Tageszusammenfassung - 27.09.2021

End-of-Day report

Timeframe: Freitag 24-09-2021 18:00 - Montag 27-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

Jetzt patchen! Exploit-Code für Chrome und Edge in Umlauf

Angriffe auf die Webbrowser Chrome und Edge könnten kurz bevor stehen. Reparierte Versionen stehen zum Download bereit.

https://heise.de/-6201629


He escaped the Dark Web-s biggest bust. Now he-s back

DeSnake apparently eluded the takedown of AlphaBay and now plans to resurrect it.

https://arstechnica.com/?p=1798352


BloodyStealer and gaming assets for sale

We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that ends up on the black market.

https://securelist.com/bloodystealer-and-gaming-assets-for-sale/104319/


Video: Strings Analysis: VBA & Excel4 Maldoc, (Sat, Sep 25th)

I did record a video for my diary entry "Strings Analysis: VBA & Excel4 Maldoc", showing how to use CyberChef to analyze a maldoc.

https://isc.sans.edu/diary/rss/27874


New Android Malware Steals Financial Data from 378 Banking and Wallet Apps

The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. "The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabrics CEO Cengiz Han Sahin said [...]

https://thehackernews.com/2021/09/new-android-malware-steals-financial.html


New security feature in September 2021 Cumulative Update for Exchange Server

[...] As part of our continued work to help you protect your Exchange Servers, in the September 2021 Cumulative Update (CU) we have added a new feature called the Microsoft Exchange Emergency Mitigation service. This new service is not a replacement for installing Exchange Server Security Updates (SUs), but [...]

https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155

Vulnerabilities

Security updates for Monday

Security updates have been issued by Debian (kernel, libxml-security-java, and openssl), Fedora (fetchmail and python-rsa), openSUSE (grafana-piechart-panel and opera), and Red Hat (nodejs:14).

https://lwn.net/Articles/870597/


Command Injection Vulnerabilities in QVR

Two command injection vulnerabilities have been reported to affect certain QNAP EOL devices running QVR. If exploited, these vulnerabilities allow remote attackers to run arbitrary commands.

https://www.qnap.com/en-us/security-advisory/QSA-21-35


GNU C Library (glibc) vulnerability CVE-2021-33574

https://support.f5.com/csp/article/K43700555


LibreSSL: Schwachstelle ermöglicht Denial of Service

https://www.cert-bund.de/advisoryshort/CB-K21-1014


GitHub Enterprise Server: Mehrere Schwachstellen

https://www.cert-bund.de/advisoryshort/CB-K21-1015


OpenSSH: Schwachstelle ermöglicht Privilegieneskalation

https://www.cert-bund.de/advisoryshort/CB-K21-1017


FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php


FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access)

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php


FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php


FatPipe Networks WARP 10.2.2 Authorization Bypass

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php


FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php


Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-3711 and CVE-2021-3712

https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2021-3711-and-cve-2021-3712/


Security Bulletin: CVE-2021-2341 may affect IBM® SDK, Java- Technology Edition

https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2341-may-affect-ibm-sdk-java-technology-edition-2/


Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-11/


Security Bulletin: Integrated application server and integrated web services for IBM i are affected by CVE-2021-35517 and CVE-2021-36090

https://www.ibm.com/blogs/psirt/security-bulletin-integrated-application-server-and-integrated-web-services-for-ibm-i-are-affected-by-cve-2021-35517-and-cve-2021-36090/


Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-http-server-affect-ibm-i-2/


Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7774)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-and-ibm-integration-bus-cve-2020-7774-2/