[CERT-daily] Tageszusammenfassung - 31.08.2021

Daily end-of-shift report team at cert.at
Tue Aug 31 18:10:49 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 30-08-2021 18:00 − Dienstag 31-08-2021 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs ∗∗∗
---------------------------------------------
Cybercriminals are making strides towards attacks with malware that executes code from the graphics processing unit (GPU) of a compromised system.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/


∗∗∗ LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection ∗∗∗
---------------------------------------------
Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.
---------------------------------------------
https://threatpost.com/lockfile-ransomware-avoid-detection/169042/


∗∗∗ Top 3 APIs Vulnerabilities: Why Apps are Owned by Cyberattackers ∗∗∗
---------------------------------------------
Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them.
---------------------------------------------
https://threatpost.com/top-3-api-vulnerabilities-cyberattackers/169048/


∗∗∗ BrakTooth: Impacts, Implications and Next Steps, (Tue, Aug 31st) ∗∗∗
---------------------------------------------
Today, the Automated Systems SEcuriTy (ASSET) Research Group from the Singapore University of Technology and Design (SUTD) revealed the BrakTooth family of vulnerabilities in commercial Bluetooth (BT) Classic stacks for various System-on-Chips (SoC).
---------------------------------------------
https://isc.sans.edu/diary/rss/27802


∗∗∗ Code Generated by GitHub Copilot Can Introduce Vulnerabilities: Researchers ∗∗∗
---------------------------------------------
A group of researchers has discovered that roughly 40% of the code produced by the GitHub Copilot language model is vulnerable.
---------------------------------------------
https://www.securityweek.com/code-generated-github-copilot-can-introduce-vulnerabilities-researchers


∗∗∗ SWR-Verbrauchermagazin „Marktcheck“ warnt vor Fake-Shops auf Instagram ∗∗∗
---------------------------------------------
Betrügerische Online-Shops schalten im großen Stil auf Social-Media-Plattformen wie Instagram Werbeanzeigen.
---------------------------------------------
https://www.watchlist-internet.at/news/swr-verbrauchermagazin-marktcheck-warnt-vor-fake-shops-auf-instagram/


∗∗∗ DNS Rebinding Attack: How Malicious Websites Exploit Private Networks ∗∗∗
---------------------------------------------
DNS rebinding allows attackers to take advantage of web-based consoles to exploit internal networks by abusing the domain name system.
---------------------------------------------
https://unit42.paloaltonetworks.com/dns-rebinding/


∗∗∗ Cyberattackers are now quietly selling off their victims internet bandwidth ∗∗∗
---------------------------------------------
Proxyware is yet another way for criminals to generate revenue from their victims.
---------------------------------------------
https://www.zdnet.com/article/cyberattackers-are-now-quietly-selling-off-their-victims-internet-bandwidth/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ NAS und Sicherheit: Qnap und Synology von OpenSSL-Lücke betroffen ∗∗∗
---------------------------------------------
Produkte beider NAS-Hersteller sind von einer bereits geschlossenen OpenSSL-Lücke betroffen. Sie arbeiten an einem Fix.
---------------------------------------------
https://www.golem.de/news/nas-und-sicherheit-qnap-und-synology-von-openssl-luecke-betroffen-2108-159225-rss.html


∗∗∗ HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform ∗∗∗
---------------------------------------------
HPE joins Apple in warning customers of a high-severity Sudo vulnerability.
---------------------------------------------
https://threatpost.com/hpe-sudo-bug-aruba-platform/169038/


∗∗∗ Kritische Rechte-Lücke in PostgreSQL-Modul geschlossen ∗∗∗
---------------------------------------------
Es gibt ein wichtiges Sicherheitsupdate für das set_user-Extension-Modul der Open-Source-Datenbank PostgreSQL.
---------------------------------------------
https://heise.de/-6177973


∗∗∗ CPU-Sicherheitslücke: AMD Ryzen und Epyc per Seitenkanal verwundbar ∗∗∗
---------------------------------------------
Sicherheitsforscher der TU Dresden beweisen, dass komplizierte Angriffe der Meltdown-Klasse grundsätzlich auch bei AMDs Ryzen-Prozessoren funktionieren.
---------------------------------------------
https://heise.de/-6178386


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (libsndfile and libX11), Debian (ledgersmb, libssh, and postgresql-9.6), Fedora (squashfs-tools), openSUSE (389-ds, nodejs12, php7, spectre-meltdown-checker, and thunderbird), Oracle (kernel, libsndfile, and libX11), Red Hat (bind, cloud-init, edk2, glibc, hivex, kernel, kernel-rt, kpatch-patch, microcode_ctl, python3, and sssd), SUSE (bind, mysql-connector-java, nodejs12, sssd, and thunderbird), and Ubuntu (apr, squashfs-tools, thunderbird, [...]
---------------------------------------------
https://lwn.net/Articles/867917/


∗∗∗ Companies Release Security Advisories in Response to New OpenSSL Vulnerabilities ∗∗∗
---------------------------------------------
Updates announced by the OpenSSL Project on August 24 patched CVE-2021-3711, a high-severity buffer overflow related to SM2 decryption, and CVE-2021-3712, a medium-severity flaw that can be exploited for denial-of-service (DoS) attacks, and possibly for the disclosure of private memory contents.
---------------------------------------------
https://www.securityweek.com/companies-release-security-advisories-response-new-openssl-vulnerabilities


∗∗∗ Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems ∗∗∗
---------------------------------------------
Researchers at cybersecurity firm Rapid7 have identified a couple of vulnerabilities that they claim can be exploited by hackers to remotely disarm one of the home security systems offered by Fortress Security Store. 
---------------------------------------------
https://www.securityweek.com/vulnerabilities-can-allow-hackers-disarm-fortress-home-security-systems


∗∗∗ Crashing SIP Clients with a Single Slash ∗∗∗
---------------------------------------------
Claroty’s Team82 has disclosed a vulnerability in Belledonne Communications’ Linphone SIP Protocol Stack.
---------------------------------------------
https://claroty.com/2021/08/31/blog-research-crashing-sip-clients-with-a-single-slash/


∗∗∗ Synology-SA-21:25 DSM ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_21_25

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list