux (binutils and flatpak), SUSE (binutils and transfig), and Ubuntu (ceph and mailman).
---------------------------------------------
https://lwn.net/Articles/874818/
∗∗∗ Kaspersky Patches Vulnerability That Can Lead to Unbootable System ∗∗∗
---------------------------------------------
Kaspersky published two advisories on Monday to warn customers about a vulnerability that can lead to unbootable systems and a phishing campaign involving messages sent from a Kaspersky email address.
---------------------------------------------
https://www.securityweek.com/kaspersky-patches-vulnerability-can-lead-unbootable-system
∗∗∗ November 1, 2021 TNS-2021-18 [R1] Nessus 10.0.0 Fixes One Vulnerability ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2021-18
∗∗∗ Synology-SA-21:27 ISC BIND ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_21_27
∗∗∗ Sensormatic Electronics VideoEdge ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-306-01
∗∗∗ WECON PI Studio (Update A) ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/ICSA-18-277-01
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list