Tageszusammenfassung - 29.09.2021

End-of-Day report

Timeframe: Dienstag 28-09-2021 18:00 - Mittwoch 29-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer

News

NSA, CISA share VPN security tips to defend against hackers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions.

https://www.bleepingcomputer.com/news/security/nsa-cisa-share-vpn-security-tips-to-defend-against-hackers/


Why Should I Care About HTTP Request Smuggling?

HTTP request smuggling is a growing vulnerability, but you can manage the risk with proper server configuration.

https://www.darkreading.com/edge-ask-the-experts/why-should-i-care-about-http-request-smuggling-


DarkHalo after SolarWinds: the Tomiris connection

We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar.

https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/


Conti Ransomware Expands Ability to Blow Up Backups

The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.

https://threatpost.com/conti-ransomware-backups/175114/


How nation-state attackers like NOBELIUM are changing cybersecurity

In the first of a four-part series on the NOBELIUM nation-state attack, we describe the attack and explain why enterprises should be cautious.

https://www.microsoft.com/security/blog/2021/09/28/how-nation-state-attackers-like-nobelium-are-changing-cybersecurity/


Serious Security: Let-s Encrypt gets ready to go it alone (in a good way!)

Lets Encrypt is set to become a mainstream, self-certifying web certificate authority - heres why it took so many years.

https://nakedsecurity.sophos.com/2021/09/28/serious-security-lets-encrypt-gets-ready-to-go-it-alone-in-a-good-way/


Keeping Track of Time: Network Time Protocol and a GPSD Bug, (Wed, Sep 29th)

The Network Time Protocol (NTP) has been critical in ensuring time is accurately kept for various systems businesses and organizations rely on.

https://isc.sans.edu/diary/rss/27886


Phone screenshots accidentally leaked online by stalkerware-type company

Stalkerware-type company pcTattleTale hasnt been very careful about securing the screenshots it sneakily takes from its victims phones.

https://blog.malwarebytes.com/stalkerware/2021/09/phone-screenshots-accidentally-leaked-online-by-stalkerware-company/


Betrügerische Mail im Namen der Volksbank unterwegs

Derzeit werden massenhaft betrügerische Phishing-Mails im Namen der Volksbank verschickt. Angeblich wurde eine -irrtümlich ausgeführte Überweisung- gesperrt.

https://www.watchlist-internet.at/news/betruegerische-mail-im-namen-der-volksbank-unterwegs/


New GriftHorse malware has infected more than 10 million Android phones

Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis.

https://therecord.media/new-grifthorse-malware-has-infected-more-than-10-million-android-phones/

Vulnerabilities

AirTags als Echtwelt-Trojaner: Apple lässt XSS-Lücke über Monate offen

Ein weiterer Sicherheitsforscher hat wegen Verärgerung über Apples zugeknöpftes Bug-Bounty-Programm eine Zero-Day-Schwachstelle veröffentlicht.

https://heise.de/-6204364


Security updates for Wednesday

Security updates have been issued by Fedora (iaito, libssh, radare2, and squashfs-tools), openSUSE (hivex, shibboleth-sp, and transfig), SUSE (python-urllib3 and shibboleth-sp), and Ubuntu (apache2, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, and linux-hwe-5.11, linux-azure, linux-azure-5.11, linux-oracle-5.11).

https://lwn.net/Articles/871227/


Security Bulletin: Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities.

https://www.ibm.com/blogs/psirt/security-bulletin-bulletin-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities/


Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-sdk-for-node-js-might-affect-the-configuration-editor-used-by-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-2/


Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.14.0 ESR + CVE-2021-29967) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF14

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-14-0-esr-cve-2021-29967-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if14/


Security Bulletin: Vulnerabilities in IBM Java SDK affects App Connect Professional

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affects-app-connect-professional/


Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-29834

https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2021-29834/


Security Bulletin: IBM Kenexa LCMS Premier On Premise - CVE-2021-2341 (deferred from Oracle Jul 2021 CPU for Java 7.x)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-cve-2021-2341-deferred-from-oracle-jul-2021-cpu-for-java-7-x/


Security Bulletin: Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-offline-documentation/


Security Bulletin: Aspera Web Application (Console, Shares) are affected by jQuery vulnerability (cross-site scripting)

https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-application-console-shares-are-affected-by-jquery-vulnerability-cross-site-scripting/


Security Bulletin: IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU - Jul 2021 - Includes Oracle Jul 2021 CPU (minus CVE-2021-2341)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2021-includes-oracle-jul-2021-cpu-minus-cve-2021-2341/


Security Bulletin: IBM Kenexa LMS On Premise -CVE-2021-2341 (deferred from Oracle Jul 2021 CPU for Java 7.x)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-cve-2021-2341-deferred-from-oracle-jul-2021-cpu-for-java-7-x/


F-Secure Internet Gatekeeper: Mehrere Schwachstellen

http://www.cert-bund.de/advisoryshort/CB-K21-1020


Elastic Stack Misconfiguration can lead to DDoS or Data Exfiltration

https://securitythreatnews.com/2021/09/29/elastic-stack-misconfiguration-can-lead-to-ddos-or-data-exfiltration/