End-of-Day report
Timeframe: Mittwoch 24-11-2021 18:00 - Donnerstag 25-11-2021 18:00
Handler: Wolfgang Menezes
Co-Handler: Thomas Pribitzer
News
New CronRAT malware infects Linux systems using odd day cron jobs
Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st.
https://www.bleepingcomputer.com/news/security/new-cronrat-malware-infects-linux-systems-using-odd-day-cron-jobs/
Discord malware campaign targets crypto and NFT communities
A new malware campaign on Discord uses the Babadeda crypter to hide malware that targets the crypto, NFT, and DeFi communities.
https://www.bleepingcomputer.com/news/security/discord-malware-campaign-targets-crypto-and-nft-communities/
Improving security for mobile devices: CISA issues guides
CISA has released actionable guides with advice on how to improve security for mobile devices, both for consumers and organizations.
https://blog.malwarebytes.com/android/2021/11/improving-security-for-mobile-devices-cisa-issues-guides/
Bitcoin-Erpressung mit Masturbationsaufnahmen
Alle Jahre wieder versuchen Kriminelle durch erfundene Behauptungen, Geld zu erpressen. Angeblich wurden Ihre Systeme gehackt und Sie dadurch während dem Aufruf pornografischer Inhalte gefilmt. Die Nachricht ist frei erfunden und wird massenhaft ausgesendet.
https://www.watchlist-internet.at/news/bitcoin-erpressung-mit-masturbationsaufnahmen/
Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure
Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade.
https://www.tripwire.com/state-of-security/security-data-protection/sophisticated-tardigrade-malware-launches-attacks-on-vaccine-manufacturing-infrastructure/
Black-Friday-Spam-Kampagnen in den Startlöchern
Am 26. November 2021 ist Black Friday - da gibt es fast alles umsonst. Das ruft auch Cyber-Kriminelle auf den Plan und diese greifen Verbraucher verstärkt mit Online-Shopping-Betrugsversuchen an.
https://www.borncity.com/blog/2021/11/25/black-friday-spam-kampagnen-in-den-startlchern/
Vulnerabilities
VMware dichtet Schwachstellen in vSphere Web Client ab - zum Teil
Der Hersteller meldet Sicherheitslücken, teils mit hohem Risiko. Es gibt jedoch noch nicht für alle betroffenen Produkte Updates.
https://heise.de/-6276216
Security updates for Thursday
Security updates have been issued by Fedora (busybox, getdata, and php), Mageia (couchdb, freerdp, openexr, postgresql, python-reportlab, and rsh), openSUSE (bind, java-1_8_0-openjdk, and kernel), SUSE (java-1_7_0-openjdk), and Ubuntu (icu).
https://lwn.net/Articles/876852/
ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717)
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/
Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
Security Bulletin: Vulnerabilities in Apache Ant affect IBM Installation Manager and IBM Packaging Utility
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-ant-affect-ibm-installation-manager-and-ibm-packaging-utility/
Security Bulletin: WebSphere Application Server is vulnerable to a Privilege Escalation vulnerability and affects Content Collector for Email
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-privilege-escalation-vulnerability-and-affects-content-collector-for-email/
Security Bulletin: Vulnerabilities affect IBM Netcool Agile Service Manager
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-netcool-agile-service-manager/
Security Bulletin: Vulnerabilities in Node.js affect IBM Integration Bus v10 (CVE-2021-32803)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-integration-bus-v10-cve-2021-32803-2/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager-6/
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-installation-manager-and-ibm-packaging-utility-6/