End-of-Day report
Timeframe: Dienstag 23-11-2021 18:00 - Mittwoch 24-11-2021 18:00
Handler: Wolfgang Menezes
Co-Handler: Thomas Pribitzer
News
Phishing page hiding itself using dynamically adjusted IP-based allow list, (Wed, Nov 24th)
It can be instructive to closely examine even completely usual-looking phishing messages from time to time, since they may lead one to unusual phishing sites or may perhaps use some novel technique that might not be obvious at first glance.
https://isc.sans.edu/diary/rss/28070
Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery, and Webshells
This blog series explores methods attackers might use to maintain persistent access to a compromised linux system.
https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
Nach Windows-Update: Zero-Day-Lücke erlaubt lokale Rechteausweitung
Eines der Windows-Updates im November sollte eine gefährliche Lücke schließen. Doch sie lässt sich noch immer zur Erhöhung der eigenen Rechte missbrauchen.
https://heise.de/-6274893
Vorsicht vor Love Scams auf Facebook Dating!
Immer wieder melden uns besorgte LeserInnen sogenannte Love- oder Romance-Scammer. Dabei handelt es sich um Online-Bekanntschaften, die sich durch Liebesbeteuerungen das Vertrauen der Opfer erschleichen.
https://www.watchlist-internet.at/news/vorsicht-vor-love-scams-auf-facebook-dating/
New JavaScript malware works as a -RAT dispenser-
Cybersecurity experts from HP said they discovered a new strain of JavaScript malware that criminals are using as a way to infect systems and then deploy much dangerous remote access trojans (RATs).
https://therecord.media/new-javascript-malware-works-as-a-rat-dispenser/
ASEC Weekly Malware Statistics (November 15th, 2021 - November 21st, 2021)-
This post will list weekly statistics collected from November 15th, 2021 (Monday) to November 21st, 2021 (Sunday).
https://asec.ahnlab.com/en/28954/
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Debian (openjdk-17), Fedora (libxls, roundcubemail, and vim), openSUSE (bind, java-1_8_0-openjdk, and redis), Red Hat (kernel, kernel-rt, kpatch-patch, krb5, mailman:2.1, openssh, and rpm), Scientific Linux (kernel, krb5, openssh, and rpm), SUSE (bind, java-1_8_0-openjdk, redis, and webkit2gtk3), and Ubuntu (bluez).
https://lwn.net/Articles/876799/
Schwachstelle in MediaTek-Chips von Android-Smartphones
Sicherheitsforscher von Check Point haben in einer Android-APU, die APU ist die AI Processing Unit in MediaTek-Chips, eine Schwachstelle entdeckt. Die Sicherheitsforscher warnen, dass Nutzer über den Audio-Prozessor abgehört werden können. Die Mediatek-Chips sind in 37 % aller Android-Geräte verbaut.
https://www.borncity.com/blog/2021/11/24/schwachstelle-in-mediatek-chips-von-android-smartphones/
ZDI-21-1333: Adobe Creative Cloud Incorrect Permission Assignment Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-1333/
Security Advisory - Possible Out-Of-Bounds Read Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211124-03-dos-en
Security Bulletin: Weak Cryptographic Control Vulnerability Affects IBM Sterling Connect:Direct Web Services (CVE-2021-38891)
https://www.ibm.com/blogs/psirt/security-bulletin-weak-cryptographic-control-vulnerability-affects-ibm-sterling-connectdirect-web-services-cve-2021-38891/
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-13/
Security Bulletin: Account Lockout Vulnerability Affects IBM Sterling Connect:Direct Web Services (CVE-2021-38890)
https://www.ibm.com/blogs/psirt/security-bulletin-account-lockout-vulnerability-affects-ibm-sterling-connectdirect-web-services-cve-2021-38890/
Security Bulletin: PostgreSQL Sensitive Information Exposure Vulnerability Affects IBM Connect:Direct Web Services (CVE-2021-32029)
https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-sensitive-information-exposure-vulnerability-affects-ibm-connectdirect-web-services-cve-2021-32029/
K20072454: Linux kernel vulnerability CVE-2021-43267
https://support.f5.com/csp/article/K20072454