[CERT-daily] Tageszusammenfassung - 06.08.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 05-08-2021 18:00 − Freitag 06-08-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Linux version of BlackMatter ransomware targets VMware ESXi servers ∗∗∗
---------------------------------------------
​The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMwares ESXi virtual machine platform.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets-vmware-esxi-servers/


∗∗∗ Lockbit 2.0: Ransomware will Firmen-Insider rekrutieren ∗∗∗
---------------------------------------------
Die Ransomware-Gruppe Lockbit sucht auf ungewöhnliche Weise nach Insidern, die ihr Zugangsdaten übermitteln sollen.
---------------------------------------------
https://www.golem.de/news/lockbit-2-0-ransomware-will-firmen-insider-rekrutieren-2108-158701-rss.html


∗∗∗ Malicious Microsoft Word Remains A Key Infection Vector, (Fri, Aug 6th) ∗∗∗
---------------------------------------------
Despite Microsoft's attempts to make its Office suite more secure and disable many automatic features, despite the fact that users are warned that suspicious documents should not be opened, malicious Word documents remain a key infection vector today.
---------------------------------------------
https://isc.sans.edu/diary/rss/27716


∗∗∗ Using “Master Faces” to Bypass Face-Recognition Authenticating Systems ∗∗∗
---------------------------------------------
A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high probability of success, any user, without having access to any user-information.
---------------------------------------------
https://www.schneier.com/blog/archives/2021/08/using-master-faces-to-bypass-face-recognition-authenticating-systems.html


∗∗∗ EU officials investigating breach of Cybersecurity Atlas project ∗∗∗
---------------------------------------------
The European Commission is investigating a breach of its Cybersecurity Atlas project after a copy of the site’s backend database was put up for sale on an underground cybercrime forum on Monday.
---------------------------------------------
https://therecord.media/eu-officials-investigating-breach-of-cybersecurity-atlas-project/


∗∗∗ Security-Oscars: And the Pwnie goes to … ∗∗∗
---------------------------------------------
Der Pandemie zum Trotz hat die Pwnie-Jury auch in diesem Jahr die Security-Oscars verliehen – und natürlich auch "Goldene Himbeeren".
---------------------------------------------
https://heise.de/-6157581


∗∗∗ What is Tor? ∗∗∗
---------------------------------------------
We give a brief overview of Tor, the secure communications tool. We explain what it is, how you can use it, and some of the potential drawbacks.
---------------------------------------------
https://blog.malwarebytes.com/privacy-2/2021/08/what-is-tor/


∗∗∗ Black Hat: How cybersecurity incidents can become a legal minefield ∗∗∗
---------------------------------------------
Facing a cyberattack? Pick up the phone and talk to legal help as well as incident response.
---------------------------------------------
https://www.zdnet.com/article/black-hat-how-cybersecurity-can-be-a-legal-minefield-for-lawyers/


∗∗∗ Disgruntled ransomware affiliate leaks the Conti gang’s technical manuals ∗∗∗
---------------------------------------------
A disgruntled member of the Conti ransomware program has leaked today the manuals and technical guides used by the Conti gang to train affiliate members on how to access, move laterally, and escalate access inside a hacked company and then exfiltrate its data before encrypting files.
---------------------------------------------
https://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#357312: HTTP Request Smuggling in Web Proxies ∗∗∗
---------------------------------------------
HTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver are vulnerable to HTTP Request Smuggling.
---------------------------------------------
https://kb.cert.org/vuls/id/357312


∗∗∗ Kindle: Mit Schadcode infizierte E-Books konnten Amazon-Account kapern ∗∗∗
---------------------------------------------
Mit infizierten E-Books konnten Sicherheitsforscher Kindle-Reader und sogar Amazon-Konten übernehmen. Amazon hat die Lücke mittlerweile geschlossen.
---------------------------------------------
https://heise.de/-6157512


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (tomcat8), Mageia (bluez, exiv2, fetchmail, libsndfile, nodejs, php-pear, python-pillow, and rabbitmq-server), openSUSE (apache-commons-compress, balsa, djvulibre, mariadb, mysql-connector-java, nodejs8, opera, and spice-vdagent), Red Hat (ruby:2.7), SUSE (apache-commons-compress, djvulibre, java-11-openjdk, libsndfile, mariadb, nodejs8, and spice-vdagent), and Ubuntu (docker.io).
---------------------------------------------
https://lwn.net/Articles/865465/


∗∗∗ Black Hat: BadAlloc bugs expose millions of IoT devices to hijack ∗∗∗
---------------------------------------------
BadAlloc vulnerabilities impact millions of devices worldwide.
---------------------------------------------
https://www.zdnet.com/article/black-hat-badalloc-bugs-expose-millions-of-iot-devices-to-hijack/


∗∗∗ Security Bulletin: Vulnerability in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler-2/


∗∗∗ Security Bulletin: Vulnerability in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler/


∗∗∗ Free Micropatches for "PetitPotam" ∗∗∗
---------------------------------------------
https://blog.0patch.com/2021/08/free-micropatches-for-petitpotam.html


∗∗∗ HCC Embedded InterNiche TCP/IP stack, NicheLite ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01


∗∗∗ FATEK Automation FvDesigner ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02


∗∗∗ mySCADA myPRO ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-217-03


∗∗∗ Advantech WebAccess SCADA ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-217-04


∗∗∗ CISA Releases Security Advisory for InterNiche Products ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/08/05/cisa-releases-security-advisory-interniche-products

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily