[CERT-daily] Tageszusammenfassung - 23.08.2021

Mon Aug 23 18:13:12 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 20-08-2021 18:00 − Montag 23-08-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ ProxyShell: Massive Angriffswelle auf ungepatchte Exchange-Server ∗∗∗
---------------------------------------------
Die Lücken sind bekannt, Patches da - trotzdem sind tausende Exchange-Server angreifbar. Nun rollt eine massive Angriffswelle, die die Schwachstellen ausnutzt.
---------------------------------------------
https://heise.de/-6171597


∗∗∗ SynAck ransomware decryptor lets victims recover files for free ∗∗∗
---------------------------------------------
Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/synack-ransomware-decryptor-lets-victims-recover-files-for-free/


∗∗∗ Kubernetes hardening: Drilling down on the NSA/CISA guidance ∗∗∗
---------------------------------------------
Kubernetes has become the de facto choice for container orchestration. Some studies report that up to 88% of organizations are using Kubernetes for their container orchestration needs and 74% of that occurring in production environments. That said, security remains a critical concern with as many as 94% of organizations reporting at least one security incident in their Kubernetes environments in the last 12 months.
---------------------------------------------
https://www.csoonline.com/article/3629049/kubernetes-hardening-drilling-down-on-the-nsa-cisa-guidance.html


∗∗∗ Gaming-related cyberthreats in 2020 and 2021 ∗∗∗
---------------------------------------------
In this report, you will find statistics and other information about gaming-related malware, phishing schemes and other threats in 2020 and the first half of 2021.
---------------------------------------------
https://securelist.com/game-related-cyberthreats/103675/


∗∗∗ Web Censorship Systems Can Facilitate Massive DDoS Attacks ∗∗∗
---------------------------------------------
Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks.
---------------------------------------------
https://threatpost.com/censorship-systems-ddos-attacks/168853/


∗∗∗ Out of Band Phishing. Using SMS messages to Evade Network Detection, (Thu, Aug 19th) ∗∗∗
---------------------------------------------
Many companies have extensive security tools to monitor employee computers. But these precautions often fail for "out of band" access that uses cellular networks instead of Ethernet/WiFi networks. Our reader Isabella sent us this phishing email that they received: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/27768


∗∗∗ Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group ∗∗∗
---------------------------------------------
ShinyHunters, a notorious cybercriminal underground group thats been on a data breach spree since last year, has been observed searching companies GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers modus operandi has revealed.
---------------------------------------------
https://thehackernews.com/2021/08/researchers-detail-modus-operandi-of.html


∗∗∗ Details Disclosed for Critical Vulnerability in Sophos Appliances ∗∗∗
---------------------------------------------
Organizations using security appliances from Sophos have been advised to make sure their devices are up to date after a researcher disclosed the details of a critical vulnerability patched last year.
---------------------------------------------
https://www.securityweek.com/details-disclosed-critical-vulnerability-sophos-appliances


∗∗∗ LockFile: Ransomware Uses PetitPotam Exploit to Compromise Windows Domain Controllers ∗∗∗
---------------------------------------------
Previously unseen ransomware hit at least 10 organizations in ongoing campaign.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockfile-ransomware-new-petitpotam-windows


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Das Anstecken einer Razer-Maus macht Angreifer zu Windows-10-Admins ∗∗∗
---------------------------------------------
Eine Schwachstelle in der Konfigurationssoftware Synapse von Razer gefährdet Windows-PCs. Ein Sicherheitspatch steht noch aus.
---------------------------------------------
https://heise.de/-6171968


∗∗∗ Attackers Actively Exploiting Realtek SDK Flaws ∗∗∗
---------------------------------------------
Multiple vulnerabilities in software used by 65 vendors under active attack.
---------------------------------------------
https://threatpost.com/attackers-exploiting-realtek/168856/


∗∗∗ Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems ∗∗∗
---------------------------------------------
Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. Thats according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top [...]
---------------------------------------------
https://thehackernews.com/2021/08/top-15-vulnerabilities-attackers.html


∗∗∗ Micropatching MSHTML Remote Code Execution Issue (CVE-2021-33742) ∗∗∗
---------------------------------------------
June 2021 Windows Updates brought a fix for CVE-2021-33742, a remote code execution in the MSHTML component, exploitable via Microsoft browsers and potentially other applications using this component, e.g. via a malicious Microsoft Word document. Discovery of this issue was attributed to Clément Lecigne of Google’s Threat Analysis Group, while Googles security researcher Maddie Stone wrote a detailed analysis.
---------------------------------------------
https://blog.0patch.com/2021/08/micropatching-mshtml-remote-code.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ffmpeg, ircii, and scrollz), Fedora (kernel, krb5, libX11, and rust-actix-http), Mageia (kernel and kernel-linus), openSUSE (aspell, chromium, dbus-1, isync, java-1_8_0-openjdk, krb5, libass, libhts, libvirt, prosody, systemd, and tor), SUSE (cpio, dbus-1, libvirt, php7, qemu, and systemd), and Ubuntu (inetutils).
---------------------------------------------
https://lwn.net/Articles/867149/


∗∗∗ Planned Vembu Full Disclosure ∗∗∗
---------------------------------------------
If you are using Vembu BDR version 3.7.0, 3.9.1 Update 1, 4.2.0 or 4.2.0.1 and have your instances exposed to public internet, you are strongly advices to upgrade to Vembu BDR v4.2.0.2. On the 25th of August we plan to release the full details of the following CVEs: CVE-2021-26471, CVE-2021-26472, and CVE-2021-26473 All of these vulnerabilities are unauthenticated remote code execution vulnerabilities.
---------------------------------------------
https://csirt.divd.nl/2021/08/20/Planned-Vembu-Full-Disclosure/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-27221) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-v12-cve-2020-27221-4/


∗∗∗ F-Secure Produkte: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0898

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily