Tageszusammenfassung - 09.11.2021

End-of-Day report

Timeframe: Montag 08-11-2021 18:00 - Dienstag 09-11-2021 18:00 Handler: Dimitri Robl Co-Handler: Wolfgang Menezes

News

Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus

Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322.

https://www.microsoft.com/security/blog/2021/11/08/threat-actor-dev-0322-exploiting-zoho-manageengine-adselfservice-plus/


Abcbot, an evolving botnet

Business on the cloud and security on the cloud is one of the industry trends in recent years. 360Netlab is also continuing to focus on security incidents and trends on the cloud from its own expertise in the technology field. The following is a recent security incident we observed,

https://blog.netlab.360.com/abcbot_an_evolving_botnet_en/


(Ab)Using Security Tools & Controls for the Bad, (Mon, Nov 8th)

As security practitioners, we give daily advice to our customers to increase the security level of their infrastructures. Install this tool, enable this feature, disable this function, etc. When enabled, these techniques can also be (ab)used by attackers to perform nasty actions.

https://isc.sans.edu/diary/rss/28014


WooCommerce Skimmer Spoofs Checkout Page

Recently a client of ours was reporting a bogus checkout page appearing on their website. When trying to access their -my-account- page an unfamiliar prompt appeared in their browser soliciting credit card billing information: This form was foreign to our client and was clearly placed during a website compromise. Interestingly, the website itself doesn-t even accept payments at all. If this was an attempt at a targeted credit card theft infection (as quite a few of them are) [...]

https://blog.sucuri.net/2021/11/woocommerce-skimmer-spoofs-checkout-page.html


ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Security Flaws

Industrial giants Siemens and Schneider Electric have released a total of 20 Patch Tuesday advisories to address more than 50 vulnerabilities affecting their products.

https://www.securityweek.com/ics-patch-tuesday-siemens-and-schneider-electric-address-over-50-vulnerabilities-0


-media-markt-outlet.de- ist Fake

Die Webseite media-markt-outlet.de gibt vor, ein Outlet-Store von Media Markt zu sein. Da es sich bei diesem Fake-Shop angeblich um ein Outlet handelt, erscheinen die günstigen Preise auf dem ersten Blick nicht untypisch. Doch Vorsicht: media-markt-outlet.de ist Fake - Sie erhalten trotz Bezahlung keine Ware.

https://www.watchlist-internet.at/news/media-markt-outletde-ist-fake/


The Invisible JavaScript Backdoor

A few months ago we saw a post on the r/programminghorror subreddit: A developer describes the struggle of identifying a syntax error resulting from an invisible Unicode character hidden in JavaScript source code. This post inspired an idea: What if a backdoor literally cannot be seen and thus evades detection even from thorough code reviews?

https://certitude.consulting/blog/en/invisible-backdoor/

Vulnerabilities

Jetzt patchen! Attacken auf CMS Sitecore Experience Platform beobachtet

Angreifer haben es derzeit auf eine Schadcode-Lücke im Content Management System Sitecore XP abgesehen. Sicherheitspatches gibt es bereits seit Oktober 2021.

https://heise.de/-6262157


Security updates for Tuesday

Security updates have been issued by Arch Linux (firefox, grafana, jenkins, opera, and thunderbird), Debian (botan1.10 and ckeditor), openSUSE (chromium, kernel, qemu, and rubygem-activerecord-5_1), SUSE (qemu and rubygem-activerecord-5_1), and Ubuntu (docker.io, kernel, linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux, linux-aws, linux-aws-5.4, linux-azure, [...]

https://lwn.net/Articles/875531/


Adobe Patches Critical RoboHelp Server Security Flaw

Software maker Adobe on Tuesday released patches to cover at least four documented security defects that expose users to malicious hacker attacks. The most serious of the flaw was addressed in RoboHelp Server and is rated -critical- because it exposes corporate environments to arbitrary code execution attacks.

https://www.securityweek.com/adobe-patches-critical-robohelp-server-security-flaw


IPAS: Security Advisories for November 2021

Hi everyone, Today we released 25 security advisories addressing 72 vulnerabilities. Through our internal security research and the investment we make in our bug bounty programs, 96% of the issues being addressed today are the result of our proactive product security assurance efforts. Given that almost half of today-s advisories address drivers in various components, [...]

https://blogs.intel.com/technology/2021/11/intel-security-advisories-for-november-2021/


NUCLEUS:13 vulnerabilities impact Siemens medical & industrial equipment

Security researchers have disclosed today a set of 13 vulnerabilities that impact a crucial Siemens software library that is included with medical devices, automotive, and industrial systems.

https://therecord.media/nucleus13-vulnerabilities-impact-siemens-medical-industrial-equipment/


Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update

https://support.citrix.com/article/CTX330728


Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Ant vulnerability (CVE-2021-36374)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-ant-vulnerability-cve-2021-36374/


Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2021-2388, CVE-2021-2369, CVE-2021-2432)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2021-2388-cve-2021-2369-cve-2021-2432/


Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Ant vulnerability (CVE-2021-36373)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-ant-vulnerability-cve-2021-36373/


Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by CVE-2021-23509

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-affected-by-cve-2021-23509/


Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in Golang

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-golang-2/


Security Bulletin: A vulnerability in Apache Commons Compress Library affects IBM LKS ART and Agent

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-commons-compress-library-affects-ibm-lks-art-and-agent/


Security Bulletin: A vulnerability in IBM Java SDK (July 2021) affects IBM InfoSphere Information Server (CVE-2021-2432)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-july-2021-affects-ibm-infosphere-information-server-cve-2021-2432/


Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-25648, CVE-2021-31535, CVE-2021-20305, CVE-2020-25692)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-cve-2020-25648-cve-2021-31535-cve-2021-20305-cve-2020-25692/


Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-4152, CVE-2020-4160, CVE-2020-4153)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-cve-2020-4152-cve-2020-4160-cve-2020-4153/


Security Bulletin: IBM Safer Payments v5.7 to v6.3 releases are affected by an OpenSSL Security Advisory (CVE-2021-3711)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-safer-payments-v5-7-to-v6-3-releases-are-affected-by-an-openssl-security-advisory-cve-2021-3711/


Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (Nov. 2021 V1)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-nov-2021-v1/