[CERT-daily] Tageszusammenfassung - 02.09.2021

Daily end-of-shift report team at cert.at
Thu Sep 2 18:09:33 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 01-09-2021 18:00 − Donnerstag 02-09-2021 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ How to block Windows Plug-and-Play auto-installing insecure apps ∗∗∗
---------------------------------------------
A trick has been discovered that prevents your device from being taken over by vulnerable Windows applications when devices are plugged into your computer.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/how-to-block-windows-plug-and-play-auto-installing-insecure-apps/


∗∗∗ Team Cymru’s Threat Hunting Maturity Model Explained ∗∗∗
---------------------------------------------
In this four-part series, we’ll be looking at Team Cymru’s Threat Hunting Maturity Model.
---------------------------------------------
https://team-cymru.com/blog/2021/09/02/team-cymrus-threat-hunting-maturity-model-explained-2/


∗∗∗ QakBot technical analysis ∗∗∗
---------------------------------------------
This report contains technical analysis of the Trojan-Banker named QakBot (aka QBot, QuackBot or Pinkslipbot) and its information stealing, web injection and other modules.
---------------------------------------------
https://securelist.com/qakbot-technical-analysis/103931/


∗∗∗ Analysis of a Phishing Kit (that targets Chase Bank) ∗∗∗
---------------------------------------------
Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by attackers.
---------------------------------------------
https://blog.sucuri.net/2021/09/analysis-of-a-phishing-kit-that-targets-chase-bank.html


∗∗∗ Too Log; Didnt Read — Unknown Actor Using CLFS Log Files for Stealth ∗∗∗
---------------------------------------------
The Mandiant Advanced Practices team recently discovered a new malware family we have named PRIVATELOG and its installer, STASHLOG.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html


∗∗∗ Google Play sign-ins can be abused to track another person’s movements ∗∗∗
---------------------------------------------
We tried to help somebody install an app on an Android phone and stumbled on a way to track them instead.
---------------------------------------------
https://blog.malwarebytes.com/awareness/2021/09/google-play-sign-ins-can-be-abused-to-track-another-persons-movements/


∗∗∗ Translated: Talos insights from the recently leaked Conti ransomware playbook ∗∗∗
---------------------------------------------
Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti.
---------------------------------------------
https://blog.talosintelligence.com/2021/09/Conti-leak-translation.html


∗∗∗ Vorsicht vor fit4fun-arena.de – zu günstig um wahr zu sein ∗∗∗
---------------------------------------------
Der Fake-Shop fit4fun-arena.de bietet unglaublich günstige Fahrräder und weitere Fitnessartikel an.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-fit4fun-arenade-zu-guenstig-um-wahr-zu-sein/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Dateimanager Midnight Commander seit neun Jahren angreifbar ∗∗∗
---------------------------------------------
Es gibt ein wichtiges Sicherheitsupdate für Midnight Commander.
---------------------------------------------
https://heise.de/-6180301


∗∗∗ Braktooth: Neue Bluetooth-Lücken bedrohen unzählige Geräte ∗∗∗
---------------------------------------------
Sicherheitsforscher haben mehrere Bluetooth-Schwachstellen entdeckt. Nicht alle Hersteller planen, Patches zu veröffentlichen.
---------------------------------------------
https://heise.de/-6180540


∗∗∗ Cisco beseitigt kritische Lücke aus Enterprise NFV Infrastructure Software ∗∗∗
---------------------------------------------
Jetzt updaten: Die Enterprise NFV Infrastructure Software (NFVIS) kann je nach Konfiguration aus der Ferne angreifbar sein. Aktualisierungen stehen bereit.
---------------------------------------------
https://heise.de/-6180655


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by openSUSE (ffmpeg and gstreamer-plugins-good), SUSE (apache2, apache2-mod_auth_mellon, ffmpeg, gstreamer-plugins-good, libesmtp, openexr, rubygem-puma, xen, and xerces-c), and Ubuntu (openssl).
---------------------------------------------
https://lwn.net/Articles/868155/


∗∗∗ Recently Patched Confluence Vulnerability Exploited in the Wild ∗∗∗
---------------------------------------------
Hackers started exploiting a vulnerability in Atlassian’s Confluence enterprise collaboration product just one week after the availability of a patch was announced.
---------------------------------------------
https://www.securityweek.com/recently-patched-confluence-vulnerability-exploited-wild


∗∗∗ Cisco Nexus Insights Authenticated Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-insight-infodis-2By2ZpBB


∗∗∗ Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2


∗∗∗ Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-collab-xss-fQMDE5GO


∗∗∗ Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh


∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-4HnZFewr


∗∗∗ Johnson Controls Sensormatic Electronics Illustra ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-01


∗∗∗ JTEKT TOYOPUC TCC-6353 PC10G-CPU ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-02


∗∗∗ Advantech WebAccess ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list