[CERT-daily] Tageszusammenfassung - 27.12.2021

Mon Dec 27 18:08:28 CET 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 23-12-2021 18:00 − Montag 27-12-2021 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Rook ransomware is yet another spawn of the leaked Babuk code ∗∗∗
---------------------------------------------
A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make "a lot of money" by breaching corporate networks and encrypting devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/rook-ransomware-is-yet-another-spawn-of-the-leaked-babuk-code/


∗∗∗ QNAP NAS devices hit in surge of ech0raix ransomware attacks ∗∗∗
---------------------------------------------
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qnap-nas-devices-hit-in-surge-of-ech0raix-ransomware-attacks/


∗∗∗ Example of how attackers are trying to push crypto miners via Log4Shell, (Fri, Dec 24th) ∗∗∗
---------------------------------------------
While following Log4Shell's exploit attempts hitting our honeypots, I came across another campaign trying to push a crypto miner on the victims machines.
---------------------------------------------
https://isc.sans.edu/diary/rss/28172


∗∗∗ More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild ∗∗∗
---------------------------------------------
A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes.
---------------------------------------------
https://therecord.media/more-than-1200-phishing-toolkits-capable-of-intercepting-2fa-detected-in-the-wild/


∗∗∗ QNAP Firmware-Update Version QTS 5.0.0.1891 build 20211221 und log4j-Schwachstelle ∗∗∗
---------------------------------------------
Der Hersteller QNAP hat kurz vor Weihnachten ein Firmware-Update für sein QTS 5 freigegeben. Das Update schließt einige Schwachstellen. Zudem wurde eine log4j-Schwachstelle in QNAP-Software gemeldet.
---------------------------------------------
https://www.borncity.com/blog/2021/12/26/qnap-firmware-update-version-qts-5-0-0-1891-build-20211221-und-log4j-schwachstelle/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Garrett Walk-Through Metal Detectors Can Be Hacked Remotely ∗∗∗
---------------------------------------------
A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices.
---------------------------------------------
https://thehackernews.com/2021/12/garrett-walk-through-metal-detectors.html


∗∗∗ Remote Code Execution Vulnerabilities in Veritas Enterprise Vault ∗∗∗
---------------------------------------------
Veritas has discovered an issue where Veritas Enterprise Vault could allow Remote Code Execution on a vulnerable Enterprise Vault Server. CVSS v3.1 Base Score 9.8 CVEs: CVE-2021-44679, CVE-2021-44680, CVE-2021-44678, CVE-2021-44677, CVE-2021-44682, CVE-2021-44681
---------------------------------------------
https://www.veritas.com/content/support/en_US/security/VTS21-003


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM hat 33 Security Bulletins veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (webkit2gtk and wpewebkit), Fedora (httpd and singularity), Mageia (ldns, netcdf, php, ruby, thrift/golang-github-apache-thrift, thunderbird, and webkit2), openSUSE (go1.16, go1.17, libaom, and p11-kit), and SUSE (go1.16, go1.17, htmldoc, libaom, libvpx, logstash, openssh-openssl1, python3, and runc).
---------------------------------------------
https://lwn.net/Articles/879791/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apache-log4j2, libextractor, libpcap, and wireshark), Fedora (grub2, kernel, libopenmpt, log4j, mingw-binutils, mingw-python-lxml, and seamonkey), Mageia (golang, lapack/openblas, and samba), and openSUSE (go1.16, libaom, log4j12, logback, and runc).
---------------------------------------------
https://lwn.net/Articles/879891/


∗∗∗ SolarWinds - multiple advisories ∗∗∗
---------------------------------------------
https://www.solarwinds.com/trust-center/security-advisories


∗∗∗ Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211215-01-log4j-en


∗∗∗ K16090693: Apache HTTP server vulnerability CVE-2021-44224 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K16090693


∗∗∗ Moxa MGate Protocol Gateways ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-357-01


∗∗∗ Johnson Controls exacq Enterprise Manager ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-357-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily