End-of-Day report
Timeframe: Donnerstag 23-09-2021 18:00 - Freitag 24-09-2021 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Sicherheitsupdates: Kritische Admin-Lücke mit Höchstwertung bedroht Cisco-Geräte
Der Netzwerkausrüster hat jede Menge Sicherheitslücken geschlossen. Erfolgreiche Attacken können gefährliche Auswirkungen haben.
https://heise.de/-6200359
Frustriert von Apple: Sicherheitsforscher veröffentlicht 0-Day-Lücken für iOS 15
Der Konzern habe nur einen der Bugs still gestopft und nicht weiter reagiert, so der Sicherheitsforscher. Die Lücken geben Apps wohl Zugriff auf Nutzerdaten.
https://heise.de/-6200907
Malware devs trick Windows validation with malformed certs
Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software.
https://www.bleepingcomputer.com/news/security/malware-devs-trick-windows-validation-with-malformed-certs/
TangleBot Malware Reaches Deep into Android Device Functions
The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others.
https://threatpost.com/tanglebot-malware-device-functions/174999/
Keep an Eye on Your Users Mobile Devices (Simple Inventory), (Fri, Sep 24th)
Today, smartphones are everywhere and became our best friends for many tasks. Probably your users already access their corporate mailbox via a mobile device. If it's not yet the case, you probably have many requests to implement this. They are two ways to achieve this: [...]
https://isc.sans.edu/diary/rss/27868
Fake-Shop-Alarm: Kaufen Sie keine Fahrräder auf efahrrad-shop.com!
Der Online-Shop efahrrad-shop.com präsentiert sich auf seiner Webseite als -ausgezeichneter und zertifizierter Online Fahrradfachhandel-. Doch wer sich die Seite genauer anschaut, stößt auf zahlreiche Ungereimtheiten. So findet sich ein fehlerhaftes Impressum auf der Webseite und die angegebenen Preise liegen deutlich unter den üblichen Preisen. Alles Hinweise dafür, dass es sich um einen Fake-Shop handelt.
https://www.watchlist-internet.at/news/fake-shop-alarm-kaufen-sie-keine-fahrraeder-auf-efahrrad-shopcom/
FamousSparrow: A suspicious hotel guest
Yet another APT group that exploited the ProxyLogon vulnerability in March 2021
https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/
Vulnerabilities
ZDI-21-1112: Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-21-1112/
SonicWall warns users to patch critical vulnerability -as soon as possible-
SonicWall is asking SMA 100 series customers to patch their appliances against a vulnerability that could give attackers administrator access.
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwall-warns-users-to-patch-critical-vulnerability-as-soon-as-possible/
Security updates for Friday
Security updates have been issued by Debian (mupdf), Fedora (ghostscript, gifsicle, and ntfs-3g), openSUSE (kernel and nodejs14), and SUSE (curl, ffmpeg, gd, hivex, kernel, nodejs14, python-reportlab, sqlite3, and xen).
https://lwn.net/Articles/870365/
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. CISA encourages users and administrators to review the Apple security page for iOS 12.5.5 and Security Update 2021-006 Catalina and apply the necessary updates as soon as possible.
https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/apple-releases-security-updates
BIG-IP APM XSS vulnerability CVE-2021-23054
https://support.f5.com/csp/article/K41997459
Trend Micro ServerProtect: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
https://www.cert-bund.de/advisoryshort/CB-K21-1010
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-13/
Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-bind-affect-ibm-netezza-host-management-4/
Security Bulletin: Public disclosed vulnerability from OpenSSL affects IBM Netezza Host Management
https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerability-from-openssl-affects-ibm-netezza-host-management-2/
Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability.
https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-websphere-application-server-vulnerability-3/