Tageszusammenfassung - 26.11.2021
End-of-Day report
Timeframe: Donnerstag 25-11-2021 18:00 - Freitag 26-11-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan RichterNews
IT threat evolution Q3 2021
WildPressure and LuminousMoth threat actors, FinSpy implants, zero-day vulnerabilities and PrintNightmare, threats for Linux and macOS in our review of Q3 2021.https://securelist.com/it-threat-evolution-q3-2021/104876/
YARAs Private Strings, (Thu, Nov 25th)
YARA supports private strings. A string can be marked as private by including string modifier "private". Here is a use case. [...]https://isc.sans.edu/diary/rss/28010
Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090, (Fri, Nov 26th)
Over the past 7 days, my honeypot captured a few hundred POST for a vulnerability which appeared to be tracked as a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware. If successfully exploited, could allow unauthenticated remote actors to bypass authentication and add the router to the botnet Mirai botnet.https://isc.sans.edu/diary/rss/28072
EU needs more cybersecurity graduates, says ENISA infosec agency - pointing at growing list of masters degree courses
The EU needs more cybersecurity graduates to plug the political blocs shortage of skilled infosec bods, according to a report from the ENISA online security agency.https://go.theregister.com/feed/www.theregister.com/2021/11/26/enisa_cybersecurity_degrees_report/
RATDispenser: JavaScript-Loader installiert Remote Access Trojaners (RAT) in Windows
Noch ein kurzer Nachtrag in Punkto Sicherheit, welcher mir die Tage unter die Augen gekommen ist. Die Sicherheitsforscher von HP Thread-Research sind auf einen in JavaScript geschriebenen Loader gestoßen, der auf Windows-Systemen Remote Access Trojaner (RAT) installiert. Der Entwickler scheint [...]Vulnerabilities
Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices
Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html
Angreifer könnten die Kontrolle über Videoüberwachungssysteme von Qnap erlangen
Ein wichtiges Update schließt unter anderem eine kritische Lücke in einigen Netzwerk-Videorekordern von Qnap.Security updates for Friday
Security updates have been issued by Fedora (freerdp, gnome-boxes, gnome-connections, gnome-remote-desktop, guacamole-server, hydra, java-1.8.0-openjdk-aarch32, medusa, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, php, pidgin-sipe, remmina, vinagre, and weston), openSUSE (kernel and netcdf), and SUSE (kernel and netcdf).https://lwn.net/Articles/876922/
Zoom Video Communications Produkte: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K21-1235