End-of-Day report
Timeframe: Dienstag 21-09-2021 18:00 - Mittwoch 22-09-2021 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Apple users warned: Clicking this attachment will take over your macOS
A code execution bug in Apple's macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn't fully patched it yet, as tested by Ars.
https://arstechnica.com/?p=1797268
Datenanalyse: Steigende Zahl automatisierter Cyberangriffe
Automatisierung ist seit Jahren ein wichtiges Thema. Auch Online-Kriminelle haben laut eine Analyse die Vorteile für sich entdeckt.
Kriminelle Hacker setzen nach einer neuen Datenanalyse bei Cyberangriffen immer häufiger auf automatisierte Massenattacken. Seltener werden dagegen gezielte Angriffe, bei denen Hacker noch persönlich am Computer sitzen...
https://heise.de/-6198205
Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners
We strongly recommend updating immediately to the latest patched version of Ninja Forms to patch these security issues, which is version 3.5.8.2 of Ninja Forms at the time of this publication.
https://www.wordfence.com/blog/2021/09/recently-patched-vulnerabilities-in-ninja-forms-plugin-affects-over-1-million-site-owners/
Bei diesen Investitionsplattformen verlieren Sie Ihr Geld
Im Internet findet man unzählige Möglichkeiten, Geld einfach und unkompliziert zu investieren. Auf Trading-Plattformen wie infinitycapitalg.com, suntonfx.com oder windsorglobalaustria.com werden hohe Gewinnchancen, auch ohne großes Finanzwissen versprochen. Klingt zwar sehr verlockend, führt in Wahrheit aber zu sehr hohen Verlusten! Unser Tipp: Checken Sie die Investorenwarnungen der Finanzmarktaufsicht.
https://www.watchlist-internet.at/news/bei-diesen-investitionsplattformen-verlieren-sie-ihr-geld/
Microsoft Exchange Autodiscover-Designfehler ermöglicht Abgriff von Zugangsdaten
Sicherheitsforscher von Guardicore sind in Microsoft Exchange auf einen Designfehler gestoßen, der es Angreifern ermöglicht, über externe Autodiscover-Domains die Anmeldedaten von Domains abzugreifen. Möglich wird dies, weil sich Autodiscover-Domains außerhalb der Domäne des Nutzers (aber noch in derselben TLD) missbrauchen lassen.
https://www.borncity.com/blog/2021/09/22/microsoft-exchange-autodiscover-designfehler-ermglicht-abgriff-von-zugangsdaten/
Vulnerabilities
ZDI-21-1104: McAfee Endpoint Security Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Endpoint Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-21-1104/
Patch now! Insecure Hikvision security cameras can be taken over remotely
The vulnerability found by Watchfull_IP is listed under CVE-2021-36260 and could allow an unauthenticated attacker to gain full access to the device and possibly perform lateral movement into internal networks..
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-insecure-hikvision-security-cameras-can-be-taken-over-remotely/
September 22, 2021 TNS-2021-16 [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1
One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers.
Out of caution, and in line with best practice, Tenable opted to upgrade the bundled OpenSSL components to address the potential impact of these issues. Tenable.sc patch SC-202109.1 updates OpenSSL to version 1.1.1l to address the identified vulnerabilities.
http://www.tenable.com/security/tns-2021-16
VMSA-2021-0020
Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
CVSSv3 Range: 4.3-9.8
CVE(s): CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22016, CVE-2021-22017, CVE-2021-22018, CVE-2021-22019, CVE-2021-22020
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
Security updates for Wednesday
Security updates have been issued by Debian (grilo), Fedora (curl, firefox, mingw-python-pillow, python-pillow, python2-pillow, and webkit2gtk3), openSUSE (chromium, grafana-piechart-panel, kernel, libcroco, php-composer, and xen), Oracle (curl, kernel, and nss and nspr), Red Hat (nodejs:12), Slackware (alpine), SUSE (ghostscript, grafana-piechart-panel, kernel, and xen), and Ubuntu (linux, linux-hwe, linux-hwe-5.11, linux-hwe-5.4, linux-raspi, linux-raspi-5.4, and linux-raspi2).
https://lwn.net/Articles/870002/
Apple iTunes: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes
Ein entfernter Angreifer kann mehrere Schwachstellen in Apple iTunes ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.
http://www.cert-bund.de/advisoryshort/CB-K21-0997
Apple Safari: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes
Ein entfernter Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.
http://www.cert-bund.de/advisoryshort/CB-K21-0996
Apple macOS: Mehrere Schwachstellen
Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, Informationen offenzulegen, seine Privilegien zu erhöhen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
http://www.cert-bund.de/advisoryshort/CB-K21-0994
Apple macOS: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apple macOS ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen.
http://www.cert-bund.de/advisoryshort/CB-K21-1000
Security Advisory - Server-Side Request Forgery Vulnerability in Huawei Product
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-01-ssrf-en
Security Advisory - Improper File Upload Control Vulnerability in Huawei FusionCompute Product
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-01-upload-en
Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210922-01-commandinjection-en
Security Bulletin: IBM® Java- SDK Technology Edition affects IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA) (CVE-2020-14781,CVE-2020-14782)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-technology-edition-affects-ibm-security-verify-governance-identity-manager-virtual-appliance-component-isvg-imva-cve-2020-14781cve-2020-14782/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2021-20377-cve-2020-4690/
Security Bulletin: IBM QRadar Azure marketplace images include Open Management Infrastructure RPM, which is vulnerable to Remote Code Execution (CVE-2021-38647)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-azure-marketplace-images-include-open-management-infrastructure-rpm-which-is-vulnerable-to-remote-code-execution-cve-2021-38647/
Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29800)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-stored-cross-site-scripting-cve-2021-29800/
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities (CVE-2021-3538, CVE-2021-33502, CVE-2021-3450, CVE-2021-3449)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-cve-2021-3538-cve-2021-33502-cve-2021-3450-cve-2021-3449/
Security Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities.
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities-6/
Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-bind-affect-ibm-netezza-host-management-3/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-messagegateway-3/
Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2021-3712)
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-messagegateway-cve-2021-3712/
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise v11, v12 (CVE-2020-7608)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-v11-v12-cve-2020-7608/
Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-ibm-security-verify-governance-identity-manager-virtual-appliance-component-isvg-imva/