[CERT-daily] Tageszusammenfassung - 21.09.2021
Daily end-of-shift report
team at cert.at
Tue Sep 21 18:13:44 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Montag 20-09-2021 18:00 − Dienstag 21-09-2021 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ A guide to combatting human-operated ransomware: Part 1 ∗∗∗
---------------------------------------------
As human-operated ransomware is on the rise, Microsoft’s Detection and Response Team (DART) shares how they investigate these attacks and what to consider when faced with a similar event in your organization.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/09/20/a-guide-to-combatting-human-operated-ransomware-part-1/
∗∗∗ Mama Always Told Me Not to Trust Strangers without Certificates (Moar Netgear Pwnage) ∗∗∗
---------------------------------------------
This blog post details a vulnerability, the exploitation of which results in Remote Code Execution (RCE) as root, that impacts many modern Netgear Small Offices/Home Offices (SOHO) devices. The vulnerability isn’t your typical router vulnerability, in that the source of the vulnerability is located within a third-party component included in the firmware of many Netgear devices. This code is part of Circle, which adds parental control features to these devices.
---------------------------------------------
https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
∗∗∗ Does Your Organization Have a Security.txt File? ∗∗∗
---------------------------------------------
It happens all the time: Organizations get hacked because there isnt an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isnt entirely clear who should get the report when remote access to an organizations internal network is being sold in the cybercrime underground. In a bid to minimize these scenarios, a growing number of major companies are adopting "Security.txt," a proposed new Internet standard...
---------------------------------------------
https://krebsonsecurity.com/2021/09/does-your-organization-have-a-security-txt-file/
∗∗∗ TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines ∗∗∗
---------------------------------------------
Cisco Talos found a previously undiscovered backdoor from the Turla APT that we are seeing in the wild. This simple backdoor is likely used as a second-chance backdoor to maintain access to the system, even if the primary malware is removed. It could also be used as a second-stage dropper to infect the system with additional malware.
---------------------------------------------
https://blog.talosintelligence.com/2021/09/tinyturla.html
∗∗∗ OpenOffice Vulnerability Exposes Users to Code Execution Attacks ∗∗∗
---------------------------------------------
A buffer overflow vulnerability in Apache OpenOffice could be exploited to execute arbitrary code on target machines using malicious documents.
Tracked as CVE-2021-33035 and discovered by security researcher Eugene Lim, the bug affects OpenOffice versions up to 4.1.10, with patches deployed in the 4.1.11 beta only, meaning that most installations out there are likely vulnerable.
---------------------------------------------
https://www.securityweek.com/openoffice-vulnerability-exposes-users-code-execution-attacks
∗∗∗ Vorsicht beim Welpen-Kauf im Internet! ∗∗∗
---------------------------------------------
Wollen Sie online einen Hundewelpen kaufen? Wenn ja, dann stoßen Sie möglicherweise auf unseriöse Angebote. Der Watchlist Internet werden derzeit zahlreiche Seiten gemeldet, die angeben Rasse-Hundewelpen zu verkaufen und das meist zu einem günstigen Preis. Nicht nur die Preise, sondern auch liebevolle Fotos und Beschreibungen verlocken dazu, einen Kauf zu tätigen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-beim-welpen-kauf-im-internet/
∗∗∗ Russian security firm sinkholes part of the dangerous Meris DDoS botnet ∗∗∗
---------------------------------------------
Rostelecom-Solar, the cybersecurity division of Russian telecom giant Rostelecom, said on Monday that it sinkholed a part of the Meris DDoS botnet after identifying a mistake from the malwares creators.
---------------------------------------------
https://therecord.media/russian-security-firm-sinkholes-part-of-the-dangerous-meris-ddos-botnet/
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM hat 21 Security Bulletins veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (webkit2gtk, wpewebkit, and xen), Oracle (kernel), Red Hat (curl, go-toolset:rhel8, krb5, mysql:8.0, nodejs:12, and nss and nspr), and Ubuntu (curl and tiff).
---------------------------------------------
https://lwn.net/Articles/869923/
∗∗∗ Apple iOS & iPadOS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
iOS 15 und iPadOS 15 sowie iOS 14.8 und iPadOS 14.8 veröffentlicht.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0993
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list