[CERT-daily] Tageszusammenfassung - 12.11.2021
Daily end-of-shift report
team at cert.at
Fri Nov 12 18:23:48 CET 2021
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 11-11-2021 18:00 − Freitag 12-11-2021 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Zoom dichtet Sicherheitslücken in mehreren Produkten und Clients ab ∗∗∗
---------------------------------------------
In einigen Produkten des Webkonferenz-Anbieters Zoom hat der Hersteller Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-6265648
∗∗∗ Kriminelle versenden betrügerische Mails im Namen der Post! ∗∗∗
---------------------------------------------
Derzeit melden uns zahlreiche LeserInnen ein betrügerisches E-Mail, das im Namen der Post verschickt wird. Darin behaupten die Kriminellen, dass für eine Bestellung zusätzliche Einfuhrgebühren notwendig seien. Auch wenn Sie gerade auf ein Paket warten, sollten Sie bei solchen E-Mails skeptisch sein. In diesem Fall versuchen die BetrügerInnen an Ihr Geld zu kommen!
---------------------------------------------
https://www.watchlist-internet.at/news/kriminelle-versenden-betruegerische-mails-im-namen-der-post/
∗∗∗ HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks ∗∗∗
---------------------------------------------
HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted attacks.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/
∗∗∗ Malware uses namesilo Parking pages and Googles custom pages to spread ∗∗∗
---------------------------------------------
Recently, we found a suspicious GoELFsample, which is a downloder mainly to spread mining malwares. The interesting part is that we noticed it using namesilos Parking page and Googles user-defined page to spread the sample and configuration. Apparently this is yet another attempt to hide control channel to avoid [...]
---------------------------------------------
https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/
∗∗∗ Murder-for-hire, money laundering, and more: How organised criminals work online ∗∗∗
---------------------------------------------
Europol has released an extensive report into serious and organized crime, including how these groups use the internet to aid in their criminal behaviour.
---------------------------------------------
https://blog.malwarebytes.com/reports/2021/11/murder-for-hire-money-laundering-and-more-how-organised-criminals-work-online/
∗∗∗ “We wait, because we know you.” Inside the ransomware negotiation economics. ∗∗∗
---------------------------------------------
Organizations worldwide continue to face waves of digital extortion in the form of targeted ransomware. Digital extortion is now classified as the most prominent form of cybercrime and the most devastating and pervasive threat to functioning [...]
---------------------------------------------
https://research.nccgroup.com/2021/11/12/we-wait-because-we-know-you-inside-the-ransomware-negotiation-economics/
∗∗∗ Researcher Shows Windows Flaw More Serious After Microsoft Releases Incomplete Patch ∗∗∗
---------------------------------------------
A researcher has discovered that a Windows vulnerability for which Microsoft released an incomplete patch in August is more serious than initially believed.
---------------------------------------------
https://www.securityweek.com/researcher-shows-windows-flaw-more-serious-after-microsoft-releases-incomplete-patch
∗∗∗ When the alarms go off: 10 key steps to take after a data breach ∗∗∗
---------------------------------------------
It’s often said that data breaches are no longer a matter of ‘if’, but ‘when’ – here’s what your organization should do, and avoid doing, in the case of a security breach
---------------------------------------------
https://www.welivesecurity.com/2021/11/11/alarms-go-off-10-steps-take-data-breach/
∗∗∗ Network Code on Cybersecurity is out for public consultation ∗∗∗
---------------------------------------------
The draft for the Network Code for cybersecurity aspects of cross-border electricity flows has been released today for public consultation. ENCS has collaborated on the writing of the Network Code as part of the drafting team. During the public consultation period, stakeholders within the energy sector have the opportunity of sharing their views on the [...]
---------------------------------------------
https://encs.eu/news/network-code-on-cybersecurity-is-out-for-public-consultation/
∗∗∗ Number of Malicious Shopping Websites Jumps 178% ahead of November e-Shopping Holidays, Breaking Records ∗∗∗
---------------------------------------------
Highlights: Check Point Research (CPR) spots over 5300 different malicious websites per week, marking the highest since the beginning of 2021 Numbers show a 178% increase compared to 2021 so far 1 out of 38 corporate networks are being impacted on average per week in November, compared to 1 in 47 in October, and [...]
---------------------------------------------
https://blog.checkpoint.com/2021/11/12/number-of-malicious-shopping-websites-jumps-178-ahead-of-november-e-shopping-holidays-breaking-records/
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM hat 15 Security Bulletins veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Technical Advisory – Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284) ∗∗∗
---------------------------------------------
Victure’s WR1200 WiFi router, also sometimes referred to as AC1200, was found to have multiple vulnerabilities exposing its owners to potential intrusion in their local WiFi network and complete overtake of the device. Three vulnerabilities were uncovered, with links to the associated technical advisories below: [...]
---------------------------------------------
https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (node-tar, postgresql-11, postgresql-13, and postgresql-9.6), Fedora (autotrace, botan2, chafa, converseen, digikam, dmtx-utils, dvdauthor, eom, kxstitch, pfstools, php-pecl-imagick, psiconv, q, R-magick, radeontop, rss-glx, rubygem-rmagick, synfig, synfigstudio, vdr-scraper2vdr, vdr-skinelchihd, vdr-skinnopacity, vdr-tvguide, and WindowMaker), Mageia (kernel, kernel-linus, and openafs), openSUSE (kernel), Red Hat (freerdp), SUSE (bind and kernel), [...]
---------------------------------------------
https://lwn.net/Articles/875931/
∗∗∗ WECON PLC Editor ∗∗∗
---------------------------------------------
This advisory contains mitigation for Stack-based Buffer Overflow, and Out-of-bounds Write vulnerabilities in WECON PLC Editor ladder logic software.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01
∗∗∗ Multiple Data Distribution Service (DDS) Implementations ∗∗∗
---------------------------------------------
This advisory contains mitigations for several vulnerabilities in Multiple Data Distribution Service (DDS) Implementations developed by a number of different vendors.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02
∗∗∗ VMware Releases Security Update for Tanzu Application Service for VMs ∗∗∗
---------------------------------------------
VMware has released a security update to address a vulnerability in Tanzu Application Service for VMs. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0026 and apply the necessary update.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/11/12/vmware-releases-security-update-tanzu-application-service-vms
∗∗∗ SYSS-2021-057: Open Redirect durch HTML Injection in Cryptshare ∗∗∗
---------------------------------------------
Im Cryptshare-Server besteht eine Schwachstelle. Sie erlaubt Angreifenden, die Empfänger einer manipulierten Nachricht auf beliebige Seiten weiterzuleiten.
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-057-open-redirect-durch-html-injection-in-cryptshare
∗∗∗ Unlimited Sitemap Generator vulnerable to cross-site request forgery ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN58407606/
∗∗∗ PostgreSQL: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1201
∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1198
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list