Tageszusammenfassung - 24.09.2021

End-of-Day report

Timeframe: Donnerstag 23-09-2021 18:00 - Freitag 24-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner

News

Sicherheitsupdates: Kritische Admin-Lücke mit Höchstwertung bedroht Cisco-Geräte

Der Netzwerkausrüster hat jede Menge Sicherheitslücken geschlossen. Erfolgreiche Attacken können gefährliche Auswirkungen haben.

https://heise.de/-6200359


Frustriert von Apple: Sicherheitsforscher veröffentlicht 0-Day-Lücken für iOS 15

Der Konzern habe nur einen der Bugs still gestopft und nicht weiter reagiert, so der Sicherheitsforscher. Die Lücken geben Apps wohl Zugriff auf Nutzerdaten.

https://heise.de/-6200907


Malware devs trick Windows validation with malformed certs

Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software.

https://www.bleepingcomputer.com/news/security/malware-devs-trick-windows-validation-with-malformed-certs/


TangleBot Malware Reaches Deep into Android Device Functions

The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others.

https://threatpost.com/tanglebot-malware-device-functions/174999/


Keep an Eye on Your Users Mobile Devices (Simple Inventory), (Fri, Sep 24th)

Today, smartphones are everywhere and became our best friends for many tasks. Probably your users already access their corporate mailbox via a mobile device. If it's not yet the case, you probably have many requests to implement this. They are two ways to achieve this: [...]

https://isc.sans.edu/diary/rss/27868


Fake-Shop-Alarm: Kaufen Sie keine Fahrräder auf efahrrad-shop.com!

Der Online-Shop efahrrad-shop.com präsentiert sich auf seiner Webseite als -ausgezeichneter und zertifizierter Online Fahrradfachhandel-. Doch wer sich die Seite genauer anschaut, stößt auf zahlreiche Ungereimtheiten. So findet sich ein fehlerhaftes Impressum auf der Webseite und die angegebenen Preise liegen deutlich unter den üblichen Preisen. Alles Hinweise dafür, dass es sich um einen Fake-Shop handelt.

https://www.watchlist-internet.at/news/fake-shop-alarm-kaufen-sie-keine-fahrraeder-auf-efahrrad-shopcom/


FamousSparrow: A suspicious hotel guest

Yet another APT group that exploited the ProxyLogon vulnerability in March 2021

https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/

Vulnerabilities

ZDI-21-1112: Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-21-1112/


SonicWall warns users to patch critical vulnerability -as soon as possible-

SonicWall is asking SMA 100 series customers to patch their appliances against a vulnerability that could give attackers administrator access.

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwall-warns-users-to-patch-critical-vulnerability-as-soon-as-possible/


Security updates for Friday

Security updates have been issued by Debian (mupdf), Fedora (ghostscript, gifsicle, and ntfs-3g), openSUSE (kernel and nodejs14), and SUSE (curl, ffmpeg, gd, hivex, kernel, nodejs14, python-reportlab, sqlite3, and xen).

https://lwn.net/Articles/870365/


Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. CISA encourages users and administrators to review the Apple security page for iOS 12.5.5 and Security Update 2021-006 Catalina and apply the necessary updates as soon as possible.

https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/apple-releases-security-updates


BIG-IP APM XSS vulnerability CVE-2021-23054

https://support.f5.com/csp/article/K41997459


Trend Micro ServerProtect: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

https://www.cert-bund.de/advisoryshort/CB-K21-1010


Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-13/


Security Bulletin: Publicly disclosed vulnerabilities from Bind affect IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-bind-affect-ibm-netezza-host-management-4/


Security Bulletin: Public disclosed vulnerability from OpenSSL affects IBM Netezza Host Management

https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerability-from-openssl-affects-ibm-netezza-host-management-2/


Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability.

https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-websphere-application-server-vulnerability-3/