[CERT-daily] Tageszusammenfassung - 14.09.2021

Tue Sep 14 18:16:07 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 13-09-2021 18:00 − Dienstag 14-09-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ New Zloader attacks disable Windows Defender to evade detection ∗∗∗
---------------------------------------------
An ongoing Zloader campaign uses a new infection chain to disable Microsoft Defender Antivirus (formerly Windows Defender) on victims computers to evade detection.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-zloader-attacks-disable-windows-defender-to-evade-detection/


∗∗∗ Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike ∗∗∗
---------------------------------------------
In August 2021, we at Intezer discovered a fully undetected ELF implementation of Cobalt Strike’s beacon, which we named Vermilion Strike. The stealthy sample uses Cobalt Strike’s Command and Control (C2) protocol when communicating to the C2 server and has Remote Access capabilities such as uploading files, running shell commands and writing to files. The malware is fully undetected in VirusTotal at the time of this writing and was uploaded from Malaysia.
---------------------------------------------
https://www.intezer.com/blog/malware-analysis/vermilionstrike-reimplementation-cobaltstrike/


∗∗∗ Lücken im Matrix-Protokoll gefährden Ende-zu-Ende-Verschlüsselung von Messengern ∗∗∗
---------------------------------------------
Aufgrund von kritischen Lücken in verschiedenen Matrix-Clients könnten Angreifer eigentlich verschlüsselte Nachrichten mitlesen.
---------------------------------------------
https://heise.de/-6191625


∗∗∗ Apple releases emergency update: Patch, but don’t panic ∗∗∗
---------------------------------------------
Spyware developed by the company NSO Group is back in the news today after Apple released an emergency fix for iPhones, iPads, Macs, and Apple Watches. The update fixes a vulnerability silently exploited by software called Pegasus, which is often used in high-level surveillance campaigns by governments.
---------------------------------------------
https://blog.malwarebytes.com/privacy-2/2021/09/apple-releases-emergency-update-patch-but-dont-panic/


∗∗∗ Facebook: Cineplexx-Gewinnspiel für "James Bond"-Tickets ist Fake ∗∗∗
---------------------------------------------
Auf Facebook kursiert gerade ein Fake-Gewinnspiel der Seite „Cineplexx Österreich“. Dort werden angeblich 2 „VIP-Spionage-Tickets“ für den neuen James Bond Film verlost. Die Teilnahme funktioniert ganz einfach: Man muss lediglich den Beitrag kommentieren. In weiterer Folge erhalten TeilnehmerInnen dann über den Facebook-Messenger eine Gewinnbenachrichtigung und werden gebeten, auf einen Link zu klicken. Vorsicht: Die Facebook-Seite „Cineplexx Österreich“ ist Fake, Sie tappen in eine Abo-Falle! 
---------------------------------------------
https://www.watchlist-internet.at/news/facebook-cineplexx-gewinnspiel-fuer-james-bond-tickets-ist-fake/


∗∗∗ Benutzt hier jemand Travis CI? Stellt sich raus: Keine gute Idee ∗∗∗
---------------------------------------------
Ich sage euch, die Leichtigkeit, mit der die Leute ihren Kram in die Cloud schieben, ist immer wieder atemberaubend. Als ob das nicht dein Problem ist, wenn bei denen dann was kaputt geht!?
---------------------------------------------
http://blog.fefe.de/?ts=9fbe5059

=====================
=  Vulnerabilities  =
=====================

∗∗∗ Citrix ShareFile Storage Zones Controller Security Update ∗∗∗
---------------------------------------------
A security issue has been identified in Citrix ShareFile storage zones controller which, if exploited, would allow an unauthenticated attacker to remotely compromise the storage zones controller.
---------------------------------------------
https://support.citrix.com/article/CTX328123


∗∗∗ Siemens Advisories/Bulletins ∗∗∗
---------------------------------------------
Siemens hat am 14.9.2021 21 neue und 25 aktualisierte Advisories/Bulletins veröffentlicht.
---------------------------------------------
https://new.siemens.com/global/en/products/services/cert.html


∗∗∗ SAP Security Patch Day - September 2021 ∗∗∗
---------------------------------------------
On 14th of September 2021, SAP Security Patch Day saw the release of 17 Security Notes. There were 2 updates to previously released Patch Day Security Note.
---------------------------------------------
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405


∗∗∗ Nitro PDF Pro: Security-Update verhindert Codeausführung über präparierte PDFs ∗∗∗
---------------------------------------------
Die Software Nitro PDF Pro war unter anderem mittels schädlicher PDF-Dateien angreifbar. Die neueste Version umfasst zwei wichtige Sicherheitslücken-Fixes.
---------------------------------------------
https://heise.de/-6191199


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by openSUSE (libaom and nextcloud), Oracle (cyrus-imapd, firefox, and thunderbird), Red Hat (kernel and kpatch-patch), Scientific Linux (firefox and thunderbird), and Ubuntu (apport).
---------------------------------------------
https://lwn.net/Articles/869221/


∗∗∗ Atlassian Jira Software: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Jira ist eine Webanwendung zur Softwareentwicklung.
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Jira Software ausnutzen, um Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen und einen Denial of Service Zustand herbeizuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0961


∗∗∗ ImageMagick: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ImageMagick ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0962


∗∗∗ Sicherheitslücke in HP OMEN Gaming Hub ∗∗∗
---------------------------------------------
Sicherheitsforscher von SentinelOne haben jetzt eine schwerwiegende Sicherheitslücke im HP OMEN Gaming Hub gefunden. Die Sicherheitslücke im Treiber der Gamingsoftware von HP OMEN erlaubt Angreifern Systemrechte zu erlangen. Dies ermöglicht Systemeingriffe und das Einschleusen von Malware für nichtprivilegierte Nutzer. 
---------------------------------------------
https://www.borncity.com/blog/2021/09/14/sicherheitslcke-in-hp-omen-gaming-hub/


∗∗∗ ZDI-21-1065: (0Day) Autodesk Navisworks DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1065/


∗∗∗ ZDI-21-1064: (0Day) Autodesk Navisworks PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1064/


∗∗∗ ZDI-21-1063: (0Day) Autodesk Navisworks PDF File Parsing Memory Corruption Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1063/


∗∗∗ ZDI-21-1062: (0Day) Autodesk Navisworks DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1062/


∗∗∗ ZDI-21-1061: (0Day) Autodesk Navisworks PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1061/


∗∗∗ ZDI-21-1060: (0Day) Autodesk Navisworks DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1060/


∗∗∗ Security Bulletin: CVE-2021-2341 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2341-may-affect-ibm-sdk-java-technology-edition/


∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2021-29744) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-scripting-cve-2021-29744-2/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-8/


∗∗∗ Security Bulletin: Cross-site scripting vulnerability in IBM Financial Transaction Manager for SWIFT Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-in-ibm-financial-transaction-manager-for-swift-services/


∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-9/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-24/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-spring-framework-vulnerability-4/


∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Stored Cross-site Scripting (CVE-2021-29743) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-stored-cross-site-scripting-cve-2021-29743-2/


∗∗∗ Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Vault ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-vault-2/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM DB2 affect the IBM Intelligent Operations Center (CVE-2020-4701, CVE-2020-4739) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-db2-affect-the-ibm-intelligent-operations-center-cve-2020-4701-cve-2020-4739/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily