Tageszusammenfassung - 13.10.2021

End-of-Day report

Timeframe: Dienstag 12-10-2021 18:00 - Mittwoch 13-10-2021 18:00 Handler: Dimitri Robl Co-Handler: Wolfgang Menezes

News

MysterySnail attacks with Windows zero-day

We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns.

https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/

Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis

Cobalt Strike is a commercial adversary simulation software that is marketed to red teams but is also stolen and actively used by a wide range of threat actors from ransomware operators to espionage-focused Advanced Persistent Threats (APTs).

https://www.mandiant.com/resources/defining-cobalt-strike-components

2021: Apples Jahr der Zero-Days

In dieser Woche hat Apple erneut eine bereits ausgenutzte iPhone-Lücke gepatcht. Seit Februar gab es mehr als ein Dutzend in den Systemen des Konzerns.

https://heise.de/-6215715

Azure Privilege Escalation via Service Principal Abuse

In this blog post, I-ll explain how a particular kind of attack path can emerge in Azure based on Azure-s RBAC system - an attack path we have seen in the vast majority of Azure tenants we-ve gotten access to.

https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5

Vulnerabilities

SAP-Patchday: NetWeaver AS & Environmental Compliance bargen kritische Lücken

Zum monatlichen Patchday hat SAP Updates für viele Produkte veröffentlicht. Zwei beseitigten Sicherheitsproblemen wurden CVSS-Scores nahe der 10 zugeordnet.

https://heise.de/-6215952

Security updates for Wednesday

Security updates have been issued by Debian (flatpak and ruby2.3), Fedora (flatpak, httpd, mediawiki, redis, and xstream), openSUSE (kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), Red Hat (.NET 5.0, 389-ds-base, httpd:2.4, kernel, kernel-rt, libxml2, openssl, and thunderbird), Scientific Linux (389-ds-base, kernel, libxml2, and openssl), SUSE (apache2-mod_auth_openidc, curl, glibc, kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), and Ubuntu (squashfs-tools).

https://lwn.net/Articles/872843/

The October 2021 Security Update Review

The second Tuesday of the month is here, and that means the latest security updates from Adobe and Microsoft have arrived.

https://www.thezdi.com/blog/2021/10/12/the-october-2021-security-update-review

Sicherheitsupdates für Exchange Server (Oktober 2021)

Microsoft hat zum 12. Oktober 2021 Sicherheitsupdates für Exchange Server 2013, Exchange Server 2016 und Exchange Server 2019 veröffentlicht.

https://www.borncity.com/blog/2021/10/13/sicherheitsupdates-fr-exchange-server-oktober-2021/

ZDI-21-1147: Adobe Illustrator PDF File Parsing Memory Corruption Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-21-1147/

ZDI-21-1146: Adobe Illustrator PDF File Parsing Use-After-Free Information Disclosure Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-21-1146/

ZDI-21-1148: Linux Kernel eBPF Type Confusion Privilege Escalation Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-21-1148/

SYSS-2021-014, SYSS-2021-015 und SYSS-2021-019: Schwachstellen in Softphones von Linphone und MicroSIP

https://www.syss.de/pentest-blog/syss-2021-014-syss-2021-015-und-syss-2021-019-schwachstellen-in-softphones-von-linphone-und-microsip

ThinkPad BIOS Vulnerabilities

http://support.lenovo.com/product_security/PS500444-THINKPAD-BIOS-VULNERABILITIES

NetApp Clustered Data ONTAP X-Frame-Options Header Vulnerability

http://support.lenovo.com/product_security/PS500442-NETAPP-CLUSTERED-DATA-ONTAP-X-FRAME-OPTIONS-HEADER-VULNERABILITY

AMD x86 PREFETCH instruction related side-channels

http://support.lenovo.com/product_security/PS500445-AMD-X86-PREFETCH-INSTRUCTION-RELATED-SIDE-CHANNELS

Intel SGX SDK Advisory

http://support.lenovo.com/product_security/PS500443-INTEL-SGX-SDK-ADVISORY