End-of-Day report
Timeframe: Donnerstag 25-11-2021 18:00 - Freitag 26-11-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
IT threat evolution Q3 2021
WildPressure and LuminousMoth threat actors, FinSpy implants, zero-day vulnerabilities and PrintNightmare, threats for Linux and macOS in our review of Q3 2021.
https://securelist.com/it-threat-evolution-q3-2021/104876/
YARAs Private Strings, (Thu, Nov 25th)
YARA supports private strings. A string can be marked as private by including string modifier "private". Here is a use case. [...]
https://isc.sans.edu/diary/rss/28010
Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090, (Fri, Nov 26th)
Over the past 7 days, my honeypot captured a few hundred POST for a vulnerability which appeared to be tracked as a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware. If successfully exploited, could allow unauthenticated remote actors to bypass authentication and add the router to the botnet Mirai botnet.
https://isc.sans.edu/diary/rss/28072
EU needs more cybersecurity graduates, says ENISA infosec agency - pointing at growing list of masters degree courses
The EU needs more cybersecurity graduates to plug the political blocs shortage of skilled infosec bods, according to a report from the ENISA online security agency.
https://go.theregister.com/feed/www.theregister.com/2021/11/26/enisa_cybersecurity_degrees_report/
RATDispenser: JavaScript-Loader installiert Remote Access Trojaners (RAT) in Windows
Noch ein kurzer Nachtrag in Punkto Sicherheit, welcher mir die Tage unter die Augen gekommen ist. Die Sicherheitsforscher von HP Thread-Research sind auf einen in JavaScript geschriebenen Loader gestoßen, der auf Windows-Systemen Remote Access Trojaner (RAT) installiert. Der Entwickler scheint [...]
https://www.borncity.com/blog/2021/11/26/ratdispenser-javascript-loader-installiert-remote-access-trojaners-rat-in-windows/
Vulnerabilities
Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices
Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.
https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html
Angreifer könnten die Kontrolle über Videoüberwachungssysteme von Qnap erlangen
Ein wichtiges Update schließt unter anderem eine kritische Lücke in einigen Netzwerk-Videorekordern von Qnap.
https://heise.de/-6277445
Security updates for Friday
Security updates have been issued by Fedora (freerdp, gnome-boxes, gnome-connections, gnome-remote-desktop, guacamole-server, hydra, java-1.8.0-openjdk-aarch32, medusa, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, php, pidgin-sipe, remmina, vinagre, and weston), openSUSE (kernel and netcdf), and SUSE (kernel and netcdf).
https://lwn.net/Articles/876922/
Zoom Video Communications Produkte: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K21-1235
Security Bulletin: Vulnerability in jsoup may affect Cúram Social Program Management (CVE-2021-37714)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jsoup-may-affect-cram-social-program-management-cve-2021-37714/
Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2020-9488)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-cram-social-program-management-cve-2020-9488/
Security Bulletin: Vulnerabilities affect IBM Netcool Agile Service Manager
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-netcool-agile-service-manager-2/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager-7/
Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dojo-may-affect-ibm-cram-social-program-management-cve-2018-15494/
Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-santuario-xml-security-for-java-may-affect-cram-social-program-management-cve-2021-40690/