[CERT-daily] Tageszusammenfassung - 11.08.2021

Daily end-of-shift report team at cert.at
Wed Aug 11 18:08:46 CEST 2021 

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 10-08-2021 18:00 − Mittwoch 11-08-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Kaseyas universal REvil decryption key leaked on a hacking forum ∗∗∗
---------------------------------------------
The universal decryption key for REvils attack on Kaseyas customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/kaseyas-universal-revil-decryption-key-leaked-on-a-hacking-forum/


∗∗∗ New AdLoad malware variant slips through Apples XProtect defenses ∗∗∗
---------------------------------------------
A new AdLoad malware variant is slipping through Apples YARA signature-based XProtect built-in antivirus tech to infect Macs.
---------------------------------------------
https://www.bleepingcomputer.com/news/apple/new-adload-malware-variant-slips-through-apples-xprotect-defenses/


∗∗∗ TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike, (Wed, Aug 11th) ∗∗∗
---------------------------------------------
TA551 (also known as Shathak) represents a threat actor behind malspam that has pushed different families of malware over the past few years.
---------------------------------------------
https://isc.sans.edu/diary/rss/27738


∗∗∗ Das Conti-Leak: Bedienungsanleitung für Ransomware​ ∗∗∗
---------------------------------------------
In den Handbüchern für Affiliates beschreiben die Kriminellen minutiös, wie man ein Netz auskundschaftet, Zugang ausweitet und schließlich Daten verschlüsselt.
---------------------------------------------
https://heise.de/-6160551


∗∗∗ Anonym im Internet: Sicherheitsupdates für Tor Browser und Tails OS erschienen ∗∗∗
---------------------------------------------
Die Entwickler haben Komponenten von Tor Browser und Tails aktualisiert, um die Sicherheit aufrechtzuerhalten.
---------------------------------------------
https://heise.de/-6161195


∗∗∗ 5 Costly Mistakes in Cyber Incident Response Preparation ∗∗∗
---------------------------------------------
Even with the best preparation and retainers, incident response is rarely an inexpensive endeavor in terms of money, people, operational disruption, or time.
---------------------------------------------
https://www.dragos.com/blog/industry-news/5-costly-mistakes-in-cyber-incident-response-preparation/


∗∗∗ Conducting Architecture Reviews in Light of the New TSA Directives ∗∗∗
---------------------------------------------
TSA, the sector-specific agency for pipelines, released its first directive to the pipeline industry on May 27th and followed up with a second directive on July 20th.
---------------------------------------------
https://www.dragos.com/blog/industry-news/conducting-architecture-reviews-in-light-of-the-new-tsa-directives/


∗∗∗ Why Are Ransomware Attacks Against OT Increasing? ∗∗∗
---------------------------------------------
Most discussions around cybersecurity understandably focus on information technology (IT). Assets like cloud services and data centers are typically what companies spend the most time and effort securing. Recently, though, operational technology (OT) has come under increasing scrutiny from leading security experts in both the private and public sectors.
---------------------------------------------
https://www.tripwire.com/state-of-security/ics-security/why-are-ransomware-attacks-against-ot-increasing/


∗∗∗ Hacker kapern Instagram-Profil und erpressen Opfer ∗∗∗
---------------------------------------------
BetrügerInnen haben es auf Instagram-Accounts mit vielen FollowerInnen abgesehen: Sie hacken deren Konten und verlangen anschließend Lösegeld. Wird nicht bezahlt, drohen die Hacker, das Profil zu löschen.
---------------------------------------------
https://www.watchlist-internet.at/news/hacker-kapern-instagram-profil-und-erpressen-opfer/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#608209: NicheStack embedded TCP/IP has vulnerabilities ∗∗∗
---------------------------------------------
HCC Embeddeds software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities.
---------------------------------------------
https://kb.cert.org/vuls/id/608209


∗∗∗ Patchday: Microsoft meldet abermals Attacken auf Windows ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für unter anderem kritische Lücken in Azure, Edge und verschiedenen Windows-Versionen.
---------------------------------------------
https://heise.de/-6160526


∗∗∗ Free Micropatches for "PetitPotam" (CVE-2021-36942) ∗∗∗
---------------------------------------------
Update 8/11/2021-B: Neither Microsofts August fix nor our micropatch seem to have covered all PetitPotam affected code. Both fixed the anonymous attack vector but we're investigating additional authenticated paths now and looking for the best way to patch that too.
---------------------------------------------
https://blog.0patch.com/2021/08/free-micropatches-for-petitpotam.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ceph), Fedora (buildah, containernetworking-plugins, and podman), openSUSE (chromium, kernel, php7, python-CairoSVG, python-Pillow, seamonkey, and transfig), Red Hat (microcode_ctl), SUSE (kernel and libcares2), and Ubuntu (c-ares).
---------------------------------------------
https://lwn.net/Articles/865978/


∗∗∗ Intel Releases Multiple Security Updates ∗∗∗
---------------------------------------------
Intel has released security updates to address vulnerabilities multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/intel-releases-multiple-security-updates


∗∗∗ iTunes 12.11.4 for Windows ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT212609


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2021-20427) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-restriction-of-excessive-authentication-attempts-vulnerability-cve-2021-20427/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OpenLDAP vulnerability (CVE-2020-25692) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openldap-vulnerability-cve-2020-25692/


∗∗∗ Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-disconnected-log-collector-is-vulnerable-to-using-components-with-known-vulnerabilities/


∗∗∗ Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager DR ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affects-ibm-vm-recovery-manager-dr-2/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Reliance on Untrusted Inputs in Security Descision ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-reliance-on-untrusted-inputs-in-security-descision/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Weak Password Policy vulnerability (CVE-2021-20418) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-weak-password-policy-vulnerability-cve-2021-20418/


∗∗∗ Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/


∗∗∗ VMSA-2021-0016 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0016.html


∗∗∗ AMD Prozessoren: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0852

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list