End-of-Day report
Timeframe: Freitag 24-09-2021 18:00 - Montag 27-09-2021 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Jetzt patchen! Exploit-Code für Chrome und Edge in Umlauf
Angriffe auf die Webbrowser Chrome und Edge könnten kurz bevor stehen. Reparierte Versionen stehen zum Download bereit.
https://heise.de/-6201629
He escaped the Dark Web-s biggest bust. Now he-s back
DeSnake apparently eluded the takedown of AlphaBay and now plans to resurrect it.
https://arstechnica.com/?p=1798352
BloodyStealer and gaming assets for sale
We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that ends up on the black market.
https://securelist.com/bloodystealer-and-gaming-assets-for-sale/104319/
Video: Strings Analysis: VBA & Excel4 Maldoc, (Sat, Sep 25th)
I did record a video for my diary entry "Strings Analysis: VBA & Excel4 Maldoc", showing how to use CyberChef to analyze a maldoc.
https://isc.sans.edu/diary/rss/27874
New Android Malware Steals Financial Data from 378 Banking and Wallet Apps
The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. "The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabrics CEO Cengiz Han Sahin said [...]
https://thehackernews.com/2021/09/new-android-malware-steals-financial.html
New security feature in September 2021 Cumulative Update for Exchange Server
[...] As part of our continued work to help you protect your Exchange Servers, in the September 2021 Cumulative Update (CU) we have added a new feature called the Microsoft Exchange Emergency Mitigation service. This new service is not a replacement for installing Exchange Server Security Updates (SUs), but [...]
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (kernel, libxml-security-java, and openssl), Fedora (fetchmail and python-rsa), openSUSE (grafana-piechart-panel and opera), and Red Hat (nodejs:14).
https://lwn.net/Articles/870597/
Command Injection Vulnerabilities in QVR
Two command injection vulnerabilities have been reported to affect certain QNAP EOL devices running QVR. If exploited, these vulnerabilities allow remote attackers to run arbitrary commands.
https://www.qnap.com/en-us/security-advisory/QSA-21-35
GNU C Library (glibc) vulnerability CVE-2021-33574
https://support.f5.com/csp/article/K43700555
LibreSSL: Schwachstelle ermöglicht Denial of Service
https://www.cert-bund.de/advisoryshort/CB-K21-1014
GitHub Enterprise Server: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K21-1015
OpenSSH: Schwachstelle ermöglicht Privilegieneskalation
https://www.cert-bund.de/advisoryshort/CB-K21-1017
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php
FatPipe Networks WARP 10.2.2 Authorization Bypass
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php
Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-3711 and CVE-2021-3712
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2021-3711-and-cve-2021-3712/
Security Bulletin: CVE-2021-2341 may affect IBM® SDK, Java- Technology Edition
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2341-may-affect-ibm-sdk-java-technology-edition-2/
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-11/
Security Bulletin: Integrated application server and integrated web services for IBM i are affected by CVE-2021-35517 and CVE-2021-36090
https://www.ibm.com/blogs/psirt/security-bulletin-integrated-application-server-and-integrated-web-services-for-ibm-i-are-affected-by-cve-2021-35517-and-cve-2021-36090/
Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-http-server-affect-ibm-i-2/
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7774)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-and-ibm-integration-bus-cve-2020-7774-2/