[CERT-daily] Tageszusammenfassung - 01.09.2021
Daily end-of-shift report
team at cert.at
Wed Sep 1 18:09:55 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 31-08-2021 18:00 − Mittwoch 01-09-2021 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Kritische Root-Sicherheitslücke in Netzwerk-Videorekorder von Annke entdeckt ∗∗∗
---------------------------------------------
Es gibt ein wichtiges Sicherheitsupdate für den Netzwerk-Videorekorder N48PBB von Annke.
---------------------------------------------
https://heise.de/-6179374
∗∗∗ Energiemanagementsystem DIAEnergie weist kritische Lücken auf ∗∗∗
---------------------------------------------
Wichtige Sicherheitsupdates für das industrielle Energiemanagementsystem DIAEnergie sind in Arbeit. Die US-Behörde CISA rät zwischenzeitlich zu Schutzmaßnahmen.
---------------------------------------------
https://heise.de/-6179591
∗∗∗ SMS: Vorsicht vor gefälschter Sendungsverfolgung ∗∗∗
---------------------------------------------
Kriminelle versenden momentan per SMS gefälschte Paketinformationen zu einer Bestellung. In der Nachricht heißt es, dass Ihr Paket nicht zugestellt werden konnte oder eine Sendungsverfolgung nun möglich ist. Sie werden aufgefordert, auf einen Link zu klicken. Achtung: Der Link führt in eine Internetfalle.
---------------------------------------------
https://www.watchlist-internet.at/news/sms-vorsicht-vor-gefaelschter-sendungsverfolgung/
∗∗∗ STRRAT: a Java-based RAT that doesnt care if you have Java, (Wed, Sep 1st) ∗∗∗
---------------------------------------------
STRRAT was discovered earlier this year as a Java-based Remote Access Tool (RAT) that does not require a preinstalled Java Runtime Environment (JRE). It has been distributed through malicious spam (malspam) during 2021. Today's diary reviews an infection generated using an Excel spreadsheet discovered on Monday, 2021-08-30.
---------------------------------------------
https://isc.sans.edu/diary/rss/27798
∗∗∗ This is why the Mozi botnet will linger on ∗∗∗
---------------------------------------------
The botnet continues to haunt IoT devices, and likely will for some time to come.
---------------------------------------------
https://www.zdnet.com/article/this-is-why-the-mozi-botnet-will-linger-on/
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM hat 52 Security Bulletins zu diversen Schwachstellen veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/2021/08/
∗∗∗ Mehrere Schwachstellen in Moxa Netzwerkgeräten ∗∗∗
---------------------------------------------
Mehrere Geräte, entwickelt von MOXA Inc., sind anfällig auf verschiedene Schwachstellen wie Command Injection und Cross-Site Scripting in der Config-Upload Funktion. Des weiteren wurde veraltete Software identifiziert und eine Stichprobe (CVE-2015-0235) davon wurde auch mithilfe eines öffentlichen exploits getestet. Alle Schwachstellen wurden durch Emulation des Gerätes mit der MEDUSA scalable firmware runtime verifiziert.
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/mehrere-schwachstellen-in-moxa-netzwerkgeraeten/
∗∗∗ Over 1 Million Sites Affected by Gutenberg Template Library & Redux Framework Vulnerabilities ∗∗∗
---------------------------------------------
On August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed on over 1 million WordPress sites. One vulnerability allowed users with lower permissions, such as contributors, to install and activate arbitrary plugins and delete any [...]
---------------------------------------------
https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (bind, GNOME, hivex, kernel, and sssd), Debian (gpac and squashfs-tools), Fedora (c-ares and openssl), openSUSE (dovecot23), Oracle (bind, hivex, kernel, and sssd), Red Hat (kernel), Scientific Linux (bind, hivex, kernel, libsndfile, libX11, and sssd), Slackware (ntfs), SUSE (dovecot23), and Ubuntu (ntfs-3g).
---------------------------------------------
https://lwn.net/Articles/868015/
∗∗∗ Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack ∗∗∗
---------------------------------------------
A serious vulnerability affecting the Linphone Session Initiation Protocol (SIP) client suite can allow malicious actors to remotely crash applications, industrial cybersecurity firm Claroty warned on Tuesday. read more
---------------------------------------------
https://www.securityweek.com/vulnerability-allows-remote-dos-attacks-against-apps-using-linphone-sip-stack
∗∗∗ Sensormatic Electronics KT-1 ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Use of Unmaintained Third-party Components vulnerability in Sensormatic Electronics KT-1 Ethernet-ready single-door controller.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-243-01
∗∗∗ Philips Patient Monitoring Devices (Update A) ∗∗∗
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSMA-20-254-01 Philips Patient Monitoring Devices that was published September 10, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate Revocation, Improper Handling of Length Parameter Inconsistency, Improper Validation of Syntactic Correctness of Input, [...]
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
∗∗∗ Node.js: Mehrere Schwachstellen ermöglichen Manipulation von Dateien ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0932
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list