[CERT-daily] Tageszusammenfassung - 22.09.2021
Daily end-of-shift report
team at cert.at
Wed Sep 22 18:18:20 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 21-09-2021 18:00 − Mittwoch 22-09-2021 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Apple users warned: Clicking this attachment will take over your macOS ∗∗∗
---------------------------------------------
A code execution bug in Apple's macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn't fully patched it yet, as tested by Ars.
---------------------------------------------
https://arstechnica.com/?p=1797268
∗∗∗ Datenanalyse: Steigende Zahl automatisierter Cyberangriffe ∗∗∗
---------------------------------------------
Automatisierung ist seit Jahren ein wichtiges Thema. Auch Online-Kriminelle haben laut eine Analyse die Vorteile für sich entdeckt.
Kriminelle Hacker setzen nach einer neuen Datenanalyse bei Cyberangriffen immer häufiger auf automatisierte Massenattacken. Seltener werden dagegen gezielte Angriffe, bei denen Hacker noch persönlich am Computer sitzen...
---------------------------------------------
https://heise.de/-6198205
∗∗∗ Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners ∗∗∗
---------------------------------------------
We strongly recommend updating immediately to the latest patched version of Ninja Forms to patch these security issues, which is version 3.5.8.2 of Ninja Forms at the time of this publication.
---------------------------------------------
https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-ninja-forms-plugin-affects-over-1-million-site-owners/
∗∗∗ Bei diesen Investitionsplattformen verlieren Sie Ihr Geld ∗∗∗
---------------------------------------------
Im Internet findet man unzählige Möglichkeiten, Geld einfach und unkompliziert zu investieren. Auf Trading-Plattformen wie infinitycapitalg.com, suntonfx.com oder windsorglobalaustria.com werden hohe Gewinnchancen, auch ohne großes Finanzwissen versprochen. Klingt zwar sehr verlockend, führt in Wahrheit aber zu sehr hohen Verlusten! Unser Tipp: Checken Sie die Investorenwarnungen der Finanzmarktaufsicht.
---------------------------------------------
https://www.watchlist-internet.at/news/bei-diesen-investitionsplattformen-verlieren-sie-ihr-geld/
∗∗∗ Microsoft Exchange Autodiscover-Designfehler ermöglicht Abgriff von Zugangsdaten ∗∗∗
---------------------------------------------
Sicherheitsforscher von Guardicore sind in Microsoft Exchange auf einen Designfehler gestoßen, der es Angreifern ermöglicht, über externe Autodiscover-Domains die Anmeldedaten von Domains abzugreifen. Möglich wird dies, weil sich Autodiscover-Domains außerhalb der Domäne des Nutzers (aber noch in derselben TLD) missbrauchen lassen.
---------------------------------------------
https://www.borncity.com/blog/2021/09/22/microsoft-exchange-autodiscover-designfehler-ermglicht-abgriff-von-zugangsdaten/
=====================
= Vulnerabilities =
=====================
∗∗∗ ZDI-21-1104: McAfee Endpoint Security Incorrect Permission Assignment Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Endpoint Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1104/
∗∗∗ Patch now! Insecure Hikvision security cameras can be taken over remotely ∗∗∗
---------------------------------------------
The vulnerability found by Watchfull_IP is listed under CVE-2021-36260 and could allow an unauthenticated attacker to gain full access to the device and possibly perform lateral movement into internal networks..
---------------------------------------------
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-insecure-hikvision-security-cameras-can-be-taken-over-remotely/
∗∗∗ September 22, 2021 TNS-2021-16 [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1 ∗∗∗
---------------------------------------------
One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers.
Out of caution, and in line with best practice, Tenable opted to upgrade the bundled OpenSSL components to address the potential impact of these issues. Tenable.sc patch SC-202109.1 updates OpenSSL to version 1.1.1l to address the identified vulnerabilities.
---------------------------------------------
http://www.tenable.com/security/tns-2021-16
∗∗∗ VMSA-2021-0020 ∗∗∗
---------------------------------------------
Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
CVSSv3 Range: 4.3-9.8
CVE(s): CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22016, CVE-2021-22017, CVE-2021-22018, CVE-2021-22019, CVE-2021-22020
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (grilo), Fedora (curl, firefox, mingw-python-pillow, python-pillow, python2-pillow, and webkit2gtk3), openSUSE (chromium, grafana-piechart-panel, kernel, libcroco, php-composer, and xen), Oracle (curl, kernel, and nss and nspr), Red Hat (nodejs:12), Slackware (alpine), SUSE (ghostscript, grafana-piechart-panel, kernel, and xen), and Ubuntu (linux, linux-hwe, linux-hwe-5.11, linux-hwe-5.4, linux-raspi, linux-raspi-5.4, and linux-raspi2).
---------------------------------------------
https://lwn.net/Articles/870002/
∗∗∗ Apple iTunes: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
Ein entfernter Angreifer kann mehrere Schwachstellen in Apple iTunes ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0997
∗∗∗ Apple Safari: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
Ein entfernter Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0996
∗∗∗ Apple macOS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, Informationen offenzulegen, seine Privilegien zu erhöhen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0994
∗∗∗ Apple macOS: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apple macOS ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-1000
∗∗∗ Security Advisory - Server-Side Request Forgery Vulnerability in Huawei Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-01-ssrf-en
∗∗∗ Security Advisory - Improper File Upload Control Vulnerability in Huawei FusionCompute Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-01-upload-en
∗∗∗ Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-01-commandinjection-en
∗∗∗ Security Bulletin: IBM® Java™ SDK Technology Edition affects IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA) (CVE-2020-14781,CVE-2020-14782) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-technology-edition-affects-ibm-security-verify-governance-identity-manager-virtual-appliance-component-isvg-imva-cve-2020-14781cve-2020-14782/
∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2021-20377-cve-2020-4690/
∗∗∗ Security Bulletin: IBM QRadar Azure marketplace images include Open Management Infrastructure RPM, which is vulnerable to Remote Code Execution (CVE-2021-38647) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-azure-marketplace-images-include-open-management-infrastructure-rpm-which-is-vulnerable-to-remote-code-execution-cve-2021-38647/
∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29800) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-stored-cross-site-scripting-cve-2021-29800/
∗∗∗ Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities (CVE-2021-3538, CVE-2021-33502, CVE-2021-3450, CVE-2021-3449) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-cve-2021-3538-cve-2021-33502-cve-2021-3450-cve-2021-3449/
∗∗∗ Security Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities-6/
∗∗∗ Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-bind-affect-ibm-netezza-host-management-3/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-messagegateway-3/
∗∗∗ Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2021-3712) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-messagegateway-cve-2021-3712/
∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise v11, v12 (CVE-2020-7608) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-v11-v12-cve-2020-7608/
∗∗∗ Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-ibm-security-verify-governance-identity-manager-virtual-appliance-component-isvg-imva/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list