[CERT-daily] Tageszusammenfassung - 15.10.2021

Fri Oct 15 18:10:05 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-10-2021 18:00 − Freitag 15-10-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Accenture confirms data breach after August ransomware attack ∗∗∗
---------------------------------------------
Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the companys systems in August 2021.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/accenture-confirms-data-breach-after-august-ransomware-attack/


∗∗∗ BlackByte Ransomware – Pt. 1 In-depth Analysis ∗∗∗
---------------------------------------------
During a recent malware incident response case, we encountered an interesting piece of ransomware that goes by the name of BlackByte.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/


∗∗∗ BlackByte Ransomware – Pt 2. Code Obfuscation Analysis ∗∗∗
---------------------------------------------
We received the original launcher file from an Incident Response case. It was about 630 KB of JScript code which was seemingly full of garbage code – hiding the real intent.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-2-code-obfuscation-analysis/


∗∗∗ Employee offboarding: Why companies must close a crucial gap in their security strategy ∗∗∗
---------------------------------------------
There are various ways a departing employee could put your organization at risk of a data breach. How do you offboard employees the right way and ensure your data remains safe?
---------------------------------------------
https://www.welivesecurity.com/2021/10/14/employee-offboarding-companies-close-crucial-gap-security/


∗∗∗ Ongoing Cyber Threats to U.S. Water and Wastewater Systems Sector Facilities ∗∗∗
---------------------------------------------
CISA, the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that details ongoing cyber threats to U.S. Water and Wastewater Systems (WWS) Sector.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/10/14/ongoing-cyber-threats-us-water-and-wastewater-systems-sector


∗∗∗ A malware botnet has made more than $24.7 million since 2019 ∗∗∗
---------------------------------------------
The operators of a malware botnet known as MyKings are believed to have made more than $24.7 million through what security researchers call a "clipboard hijacker."
---------------------------------------------
https://therecord.media/a-malware-botnet-has-made-more-than-24-7-million-since-2019/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM hat 11 Security Bulletins veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (squashfs-tools, tomcat9, and wordpress), Fedora (openssh), openSUSE (kernel, mbedtls, and rpm), Oracle (httpd, kernel, and kernel-container), SUSE (firefox, kernel, and rpm), and Ubuntu (linux-azure, linux-azure-5.4).
---------------------------------------------
https://lwn.net/Articles/873056/


∗∗∗ ZDI-21-1211: (0Day) Fuji Electric Alpha5 A5V File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1211/


∗∗∗ ZDI-21-1210: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1210/


∗∗∗ ZDI-21-1209: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1209/


∗∗∗ ZDI-21-1208: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1208/


∗∗∗ Schneider Electric CNM ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-287-01


∗∗∗ Uffizio GPS Tracker ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-287-02


∗∗∗ Mitsubishi Electric MELSEC iQ-R Series ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-287-03


∗∗∗ Siemens RUGGEDCOM ROX (Update A) ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01


∗∗∗ Apache Releases Security Advisory for Tomcat ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/10/15/apache-releases-security-advisory-tomcat


∗∗∗ SYSS-2019-018/SYSS-2019-019: Unsichere Dateisystemberechtigungen und Installationsmodi in Ivanti DSM ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2019-018/syss-2019-019-unsichere-dateisystemberechtigungen-und-installationsmodi-in-ivanti-dsm


∗∗∗ Change in Magniber Ransomware Vulnerability (CVE-2021-40444) ∗∗∗
---------------------------------------------
https://asec.ahnlab.com/en/27264/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily