[CERT-daily] Tageszusammenfassung - 28.07.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 27-07-2021 18:00 − Mittwoch 28-07-2021 18:00
Handler:     Robert Waldner
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Haron and BlackMatter are the latest groups to crash the ransomware party ∗∗∗
---------------------------------------------
The additions come as the number of high-severity ransomware attacks ratchet up.
---------------------------------------------
https://arstechnica.com/?p=1783582


∗∗∗ LockBit ransomware now encrypts Windows domains using group policies ∗∗∗
---------------------------------------------
An new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/


∗∗∗ Sicherheitswarnung: BSI sieht kaum Schutzmöglichkeiten vor Pegasus ∗∗∗
---------------------------------------------
Das BSI hat eine offizielle Warnung vor der Spionagesoftware Pegasus veröffentlicht. Die Bedrohungslage wird aber nicht als kritisch eingestuft.
---------------------------------------------
https://www.golem.de/news/sicherheitswarnung-bsi-sieht-kaum-schutzmoeglichkeiten-vor-pegasus-2107-158504-rss.html


∗∗∗ UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild ∗∗∗
---------------------------------------------
An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021.
---------------------------------------------
https://thehackernews.com/2021/07/ubel-is-new-oscorp-android-credential.html


∗∗∗ Top 25 der Sicherheitslücken: Buffer Overflows als größte Gefahrenquelle ∗∗∗
---------------------------------------------
Eine kürzlich veröffentlichte Auswertung von häufigen Softwareschwachstellen liefert eine Übersicht über die 25 gefährlichsten Arten.
---------------------------------------------
https://heise.de/-6148053


∗∗∗ Vorsicht bei der Urlaubsbuchung: BetrügerInnen geben sich als türkische Luxus-Hotels aus! ∗∗∗
---------------------------------------------
Wer einen Urlaub in der Türkei buchen will, sollte sich vor BetrügerInnen in Acht nehmen, die Webseiten türkischer Luxus-Hotels kopieren.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-der-urlaubsbuchung-betruegerinnen-geben-sich-als-tuerkische-luxus-hotels-aus/


∗∗∗ THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group ∗∗∗
---------------------------------------------
We provide a technical overview of the previously unseen PlugX variant THOR, indicators of compromise and a new tool for payload decryption.
---------------------------------------------
https://unit42.paloaltonetworks.com/thor-plugx-variant/


∗∗∗ Ransomware Families: 2021 Data to Supplement the Unit 42 Ransomware Threat Report ∗∗∗
---------------------------------------------
We discuss the propagation of different ransomware families we observed in the wild in early 2021 and the different types of extortion used.
---------------------------------------------
https://unit42.paloaltonetworks.com/ransomware-families/


∗∗∗ Top Routinely Exploited Vulnerabilities ∗∗∗
---------------------------------------------
CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) have released the Joint Cybersecurity Advisory Top Routinely Exploited Vulnerabilities, which details the top vulnerabilities routinely exploited by malicious actors in 2020 and those being widely exploited thus far in 2021.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/07/28/top-routinely-exploited-vulnerabilities



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical Microsoft Hyper-V bug could haunt orgs for a long time ∗∗∗
---------------------------------------------
Technical details are now available for a vulnerability that affects Hyper-V, Microsofts native hypervisor for creating virtual machines on Windows systems and in Azure cloud computing environment.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/critical-microsoft-hyper-v-bug-could-haunt-orgs-for-a-long-time/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (golang), Mageia (curl, filezilla, jdom/jdom2, netty, pdfbox, perl-Mojolicious, perl-Net-CIDR-Lite, perl-Net-Netmask, python-urllib3, python3, quassel, transfig, and virtualbox), openSUSE (umoci), Red Hat (rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon and rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon), and SUSE (firefox, glibc, libsndfile, linuxptp, qemu, and umoci).
---------------------------------------------
https://lwn.net/Articles/864497/


∗∗∗ Security Bulletin: A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-ruby-on-rails-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-2/


∗∗∗ Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Mgmt (CVE-2021-2207) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-mgmt-cve-2021-2207/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-contract-management-2/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Program Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-program-management-2/


∗∗∗ Security Bulletin: Vulnerability deferred from Oracle Oct 2020 CPU for Java 8 (CVE-2020-14781 ) may affect IBM® SDK, Java™ Technology Edition and IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-deferred-from-oracle-oct-2020-cpu-for-java-8-cve-2020-14781-may-affect-ibm-sdk-java-technology-edition-and-ibm-operations-analytics-predictive-insig/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Sourcing ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-sourcing-2/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/


∗∗∗ Security Bulletin: IBM Analyst's Notebook Premium uses a component with known vulnerabilities (CVE-2020-16013, CVE-2020-16009, CVE-2020-15999) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-analysts-notebook-premium-uses-a-component-with-known-vulnerabilities-cve-2020-16013-cve-2020-16009-cve-2020-15999/


∗∗∗ Security Bulletin: Vulnerabilities in Java and WLP affects IBM Cloud Application Business Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-and-wlp-affects-ibm-cloud-application-business-insights/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Guardium Data Encryption (GDE) (CVE-2020-7676) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-guardium-data-encryption-gde-cve-2020-7676/


∗∗∗ Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affects-ibm-vm-recovery-manager/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-9/


∗∗∗ Security Bulletin: HTTP Header Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2021-20560) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-http-header-vulnerability-affects-ibm-sterling-connectdirect-browser-user-interface-cve-2021-20560/


∗∗∗ Security Bulletin: Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-engineering-lifecycle-management-and-ibm-engineering-products/


∗∗∗ Security Bulletin: RabbitMQ as used by IBM QRadar SIEM is vulnerable to unsafe deserialization (CVE-2020-36282) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-rabbitmq-as-used-by-ibm-qradar-siem-is-vulnerable-to-unsafe-deserialization-cve-2020-36282-3/


∗∗∗ Security Bulletin: Information disclosure vulnerability in IBM i2 Analyze (CVE-2021-29766) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-ibm-i2-analyze-cve-2021-29766/


∗∗∗ Security Bulletin: IBM Transparent Could Tiering is affected by a vulnerability in Apache Commons IO ( CVE-2021-29425) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-transparent-could-tiering-is-affected-by-a-vulnerability-in-apache-commons-io-cve-2021-29425/


∗∗∗ Security Bulletin: i2 Analyse and Analyst's Notebook Premium have hyperlink clicking vulnerability (CVE-2021-29770) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-i2-analyse-and-analysts-notebook-premium-have-hyperlink-clicking-vulnerability-cve-2021-29770/


∗∗∗ Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affects-ibm-vm-recovery-manager-2/


∗∗∗ SECURITY BULLETIN: July 28, 2021, Security Bulletin for Worry-Free Business Security ∗∗∗
---------------------------------------------
https://success.trendmicro.com/solution/000287820


∗∗∗ SECURITY BULLETIN: July 28, 2021, Security Bulletin for Trend Micro Apex One and Apex One as a Service ∗∗∗
---------------------------------------------
https://success.trendmicro.com/solution/000287819


∗∗∗ MISP: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0814


∗∗∗ KUKA KR C4 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-01


∗∗∗ Mitsubishi Electric GOT2000 series and GT SoftGOT2000 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-02


∗∗∗ Geutebrück G-Cam E2 and G-Code ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03


∗∗∗ LCDS LAquis SCADA ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-04


∗∗∗ Delta Electronics DIAScreen ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily