[CERT-daily] Tageszusammenfassung - 12.08.2021

Thu Aug 12 18:11:08 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 11-08-2021 18:00 − Donnerstag 12-08-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ PrintNightmare: Schon wieder eine Drucker-Lücke in Windows ohne Patch ∗∗∗
---------------------------------------------
Microsoft kriegt seine Druckerverwaltung offensichtlich nicht in den Griff, Angreifer könnten sich erneut System-Rechte verschaffen.
---------------------------------------------
https://heise.de/-6163743


∗∗∗ Accenture Opfer der Lockbit Ransomware ∗∗∗
---------------------------------------------
Das IT-Beratungsunternehmen Accenture ist wohl Opfer eines Cyber-Angriffs mit der Lockbit-Ransomware geworden. Das Unternehmen hat den Angriff inzwischen eingestanden. Bei dem Ransomware-Befall scheinen auch Daten abgezogen worden zu sein. Hier einige Informationen, was inzwischen bekannt ist.
---------------------------------------------
https://www.borncity.com/blog/2021/08/12/accenture-opfer-der-lockbit-ransomware/


∗∗∗ QR Code Scammers Get Creative with Bitcoin ATMs ∗∗∗
---------------------------------------------
Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technologys trust relationship with users.
---------------------------------------------
https://threatpost.com/qr-code-scammers-bitcoin-atms/168621/


∗∗∗ 7 ways to harden your environment against compromise ∗∗∗
---------------------------------------------
Here at the global Microsoft Compromise Recovery Security Practice (CRSP), we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware and the deployment of crypto-mining tools.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/08/11/7-ways-to-harden-your-environment-against-compromise/


∗∗∗ Best Practices for Web Form Security ∗∗∗
---------------------------------------------
Web form security ⁠— the set of tools and practices intended to protect web forms from attacks and abuse ⁠— is one of the most critical aspects of overall website security. Web forms allow users to interact with your site and enable a lot of useful functionality. However, once a user can interact with your site to do something useful there is a new attack surface for a hacker to exploit.
---------------------------------------------
https://blog.sucuri.net/2021/08/best-practices-for-web-form-security.html


∗∗∗ Experts Shed Light On New Russian Malware-as-a-Service Written in Rust ∗∗∗
---------------------------------------------
A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.
---------------------------------------------
https://thehackernews.com/2021/08/experts-shed-light-on-new-russian.html


∗∗∗ Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT ∗∗∗
---------------------------------------------
Group TA505 has been active for at least seven years, making wide-ranging connections with other threat actors involved in ransomware, stealing credit card numbers and exfiltrating data. One of the common tools in TA505s arsenal is ServHelper.
---------------------------------------------
https://blog.talosintelligence.com/2021/08/raccoon-and-amadey-install-servhelper.html


∗∗∗ Why No HTTPS? The 2021 Version ∗∗∗
---------------------------------------------
More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the worlds largest websites that didnt properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than [...]
---------------------------------------------
https://www.troyhunt.com/why-no-https-the-2021-version/


∗∗∗ August 2021 ICS Patch Tuesday: Siemens, Schneider Address Over 50 Flaws ∗∗∗
---------------------------------------------
Siemens and Schneider Electric on Tuesday released 18 security advisories addressing a total of more than 50 vulnerabilities affecting their products. The vendors have provided patches, mitigations, and general security recommendations for reducing the risk of attacks.
---------------------------------------------
https://www.securityweek.com/august-2021-ics-patch-tuesday-siemens-schneider-address-over-50-flaws


∗∗∗ IISerpent: Malware‑driven SEO fraud as a service ∗∗∗
---------------------------------------------
The last in our series on IIS threats introduces a malicious IIS extension used to manipulate page rankings for third-party websites
---------------------------------------------
https://www.welivesecurity.com/2021/08/11/iiserpent-malware-driven-seo-fraud-service/


∗∗∗ Affiliates Unlocked: Gangs Switch Between Different Ransomware Families ∗∗∗
---------------------------------------------
The demise of Sodinokibi has led to a surge in LockBit activity, while there’s evidence affiliates are using multiple ransomware families to achieve their goals.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-trends-lockbit-sodinokibi


∗∗∗ CobaltSpam tool can flood Cobalt Strike malware servers ∗∗∗
---------------------------------------------
A security researcher has published this week a tool to flood Cobalt Strike servers—often used by malware gangs—with fake beacons in order to corrupt their internal databases of infected systems.
---------------------------------------------
https://therecord.media/cobaltspam-tool-can-flood-cobalt-strike-malware-servers/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Intel schließt Sicherheitslücken in Laptops, Linux-Treibern & Co. ∗∗∗
---------------------------------------------
Angreifer könnten Intel-PCs attackieren und im schlimmsten Fall die volle Kontrolle über Computer erlangen. Sicherheitsupdates sind verfügbar.
---------------------------------------------
https://heise.de/-6163478


∗∗∗ JavaScript-Framework: Next.js 11.1 behebt eine Open-Redirect-Sicherheitslücke ∗∗∗
---------------------------------------------
Das React-Framework Next.js erhält knapp zwei Monate nach der letzten Hauptversion ein Update auf Version 11.1, um mögliche Open Redirects zu verhindern.
---------------------------------------------
https://heise.de/-6163575


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (java-1.8.0-openjdk), Debian (firefox-esr, libspf2, and openjdk-11-jre-dcevm), Fedora (bluez, fetchmail, and prosody), Oracle (edk2, glib2, kernel, and libuv), Red Hat (.NET Core 3.1), SUSE (cpio), and Ubuntu (firefox and openssh).
---------------------------------------------
https://lwn.net/Articles/866076/


∗∗∗ Plone vulnerable to open redirect ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN50804280/


∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to CSV Injection (CVE-2021-20509) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-csv-injection-cve-2021-20509/


∗∗∗ Security Vulnerabilities fixed in Thunderbird 91 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/


∗∗∗ TRUMPF Laser GmbH: multiple products prone to codesys runtime vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2021-033


∗∗∗ Node.js: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0866

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily