Tageszusammenfassung - 11.10.2021

End-of-Day report

Timeframe: Freitag 08-10-2021 18:00 - Montag 11-10-2021 18:00 Handler: Dimitri Robl Co-Handler: Wolfgang Menezes

News

Missbrauch mit Malware-Befall: Microsoft deaktiviert Excel 4.0-Makros in Office

Gegen immer mehr Angriffe über Excel-Makros geht Microsoft nun vor: Standardmäßig werden alle Excel 4.0-Makros in Office 365 demnächst deaktiviert.

https://heise.de/-6213387


Kaufen Sie nicht in Shops mit @thateer.top Mail-Adressen ein!

Derzeit tauchen zahlreiche Fake-Shops im Internet auf, die alle ähnlich aufgebaut sind, die gleichen Texte verwenden und unter einer dieser E-Mail-Adressen erreichbar sind: [...]

https://www.watchlist-internet.at/news/kaufen-sie-nicht-in-shops-mit-thateertop-mail-adressen-ein/


Ransomware wegen Homeoffice auf dem Vormarsch

Bedingt durch die Coronavirus-Pandemie arbeiten seit 2020 Menschen vermehrt im Homeoffice. Leider konnte die Absicherung dieser Arbeitsplätze mit dieser Entwicklung nicht Schritt halten. Gleichzeitig hat die Cyberkriminalität mit der verstärkten Telearbeit in Unternehmen durch die Pandemiekrise weiter aufgerüstet und ihre [...]

https://www.borncity.com/blog/2021/10/11/ransomware-auf-dem-vormarsch/


The 5 Phases of Zero Trust Adoption

Zero trust aims to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data.

https://www.darkreading.com/endpoint/the-5-phases-of-zero-trust-adoption


Scanning for Previous Oracle WebLogic Vulnerabilities, (Sat, Oct 9th)

In the past few weeks, I have captured multiple instance of traffic related to some past Oracle vulnerabilities that have already been patched. The first is related to a RCE (CVE-2017-10271) that can be triggered to execute commands remotely by bypassing the CVE-2017-3506 patch's limitations. The POST contains an init.sh script which doesn't appear to be available for download.

https://isc.sans.edu/diary/rss/27918


Things that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers, (Mon, Oct 11th)

If you are reviewing your web server logs periodically, you may notice some odd requests that are not HTTP requests in your logs. In particular if you have a web server listening on a non standard port. I want to quickly review some of the most common requests like that, that I am seeing: [...]

https://isc.sans.edu/diary/rss/27924


When criminals go corporate: Ransomware-as-a-service, bulk discounts and more

This summer, Abnormal Security discovered that some of its customers staff were receiving emails inviting them to install ransomware on a company computer in return for a $1m share of the "profits".

https://go.theregister.com/feed/www.theregister.com/2021/10/11/ransomware_as_a_service/


CISA Releases Remote Access Guidance for Government Agencies

The United States Cybersecurity and Infrastructure Security Agency (CISA) last week announced the release a new guidance document: Trusted Internet Connections (TIC) 3.0 Remote User Use Case.

https://www.securityweek.com/cisa-releases-remote-access-guidance-government-agencies


InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks

Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available.

https://www.securityweek.com/inhand-router-flaws-could-expose-many-industrial-companies-remote-attacks


Protect your network

So, you know where your wallet is, yes? And your phone - it's in your pocket, or just over there on the table? Excellent. You might be reading this on your laptop, so you know where that is. You might have a snazzy Smart TV or two? Perhaps you have joined [...]

https://connect.geant.org/2021/10/11/protect-your-network

Vulnerabilities

Security updates for Monday

Security updates have been issued by Debian (apache2, mediawiki, neutron, and tiff), Fedora (chromium, dr_libs, firefox, and grafana), Mageia (apache), openSUSE (chromium and rabbitmq-server), Oracle (kernel), Red Hat (firefox and httpd24-httpd), SUSE (rabbitmq-server), and Ubuntu (libntlm).

https://lwn.net/Articles/872547/


Security Advisory - Use-after-free Vulnerability in Huawei Products

https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211008-01-cloudengine-en


Security Advisory - Path Traversal Vulnerability in Huawei PC Product

https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211008-01-share-en


Security Bulletin: IBM App Connect Enterprise Certified Container Designers may be vulnerable to arbitrary code execution via CVE-2021-3757

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-designers-may-be-vulnerable-to-arbitrary-code-execution-via-cve-2021-3757/


Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerability CVE-2021-31525

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-go-vulnerability-cve-2021-31525/


Security Bulletin: A vulnerability in Spring Framework affects IBM Watson Machine Learning Accelerator

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-spring-framework-affects-ibm-watson-machine-learning-accelerator/


Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2021 - Includes Oracle Jul 2021 CPU

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2021-includes-oracle-jul-2021-cpu/


MediaWiki Extensions und Skins: Mehrere Schwachstellen

https://www.cert-bund.de/advisoryshort/CB-K21-1050


Apache OpenOffice und LibreOffice: Mehrere Schwachstellen ermöglichen Manipulation von Dateien

https://www.cert-bund.de/advisoryshort/CB-K21-1051