[CERT-daily] Tageszusammenfassung - 03.11.2021
Daily end-of-shift report
team at cert.at
Wed Nov 3 18:21:16 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 02-11-2021 18:00 − Mittwoch 03-11-2021 18:00
Handler: Dimitri Robl
Co-Handler: Wolfgang Menezes
=====================
= News =
=====================
∗∗∗ A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions ∗∗∗
---------------------------------------------
This article provides an overview of what the App Sandbox is and the vulnerability details as disclosed to Apple.
---------------------------------------------
https://perception-point.io/a-technical-analysis-of-cve-2021-30864-bypassing-app-sandbox-restrictions/
∗∗∗ Ransomware: "BlackMatter"-Gang will aufhören – mal wieder ∗∗∗
---------------------------------------------
Druck von Ermittlern veranlasst BlackMatter zum Aufhören. Ein endgültiger Abschied der alten Hasen aus dem Erpresser-Business scheint aber eher fraglich.
---------------------------------------------
https://heise.de/-6247924
∗∗∗ Sicherheitsforscher warnen vor zehntausenden verwundbaren GitLab-Servern ∗∗∗
---------------------------------------------
Obwohl es bereits mehrere Monate Sicherheitspatches für eine kritische Lücke gibt, sind einem Bericht zufolge immer noch viele GitLab-Server angreifbar.
---------------------------------------------
https://heise.de/-6249588
∗∗∗ This Steam phish baits you with free Discord Nitro ∗∗∗
---------------------------------------------
Theres another scam making rounds on Discord. And its cleverly phishing for Steam credentials.
---------------------------------------------
https://blog.malwarebytes.com/malwarebytes-news/2021/11/this-steam-phish-baits-you-with-free-discord-nitro/
∗∗∗ Kleinanzeigenbetrug mit angeblichem Post-Kurier boomt! ∗∗∗
---------------------------------------------
Zahlreiche LeserInnen wenden sich derzeit an uns, da Kriminelle eine gefälschte Webseite der Post für Kleinanzeigenbetrug verwenden. Dabei suchen die BetrügerInnen auf Willhaben, Ebay, Shpock und Co. nach teuren Angeboten und erklären den VerkäuferInnen, dass der Kauf über einen Kurierdienst der Post abgewickelt werden soll.
---------------------------------------------
https://www.watchlist-internet.at/news/kleinanzeigenbetrug-mit-angeblichem-post-kurier-boomt/
∗∗∗ Almost half of rootkits are used for cyberattacks against government organizations ∗∗∗
---------------------------------------------
On Wednesday, Positive Technologies released a report on the evolution and application of rootkits in cyberattacks, noting that 77% of rootkits are utilized for cyberespionage.
---------------------------------------------
https://www.zdnet.com/article/almost-half-of-rootkits-are-used-to-strike-government-targets/
∗∗∗ "Trojan Source": Was ist da dran? ∗∗∗
---------------------------------------------
An sich schätze ich Brian Krebs, er schreibt wirklich gute Artikel, aber bei ‘Trojan Source’ Bug Threatens the Security of All Code hat er etwas übertrieben.
---------------------------------------------
https://cert.at/de/aktuelles/2021/11/trojan-source-was-ist-da-dran
∗∗∗ CISA Issues BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities ∗∗∗
---------------------------------------------
CISA has issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to addresses vulnerabilities that establishes specific timeframes for federal civilian agencies to remediate vulnerabilities that are being actively exploited by known adversaries.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/cisa-issues-bod-22-01-reducing-significant-risk-known-exploited
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
Cisco hat 16 Security Advisories veröffentlicht. Zwei davon werden als "Critical" eingestuft, zwei als "High", und zwölf als "Medium".
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F11%2F02&firstPublishedEndDate=2021%2F11%2F03
∗∗∗ Patchday: Angreifer attackieren gezielt Android-Geräte ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für verschiedene Android-Versionen. Eine Lücke im Kernel nutzen Angreifer derzeit aus.
---------------------------------------------
https://heise.de/-6247997
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (CuraEngine, curl, firefox, php, and vim), openSUSE (apache2, pcre, salt, transfig, and util-linux), Oracle (.NET 5.0, curl, kernel, libsolv, python3, samba, and webkit2gtk3), and Red Hat (flatpak).
---------------------------------------------
https://lwn.net/Articles/874980/
∗∗∗ ZDI-21-1277: (0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1277/
∗∗∗ ZDI-21-1276: (0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1276/
∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Huawei Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211103-01-privilege-en
∗∗∗ Security Bulletin: Vulnerabilities in HAProxy Watson Knowledge Catalog for IBM Cloud Pak for Data ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-haproxy-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/
∗∗∗ Security Vulnerabilities fixed in Thunderbird 91.3 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
∗∗∗ Red Hat Integration - Service Registry: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-1143
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list