[CERT-daily] Tageszusammenfassung - 09.11.2021

Daily end-of-shift report team at cert.at
Tue Nov 9 19:07:37 CET 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 08-11-2021 18:00 − Dienstag 09-11-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Wolfgang Menezes

=====================
=       News        =
=====================

∗∗∗ Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus ∗∗∗
---------------------------------------------
Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/11/08/threat-actor-dev-0322-exploiting-zoho-manageengine-adselfservice-plus/


∗∗∗ Abcbot, an evolving botnet ∗∗∗
---------------------------------------------
Business on the cloud and security on the cloud is one of the industry trends in recent years. 360Netlab is also continuing to focus on security incidents and trends on the cloud from its own expertise in the technology field. The following is a recent security incident we observed,
---------------------------------------------
https://blog.netlab.360.com/abcbot_an_evolving_botnet_en/


∗∗∗ (Ab)Using Security Tools & Controls for the Bad, (Mon, Nov 8th) ∗∗∗
---------------------------------------------
As security practitioners, we give daily advice to our customers to increase the security level of their infrastructures. Install this tool, enable this feature, disable this function, etc. When enabled, these techniques can also be (ab)used by attackers to perform nasty actions.
---------------------------------------------
https://isc.sans.edu/diary/rss/28014


∗∗∗ WooCommerce Skimmer Spoofs Checkout Page ∗∗∗
---------------------------------------------
Recently a client of ours was reporting a bogus checkout page appearing on their website. When trying to access their “my-account” page an unfamiliar prompt appeared in their browser soliciting credit card billing information: This form was foreign to our client and was clearly placed during a website compromise. Interestingly, the website itself doesn’t even accept payments at all. If this was an attempt at a targeted credit card theft infection (as quite a few of them are) [...]
---------------------------------------------
https://blog.sucuri.net/2021/11/woocommerce-skimmer-spoofs-checkout-page.html


∗∗∗ ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Security Flaws ∗∗∗
---------------------------------------------
Industrial giants Siemens and Schneider Electric have released a total of 20 Patch Tuesday advisories to address more than 50 vulnerabilities affecting their products.
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-siemens-and-schneider-electric-address-over-50-vulnerabilities-0


∗∗∗ „media-markt-outlet.de“ ist Fake ∗∗∗
---------------------------------------------
Die Webseite media-markt-outlet.de gibt vor, ein Outlet-Store von Media Markt zu sein. Da es sich bei diesem Fake-Shop angeblich um ein Outlet handelt, erscheinen die günstigen Preise auf dem ersten Blick nicht untypisch. Doch Vorsicht: media-markt-outlet.de ist Fake - Sie erhalten trotz Bezahlung keine Ware.
---------------------------------------------
https://www.watchlist-internet.at/news/media-markt-outletde-ist-fake/


∗∗∗ The Invisible JavaScript Backdoor ∗∗∗
---------------------------------------------
A few months ago we saw a post on the r/programminghorror subreddit: A developer describes the struggle of identifying a syntax error resulting from an invisible Unicode character hidden in JavaScript source code. This post inspired an idea: What if a backdoor literally cannot be seen and thus evades detection even from thorough code reviews?
---------------------------------------------
https://certitude.consulting/blog/en/invisible-backdoor/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Jetzt patchen! Attacken auf CMS Sitecore Experience Platform beobachtet ∗∗∗
---------------------------------------------
Angreifer haben es derzeit auf eine Schadcode-Lücke im Content Management System Sitecore XP abgesehen. Sicherheitspatches gibt es bereits seit Oktober 2021.
---------------------------------------------
https://heise.de/-6262157


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (firefox, grafana, jenkins, opera, and thunderbird), Debian (botan1.10 and ckeditor), openSUSE (chromium, kernel, qemu, and rubygem-activerecord-5_1), SUSE (qemu and rubygem-activerecord-5_1), and Ubuntu (docker.io, kernel, linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux, linux-aws, linux-aws-5.4, linux-azure, [...]
---------------------------------------------
https://lwn.net/Articles/875531/


∗∗∗ Adobe Patches Critical RoboHelp Server Security Flaw ∗∗∗
---------------------------------------------
Software maker Adobe on Tuesday released patches to cover at least four documented security defects that expose users to malicious hacker attacks. The most serious of the flaw was addressed in RoboHelp Server and is rated “critical” because it exposes corporate environments to arbitrary code execution attacks.
---------------------------------------------
https://www.securityweek.com/adobe-patches-critical-robohelp-server-security-flaw


∗∗∗ IPAS: Security Advisories for November 2021 ∗∗∗
---------------------------------------------
Hi everyone, Today we released 25 security advisories addressing 72 vulnerabilities. Through our internal security research and the investment we make in our bug bounty programs, 96% of the issues being addressed today are the result of our proactive product security assurance efforts. Given that almost half of today’s advisories address drivers in various components, [...]
---------------------------------------------
https://blogs.intel.com/technology/2021/11/intel-security-advisories-for-november-2021/


∗∗∗ NUCLEUS:13 vulnerabilities impact Siemens medical & industrial equipment ∗∗∗
---------------------------------------------
Security researchers have disclosed today a set of 13 vulnerabilities that impact a crucial Siemens software library that is included with medical devices, automotive, and industrial systems.
---------------------------------------------
https://therecord.media/nucleus13-vulnerabilities-impact-siemens-medical-industrial-equipment/


∗∗∗ Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX330728


∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Ant vulnerability (CVE-2021-36374) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-ant-vulnerability-cve-2021-36374/


∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2021-2388, CVE-2021-2369, CVE-2021-2432) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2021-2388-cve-2021-2369-cve-2021-2432/


∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Ant vulnerability (CVE-2021-36373) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-ant-vulnerability-cve-2021-36373/


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by CVE-2021-23509 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-affected-by-cve-2021-23509/


∗∗∗ Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in Golang ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-golang-2/


∗∗∗ Security Bulletin: A vulnerability in Apache Commons Compress Library affects IBM LKS ART and Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-commons-compress-library-affects-ibm-lks-art-and-agent/


∗∗∗ Security Bulletin: A vulnerability in IBM Java SDK (July 2021) affects IBM InfoSphere Information Server (CVE-2021-2432) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-july-2021-affects-ibm-infosphere-information-server-cve-2021-2432/


∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-25648, CVE-2021-31535, CVE-2021-20305, CVE-2020-25692) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-cve-2020-25648-cve-2021-31535-cve-2021-20305-cve-2020-25692/


∗∗∗ Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-4152, CVE-2020-4160, CVE-2020-4153) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-cve-2020-4152-cve-2020-4160-cve-2020-4153/


∗∗∗ Security Bulletin: IBM Safer Payments v5.7 to v6.3 releases are affected by an OpenSSL Security Advisory (CVE-2021-3711) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-safer-payments-v5-7-to-v6-3-releases-are-affected-by-an-openssl-security-advisory-cve-2021-3711/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (Nov. 2021 V1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-nov-2021-v1/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list