[CERT-daily] Tageszusammenfassung - 16.08.2021

Daily end-of-shift report team at cert.at
Mon Aug 16 18:33:58 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 13-08-2021 18:00 − Montag 16-08-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Keine Panik nach Ransomware-Angriff ∗∗∗
---------------------------------------------
Sieben Maßnahmen, die Opfer während oder nach einem erfolgreichen Ransomware-Angriff ergreifen sollten, schildert Daniel Clayton, Vice President of Global Services and Support bei Bitdefender, in einem Gastbeitrag.
---------------------------------------------
https://www.zdnet.de/88396234/keine-panik-nach-ransomware-angriff/


∗∗∗ USA: 100 Millionen T-Mobile-Kunden von Datenleck betroffen ∗∗∗
---------------------------------------------
Kriminelle haben Server von T-Mobile gehackt und umfangreiche Kundendaten kopiert. Diese bieten sie nun zum Verkauf an.
---------------------------------------------
https://www.golem.de/news/usa-100-millionen-t-mobile-kunden-von-datenleck-betroffen-2108-158909-rss.html


∗∗∗ Microsoft Teams korrekt absichern – Teil 2 ∗∗∗
---------------------------------------------
Wie die Absicherung der beliebten Kollaborations-Software am besten gelingt, schildert Bert Skorupski, Senior Manager Sales Engineering bei Quest Software, im zweiten Teil seines Gastbeitrages.
---------------------------------------------
https://www.zdnet.de/88396232/microsoft-teams-korrekt-absichern-teil-2/


∗∗∗ Firewalls and middleboxes can be weaponized for gigantic DDoS attacks ∗∗∗
---------------------------------------------
In an award-winning paper today, academics said they discovered a way to abuse the TCP protocol, firewalls, and other network middleboxes to launch giant distributed denial of service (DDoS) attacks against any target on the internet.
---------------------------------------------
https://therecord.media/firewalls-and-middleboxes-can-be-weaponized-for-gigantic-ddos-attacks/


∗∗∗ The sextortion Scams: The Numbers Show That What We Have Is A Failure Of Education ∗∗∗
---------------------------------------------
Subject: Your account was under attack! Change your credentials! [...] Did you receive a message phrased more or less like that, which then went on to say that they have a video of you performing an embarrasing activity while visiting an "adult" site, which they will send to all your contacts unless you buy Bitcoin and send to a specific ID? The good news is that the video does not exist. I know this, because neither does our friend Adnan here.
---------------------------------------------
https://bsdly.blogspot.com/2020/02/the-sextortion-scams-numbers-show-that.html


∗∗∗ Windows 365 exposes Microsoft Azure credentials in plaintext ∗∗∗
---------------------------------------------
A security researcher has figured out a way to dump a users unencrypted plaintext Microsoft Azure credentials from Microsofts new Windows 365 Cloud PC service using Mimikatz.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/windows-365-exposes-microsoft-azure-credentials-in-plaintext/


∗∗∗ Colonial Pipeline reports data breach after May ransomware attack ∗∗∗
---------------------------------------------
Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/colonial-pipeline-reports-data-breach-after-may-ransomware-attack/


∗∗∗ Simple Tips For Triage Of MALWARE Bazaars Daily Malware Batches, (Sun, Aug 15th) ∗∗∗
---------------------------------------------
I was asked for tips to triage MALWARE Bazaar's daily malware batches. On Linux / macOS, you can unzip a malware batch and triage it with the file command. There is no file command on Windows, but there are Windows versions you can install, and you can also use my file-magic tool (it's a Python tool that uses Python module python-magic-bin).
---------------------------------------------
https://isc.sans.edu/diary/rss/27750


∗∗∗ Discovering CAPTCHA Protected Phishing Campaigns ∗∗∗
---------------------------------------------
CAPTCHA-protected phishing campaigns are becoming more popular. We share techniques to detect malicious content despite these evasions.
---------------------------------------------
https://unit42.paloaltonetworks.com/captcha-protected-phishing/


∗∗∗ Trickbot Deploys a Fake 1Password Installer ∗∗∗
---------------------------------------------
Over the past years, Trickbot has established itself as modular and multifunctional malware. Initially focusing on bank credential theft, the Trickbot operators have extended its capabilities.
---------------------------------------------
https://thedfirreport.com/2021/08/16/trickbot-deploys-a-fake-1password-installer/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Advisories for COMMAX Products ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5667.php 
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5666.php 
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php 
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5664.php 
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5663.php 
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5662.php 
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php 
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5660.php 
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/


∗∗∗ Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain ∗∗∗
---------------------------------------------
At least 65 vendors affected by severe vulnerabilities that enable unauthenticated attackers to fully compromise the target device and execute arbitrary code with the highest level of privilege.
---------------------------------------------
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/


∗∗∗ XSS Vulnerability Patched in SEOPress Affects 100,000 sites ∗∗∗
---------------------------------------------
On July 29, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in SEOPress, a WordPress plugin installed on over 100,000 sites. This flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable site which would execute anytime a user accessed the [...]
---------------------------------------------
https://www.wordfence.com/blog/2021/08/xss-vulnerability-patched-in-seopress-affects-100000-sites/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (c-ares, firefox, fossil, gitlab, jupyterlab, loki, lynx, opera, prosody, and vivaldi), Debian (amd64-microcode, exiv2, ffmpeg, thunderbird, and trafficserver), Fedora (libsndfile, rust-argh, rust-argh_derive, rust-argh_shared, rust-askalono-cli, rust-asyncgit, rust-bugreport, rust-crosstermion, rust-diskonaut, rust-dua-cli, rust-fancy-regex, rust-fedora-update-feedback, rust-filetreelist, rust-git-version, rust-git-version-macro, rust-gitui, [...]
---------------------------------------------
https://lwn.net/Articles/866473/


∗∗∗ PEPPERL+FUCHS: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service ∗∗∗
---------------------------------------------
PEPPERL+FUCHS: Critical vulnerabilities have been discovered in the product and in the utilized components jQuery by jQuery Team and TLS Version 1.0/1.1.
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2021-027


∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2021 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-july-2021-cpu/


∗∗∗ Security Bulletin: IBM Transparent Cloud Tiering is affected by a vulnerability in Apache Commons IO ( CVE-2021-29425) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-transparent-cloud-tiering-is-affected-by-a-vulnerability-in-apache-commons-io-cve-2021-29425/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list