[CERT-daily] Tageszusammenfassung - 20.05.2021

Thu May 20 18:32:47 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 19-05-2021 18:00 − Donnerstag 20-05-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Exchange bleibt Hauptangriffsziel in der Microsoft-Cloud ∗∗∗
---------------------------------------------
Vectra AI hat die zehn wichtigsten Bedrohungen in Azure AD und Office 365 aufgelistet. Exchange bleibt für Angreifer offenbar unverändert attraktiv.
---------------------------------------------
https://heise.de/-6050650


∗∗∗ Cisco bringt Security-Updates ∗∗∗
---------------------------------------------
Cisco hat einige Updates zu Sicherheitsprodukten angekündigt, darunter das Major Release 7.0 der Secure Firewall Threat Defense und die Integration von Snort 3.
---------------------------------------------
https://heise.de/-6049957


∗∗∗ Attacken auf Android: Jetzt patchen! Wenn es denn Sicherheitsupdates gibt ... ∗∗∗
---------------------------------------------
Derzeit haben es Angreifer auf Android-Geräte abgesehen. Patches gibt es aber in der Regel nur für aktuelle Smartphones und Tablets.
---------------------------------------------
https://heise.de/-6050515


∗∗∗ Fake-Shops: So erkennen Sie betrügerische Online-Shops! ∗∗∗
---------------------------------------------
Das Problem betrügerischer Online-Shops - besser bekannt als Fake-Shops - nimmt weiterhin zu. Damit Sie die unterschiedlichen Arten von Fake-Shops schnell erkennen, beschreiben wir im folgenden Artikel die gängigsten Formen und worauf bei diesen besonders aufzupassen ist. Ein Einkauf in einem Fake-Shop kann Sie nämlich wahrlich teuer zu stehen kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-shops-so-erkennen-sie-betruegerische-online-shops/


∗∗∗ Qlocker ransomware shuts down after extorting hundreds of QNAP users ∗∗∗
---------------------------------------------
The Qlocker ransomware gang has shut down their operation after earning $350,000 in a month by exploiting vulnerabilities in QNAP NAS devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qlocker-ransomware-shuts-down-after-extorting-hundreds-of-qnap-users/


∗∗∗ Keksec Cybergang Debuts Simps Botnet for Gaming DDoS ∗∗∗
---------------------------------------------
The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities.
---------------------------------------------
https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/


∗∗∗ BazarCall: Call Centers Help Spread BazarLoader Malware ∗∗∗
---------------------------------------------
Call center operators offer to personally guide victims through a process designed to infect vulnerable computers with BazarLoader malware.
---------------------------------------------
https://unit42.paloaltonetworks.com/bazarloader-malware/


∗∗∗ Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware ∗∗∗
---------------------------------------------
CISA and the Federal Bureau of Investigation (FBI) have updated Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Disruption from Ransomware Attacks, originally released May 11, 2021. This update provides a downloadable STIX file of indicators of compromise (IOCs) to help network defenders find and mitigate activity associated with DarkSide ransomware.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/05/19/update-cisa-fbi-joint-cybersecurity-advisory-darkside-ransomware


∗∗∗ Misconfiguration of third party cloud services exposed data of over 100 million users ∗∗∗
---------------------------------------------
After examining 23 Android applications, Check Point Research (CPR) noticed mobile app developers potentially exposed the personal data of over 100 million users through a variety of misconfigurations of third party cloud services. Personal data included emails, chat messages, location, passwords and photos, which, in the hands of malicious actors could lead to fraud, identity-theft and service swipes.
---------------------------------------------
https://blog.checkpoint.com/2021/05/20/misconfiguration-of-third-party-cloud-services-exposed-data-of-over-100-million-users/


∗∗∗ Microsoft warns of malware campaign spreading a RAT masquerading as ransomware ∗∗∗
---------------------------------------------
The Microsoft security team has published details on Wednesday about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack.
---------------------------------------------
https://therecord.media/microsoft-warns-of-malware-campaign-spreading-a-rat-masquerading-as-ransomware/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-21-601: Ubiquiti Networks EdgeOS Improper Certificate Validation Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ubiquiti Networks EdgeOS on EdgeRouter X, EdgeRouter Pro X SFP, EdgeRouter 10X and EdgePoint 6-port routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-601/


∗∗∗ Vulnerability Spotlight: Information disclosure vulnerability in macOS SMB server ∗∗∗
---------------------------------------------
Cisco Talos recently discovered an exploitable integer overflow vulnerability in Apple macOS’ SMB server that could lead to information disclosure.
---------------------------------------------
https://blog.talosintelligence.com/2021/05/vuln-spotlight-smb-information-disclosure.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (cacti, cacti-spine, exif, firefox, kernel, mariadb, and thunderbird), Mageia (kernel, kernel-linus, and libxml2), openSUSE (exim and jhead), Oracle (slapi-nis and xorg-x11-server), Scientific Linux (slapi-nis and xorg-x11-server), Slackware (libX11), SUSE (djvulibre, fribidi, graphviz, grub2, libass, libxml2, lz4, python-httplib2, redis, rubygem-actionpack-4_2, and xen), and Ubuntu (pillow and python-babel).
---------------------------------------------
https://lwn.net/Articles/856775/


∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/05/20/cisco-releases-security-updates-multiple-products


∗∗∗ Security Bulletin: A vulnerability in IBM Java affects IBM Developer for z Systems. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-affects-ibm-developer-for-z-systems-2/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional-5/


∗∗∗ Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-virtual-appliance/


∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability within libcurl (CVE-2020-8284) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-libcurl-cve-2020-8284/


∗∗∗ Security Bulletin: A security vulnerability in Node.js netmask module affects IBM Cloud Pak for Multicloud Management Managed Service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-netmask-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/


∗∗∗ Security Bulletin: A security vulnerability in Node.js netmask module affects IBM Cloud Automation Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-netmask-module-affects-ibm-cloud-automation-manager/


∗∗∗ Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability in IBM® Runtime Environment Java™ ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-transparent-cloud-tiering-is-affected-by-a-vulnerability-in-ibm-runtime-environment-java/


∗∗∗ Security Bulletin: A security vulnerability in Node.js braces and netmask module affects IBM Cloud Pak for Multicloud Management Managed Service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-braces-and-netmask-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/


∗∗∗ Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-3/


∗∗∗ Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-lodash-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service-2/


∗∗∗ Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager (CVE-2021-29687, CVE-2021-29688) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-cve-2021-29687-cve-2021-29688/


∗∗∗ WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2021-014

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily