[CERT-daily] Tageszusammenfassung - 10.09.2021

Fri Sep 10 18:14:25 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 09-09-2021 18:00 − Freitag 10-09-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ MSHTML-Schwachstelle CVE-2021-40444 kritischer als bekannt ∗∗∗
---------------------------------------------
Vor einigen Tagen hat Microsoft einen Sicherheitshinweis zur Schwachstelle CVE-2021-40444 in der in Windows enthaltenen MSHTML-Komponente offen gelegt. Es hieß, es gebe den Versuch, die Schwachstelle in freier Wildbahn über präparierte Office-Dokumente auszunutzen. Aber Office-Nutzer seien eigentlich durch die geschützte Ansicht vor dieser Bedrohung geschützt. Nun wird bekannt, dass dieser Schutz löchrig ist und oft nicht wirkt.
---------------------------------------------
https://www.borncity.com/blog/2021/09/10/mshtml-schwachstelle-cve-2021-40444-kritischer-als-bekannt/


∗∗∗ A Look at iMessage in iOS 14 ∗∗∗
---------------------------------------------
[...] Given that it is also now almost exactly one year ago since we published the Remote iPhone Exploitation blog post series, in which we described how an iMessage 0-click exploit can work in practice and gave a number of suggestions on how similar attacks could be prevented in the future, now seemed like a great time to dig into the security improvements in iOS 14 in more detail and explore how Apple has hardened their platform against 0-click attacks.
---------------------------------------------
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html


∗∗∗ August 2021’s Most Wanted Malware: Formbook Climbs into First Place ∗∗∗
---------------------------------------------
Check Point Research reports that the infostealer, Formbook, is the most prevalent malware while the banking trojan, Qbot, has dropped from the list all together. Our latest Global Threat Index for August 2021 has revealed that Formbook is now the most prevalent malware, taking over Trickbot, which has fallen into second following a three-month long [...]
---------------------------------------------
https://blog.checkpoint.com/2021/09/10/august-2021s-most-wanted-malware-formbook-climbs-into-first-place/


∗∗∗ Meet Meris, the new 250,000-strong DDoS botnet terrorizing the internet ∗∗∗
---------------------------------------------
A new botnet consisting of an estimated 250,000 malware-infected devices has been behind some of the biggest DDoS attacks over the summer, breaking the record for the largest volumetric DDoS attack twice, once in June and again this month.
---------------------------------------------
https://therecord.media/meet-meris-the-new-250000-strong-ddos-botnet-terrorizing-the-internet/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitspatch: WordPress-Entwickler raten zu zügigem Update ∗∗∗
---------------------------------------------
Das Content Management System WordPress ist über mehrere Sicherheitslücken angreifbar.
---------------------------------------------
https://heise.de/-6188735


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, ghostscript, ntfs-3g, and postorius), Fedora (java-1.8.0-openjdk-aarch32, libtpms, and salt), openSUSE (libaom, libtpms, and openssl-1_0_0), Red Hat (openstack-neutron), SUSE (grilo, java-1_7_0-openjdk, libaom, libtpms, mariadb, openssl-1_0_0, openssl-1_1, and php74-pear), and Ubuntu (firefox and ghostscript).
---------------------------------------------
https://lwn.net/Articles/868863/


∗∗∗ AVEVA PCS Portal ∗∗∗
---------------------------------------------
This advisory contains mitigations for an Uncontrolled Search Path Element vulnerability in AVEVA PCS Portal sofware.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-01


∗∗∗ Delta Electronics DOPSoft 2 ∗∗∗
---------------------------------------------
This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-Bounds Write, and Heap-based Buffer Overflow vulnerabilities in Delta Electronics DOPSoft 2 HMI editing software.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02


∗∗∗ Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU ∗∗∗
---------------------------------------------
This advisory is a follow-up to a CISA product update titled ICS-ALERT-19-225-01 Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU (Update A) published September 10, 2019, on the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for OS Command Injection, Improper Access Control, Cross-site Scripting, Use of Hard-coded Credentials, Unprotected Storage of Credentials, and Incorrect Default Permissions vulnerabilities in select Mitsubishi Electric firmware.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-03


∗∗∗ Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2021-3712) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-affects-ibm-sterling-connectexpress-for-unix-cve-2021-3712/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-9/


∗∗∗ Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2021-3711) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-affects-ibm-sterling-connectexpress-for-unix-cve-2021-3711/


∗∗∗ Stack Buffer Overflow Vulnerabilities in QTS, QuTS hero, and QuTScloud ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-33


∗∗∗ Stack Buffer Overflow Vulnerability in QUSBCam2 ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-34


∗∗∗ Stack-Based Buffer Overflow Vulnerabilities in NVR Storage Expansion ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-36


∗∗∗ Insufficiently Protected Credentials in QSW-M2116P-2T2S and QuNetSwitch ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-37


∗∗∗ Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-03

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily