[CERT-daily] Tageszusammenfassung - 14.10.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 13-10-2021 18:00 − Donnerstag 14-10-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Wolfgang Menezes

=====================
=       News        =
=====================

∗∗∗ Nach Datenleck: Hausdurchsuchung statt Dankeschön ∗∗∗
---------------------------------------------
Rund 700.000 Personen sind von einem Datenleck betroffen. Ein Programmierer hatte die Lücke entdeckt und gemeldet - und erhielt eine Anzeige. Von Moritz Tremmel (Datenleck, Server)
---------------------------------------------
https://www.golem.de/news/nach-datenleck-hausdurchsuchung-statt-dankeschoen-2110-160269-rss.html


∗∗∗ Romance scams with a cryptocurrency twist – new research from SophosLabs ∗∗∗
---------------------------------------------
Romance scams and dating site treachery with a new twist - "theres an app for that!"
---------------------------------------------
https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/


∗∗∗ A Handshake with MySQL Bots ∗∗∗
---------------------------------------------
It’s well known that we just don’t put services or devices on the edge of the Internet without strong purpose justification. Services, whether maintained by end-users or administrators, have a ton of security challenges. Databases belong to a group that often needs direct access to the Internet - no doubt that security requirements are a priority here.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/handshake-with-mysql-bots/


∗∗∗ We analyzed 80 million ransomware samples – here’s what we learned ∗∗∗
---------------------------------------------
[...] VirusTotal’s first Ransomware Activity Report provides a holistic view of ransomware attacks by combining more than 80 million potential ransomware-related samples submitted over the last year and a half.
---------------------------------------------
https://blog.google/technology/safety-security/we-analyzed-80-million-ransomware-samples-heres-what-we-learned/


∗∗∗ “Free Steam game” scams on TikTok are Among Us ∗∗∗
---------------------------------------------
We look at a dubious free game offer via TikTok, and explore what the site owners expect you to do in order to snag a supposed freebie.
---------------------------------------------
https://blog.malwarebytes.com/scams/2021/10/free-steam-game-scams-on-tiktok-are-among-us/


∗∗∗ Wege in Fake-Shops ∗∗∗
---------------------------------------------
Betrügerische und unseriöse Shops sind ein großes Problem im Online-Handel. Doch wie kommen Konsumentinnen und Konsumenten eigentlich zu Fake-Shops? Mit dieser Frage hat sich die Watchlist Internet in den Sommermonaten beschäftigt. Klar wurde: Google- und Facebook-Werbung sind die größten Zubringer zu Fake-Shops. Über diese Wege kommt der Großteil der Opfer auf betrügerische Online-Shops.
---------------------------------------------
https://www.watchlist-internet.at/news/wege-in-fake-shops/


∗∗∗ Don’t get phished! How to be the one that got away ∗∗∗
---------------------------------------------
If it looks like a duck, swims like a duck, and quacks like a duck, then its probably a duck. Now, how do you apply the duck test to defense against phishing?
---------------------------------------------
https://www.welivesecurity.com/2021/10/13/phishing-how-be-one-got-away/


∗∗∗ New Yanluowang ransomware used in targeted attacks ∗∗∗
---------------------------------------------
New arrival to the targeted ransomware scene appears to be still in development.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/yanluowang-targeted-ransomware


∗∗∗ Acer confirms second security breach this year ∗∗∗
---------------------------------------------
A spokesperson for Taiwanese computer maker Acer has confirmed today that the company suffered a second security breach this year after hackers advertised the sale of more than 60 GB of data on an underground cybercrime forum.The post Acer confirms second security breach this year appeared first on The Record by Recorded Future.
---------------------------------------------
https://therecord.media/acer-confirms-second-security-breach-this-year/


∗∗∗ Q&A: Secure PLC Programming Insights ∗∗∗
---------------------------------------------
Members of the Top 20 Secure PLC Coding Practices project recently joined Claroty’s Aperture podcast to discuss the group’s list of top 20 secure coding practices for programmable logic controllers (PLCs). What follows is an edited transcript of our discussion with Martin Scheu of SWITCH-CERT and Dirk Rotermund of gefeba Engineering GmbH.
---------------------------------------------
https://claroty.com/2021/10/13/blog-qa-secure-plc-programming-insights/


∗∗∗ Windows Oktober 2021-Updates: PrintNightmare-Stand und Netzwerk-Druckprobleme ∗∗∗
---------------------------------------------
Zum 12. Oktober 2021 hat Microsoft neue Schwachstellen im Umfeld der als PrintNightmare bekannten Sicherheitslücken per Update adressiert. Daher ein kurzer Blick auf das betreffende Thema, welches auch weiterhin nicht vom Tisch ist.
---------------------------------------------
https://www.borncity.com/blog/2021/10/14/windows-oktober-2021-updates-printnightmare-stand-und-netzwerk-druckprobleme/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM hat 16 Security Bulletins veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Mageia (golang, grilo, mediawiki, plib, python-flask-restx, python-mpmath, thunderbird, and xstream/xmlpull/mxparser), Oracle (389-ds-base, grafana, httpd:2.4, kernel, libxml2, and openssl), Red Hat (httpd), and SUSE (kernel).
---------------------------------------------
https://lwn.net/Articles/872945/


∗∗∗ Loft Data Grids - Moderately critical - XML External Entity (XXE) Processing - SA-CONTRIB-2021-043 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2021-043


∗∗∗ Juniper JUNOS und Juniper JUNOS Evolved: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-1070


∗∗∗ Microsoft Exchange Server: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-1069

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily