End-of-Day report
Timeframe: Montag 08-11-2021 18:00 - Dienstag 09-11-2021 18:00
Handler: Dimitri Robl
Co-Handler: Wolfgang Menezes
News
Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322.
https://www.microsoft.com/security/blog/2021/11/08/threat-actor-dev-0322-exploiting-zoho-manageengine-adselfservice-plus/
Abcbot, an evolving botnet
Business on the cloud and security on the cloud is one of the industry trends in recent years. 360Netlab is also continuing to focus on security incidents and trends on the cloud from its own expertise in the technology field. The following is a recent security incident we observed,
https://blog.netlab.360.com/abcbot_an_evolving_botnet_en/
(Ab)Using Security Tools & Controls for the Bad, (Mon, Nov 8th)
As security practitioners, we give daily advice to our customers to increase the security level of their infrastructures. Install this tool, enable this feature, disable this function, etc. When enabled, these techniques can also be (ab)used by attackers to perform nasty actions.
https://isc.sans.edu/diary/rss/28014
WooCommerce Skimmer Spoofs Checkout Page
Recently a client of ours was reporting a bogus checkout page appearing on their website. When trying to access their -my-account- page an unfamiliar prompt appeared in their browser soliciting credit card billing information: This form was foreign to our client and was clearly placed during a website compromise. Interestingly, the website itself doesn-t even accept payments at all. If this was an attempt at a targeted credit card theft infection (as quite a few of them are) [...]
https://blog.sucuri.net/2021/11/woocommerce-skimmer-spoofs-checkout-page.html
ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Security Flaws
Industrial giants Siemens and Schneider Electric have released a total of 20 Patch Tuesday advisories to address more than 50 vulnerabilities affecting their products.
https://www.securityweek.com/ics-patch-tuesday-siemens-and-schneider-electric-address-over-50-vulnerabilities-0
-media-markt-outlet.de- ist Fake
Die Webseite media-markt-outlet.de gibt vor, ein Outlet-Store von Media Markt zu sein. Da es sich bei diesem Fake-Shop angeblich um ein Outlet handelt, erscheinen die günstigen Preise auf dem ersten Blick nicht untypisch. Doch Vorsicht: media-markt-outlet.de ist Fake - Sie erhalten trotz Bezahlung keine Ware.
https://www.watchlist-internet.at/news/media-markt-outletde-ist-fake/
The Invisible JavaScript Backdoor
A few months ago we saw a post on the r/programminghorror subreddit: A developer describes the struggle of identifying a syntax error resulting from an invisible Unicode character hidden in JavaScript source code. This post inspired an idea: What if a backdoor literally cannot be seen and thus evades detection even from thorough code reviews?
https://certitude.consulting/blog/en/invisible-backdoor/
Vulnerabilities
Jetzt patchen! Attacken auf CMS Sitecore Experience Platform beobachtet
Angreifer haben es derzeit auf eine Schadcode-Lücke im Content Management System Sitecore XP abgesehen. Sicherheitspatches gibt es bereits seit Oktober 2021.
https://heise.de/-6262157
Security updates for Tuesday
Security updates have been issued by Arch Linux (firefox, grafana, jenkins, opera, and thunderbird), Debian (botan1.10 and ckeditor), openSUSE (chromium, kernel, qemu, and rubygem-activerecord-5_1), SUSE (qemu and rubygem-activerecord-5_1), and Ubuntu (docker.io, kernel, linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oem-5.13, linux-oracle, linux-oracle-5.11, linux, linux-aws, linux-aws-5.4, linux-azure, [...]
https://lwn.net/Articles/875531/
Adobe Patches Critical RoboHelp Server Security Flaw
Software maker Adobe on Tuesday released patches to cover at least four documented security defects that expose users to malicious hacker attacks. The most serious of the flaw was addressed in RoboHelp Server and is rated -critical- because it exposes corporate environments to arbitrary code execution attacks.
https://www.securityweek.com/adobe-patches-critical-robohelp-server-security-flaw
IPAS: Security Advisories for November 2021
Hi everyone, Today we released 25 security advisories addressing 72 vulnerabilities. Through our internal security research and the investment we make in our bug bounty programs, 96% of the issues being addressed today are the result of our proactive product security assurance efforts. Given that almost half of today-s advisories address drivers in various components, [...]
https://blogs.intel.com/technology/2021/11/intel-security-advisories-for-november-2021/
NUCLEUS:13 vulnerabilities impact Siemens medical & industrial equipment
Security researchers have disclosed today a set of 13 vulnerabilities that impact a crucial Siemens software library that is included with medical devices, automotive, and industrial systems.
https://therecord.media/nucleus13-vulnerabilities-impact-siemens-medical-industrial-equipment/
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update
https://support.citrix.com/article/CTX330728
Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Ant vulnerability (CVE-2021-36374)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-ant-vulnerability-cve-2021-36374/
Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2021-2388, CVE-2021-2369, CVE-2021-2432)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2021-2388-cve-2021-2369-cve-2021-2432/
Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Ant vulnerability (CVE-2021-36373)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-ant-vulnerability-cve-2021-36373/
Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by CVE-2021-23509
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-affected-by-cve-2021-23509/
Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in Golang
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-golang-2/
Security Bulletin: A vulnerability in Apache Commons Compress Library affects IBM LKS ART and Agent
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-commons-compress-library-affects-ibm-lks-art-and-agent/
Security Bulletin: A vulnerability in IBM Java SDK (July 2021) affects IBM InfoSphere Information Server (CVE-2021-2432)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-july-2021-affects-ibm-infosphere-information-server-cve-2021-2432/
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-25648, CVE-2021-31535, CVE-2021-20305, CVE-2020-25692)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-cve-2020-25648-cve-2021-31535-cve-2021-20305-cve-2020-25692/
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-4152, CVE-2020-4160, CVE-2020-4153)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-cve-2020-4152-cve-2020-4160-cve-2020-4153/
Security Bulletin: IBM Safer Payments v5.7 to v6.3 releases are affected by an OpenSSL Security Advisory (CVE-2021-3711)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-safer-payments-v5-7-to-v6-3-releases-are-affected-by-an-openssl-security-advisory-cve-2021-3711/
Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (Nov. 2021 V1)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-nov-2021-v1/