[CERT-daily] Tageszusammenfassung - 19.10.2021

Tue Oct 19 18:17:40 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 18-10-2021 18:00 − Dienstag 19-10-2021 18:00
Handler:     Wolfgang Menezes
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Umfrage: Komplexe IT und Firmenstrukturen gefährden die Cybersicherheit ∗∗∗
---------------------------------------------
Manager in Deutschland erachten unübersichtliche Technologien, Datenbestände, Betriebsumgebungen und Lieferketten als große Einfallstore für Cyberangreifer.
---------------------------------------------
https://heise.de/-6222835


∗∗∗ Sicherheitsforscher: Microsoft-Cloud verteilt zu leichtfertig Malware ∗∗∗
---------------------------------------------
IT-Spezialisten und Insider werfen Microsoft vor, auf ihren Cloud-Diensten gehostete Malware viel zu langsam zu entfernen.
---------------------------------------------
https://heise.de/-6222542


∗∗∗ SMS über eine ausständige Geldstrafe ist Fake ∗∗∗
---------------------------------------------
Viele ÖsterreicherInnen erhalten momentan ein SMS, das über ein angeblich ausstehendes Bußgeld informiert. In der Nachricht werden Sie aufgefordert, die Zahlung sofort vorzunehmen, ansonsten drohen rechtliche Schritte. Um die Zahlung zu tätigen, sollte ein Link angeklickt werden. Vorsicht: Diese Benachrichtigung ist nicht echt! Sie werden auf eine gefälschte oesterreich.gv.at-Seite geführt. Kriminelle versuchen dort an Ihre Bankdaten zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/sms-ueber-eine-ausstaendige-geldstrafe-ist-fake/


∗∗∗ Free BlackByte decryptor released, after researchers say they found flaw in ransomware code ∗∗∗
---------------------------------------------
Security experts have released a free decryption tool that can be used by BlackByte ransomware victims to decrypt and recover their files. Thats right - you dont need to pay the ransom. Predictably, the ransomware gang isnt happy.
---------------------------------------------
https://grahamcluley.com/free-blackbyte-decryptor-released-after-researchers-say-they-found-flaw-in-ransomware-code/


∗∗∗ CISA, FBI, and NSA Release Joint Cybersecurity Advisory on BlackMatter Ransomware ∗∗∗
---------------------------------------------
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released joint Cybersecurity Advisory (CSA): BlackMatter Ransomware. Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and Agriculture Sector organization. Using an analyzed sample of BlackMatter ransomware and information from trusted third parties, this CSA [...]
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/10/18/cisa-fbi-and-nsa-release-joint-cybersecurity-advisory-blackmatter


∗∗∗ LightBasin hacking group breaches 13 global telecoms in two years ∗∗∗
---------------------------------------------
A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lightbasin-hacking-group-breaches-13-global-telecoms-in-two-years/


∗∗∗ Trickbot module descriptions ∗∗∗
---------------------------------------------
In this article we describe the functionality of the Trickbot (aka TrickLoader or Trickster) banking malware modules and provide a tip on how to download and analyze these modules.
---------------------------------------------
https://securelist.com/trickbot-module-descriptions/104603/


∗∗∗ A New Variant of FlawedGrace Spreading Through Mass Email Campaigns ∗∗∗
---------------------------------------------
Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint tied the malware campaign with high confidence to TA505, [...]
---------------------------------------------
https://thehackernews.com/2021/10/a-new-variant-of-flawedgrace-spreading.html


∗∗∗ “Killware”: Is it just as bad as it sounds? ∗∗∗
---------------------------------------------
"Killware," as USA TODAY put it, is the latest cyberthreat thats even eclipsing ransomware. But is it all its hyped up to be?
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2021/10/killware-is-it-just-as-bad-as-it-sounds/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Microsoft fixes Surface Pro 3 TPM bypass with public exploit code ∗∗∗
---------------------------------------------
Microsoft has patched a security feature bypass vulnerability impacting Surface Pro 3 tablets that enables threat actors to introduce malicious devices within enterprise environments.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-surface-pro-3-tpm-bypass-with-public-exploit-code/


∗∗∗ Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services ∗∗∗
---------------------------------------------
Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine. Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used [...]
---------------------------------------------
https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html


∗∗∗ Security Bulletin for Trend Micro Apex One and Apex One as a Service ∗∗∗
---------------------------------------------
Trend Micro hat Security Advisories zu acht Schwachstellen veröffentlicht. Die Lücken sind zwischen "Low" und "High" eingestuft.
---------------------------------------------
https://success.trendmicro.com/solution/000289229


∗∗∗ Security Bulletin for Trend Micro Worry-Free Business Security and Worry-Free Business Security Services ∗∗∗
---------------------------------------------
Trend Micro has released new patches for Trend Micro Worry-Free Business Security 10.0 SP1 and Worry-Free Services (SaaS) that resolve several vulnerabilities listed below.
---------------------------------------------
https://success.trendmicro.com/solution/000289230


∗∗∗ RHSA-2021:3759 - Security Advisory ∗∗∗
---------------------------------------------
Red Hat OpenShift Container Platform release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
---------------------------------------------
https://access.redhat.com/errata/RHSA-2021:3759


∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in ZTE MF971R LTE router ∗∗∗
---------------------------------------------
Cisco Talos recently discovered multiple vulnerabilities in the ZTE MF971R LTE portable router. The MF971R is a portable router with Wi-Fi support and works as an LTE/GSM modem. An attacker could [...]
---------------------------------------------
https://blog.talosintelligence.com/2021/10/vuln-spotlight-.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (redmine and strongswan), Fedora (containerd, fail2ban, grafana, moby-engine, and thunderbird), openSUSE (curl, firefox, glibc, kernel, libqt5-qtsvg, rpm, ssh-audit, systemd, and webkit2gtk3), Red Hat (389-ds:1.4, curl, kernel, kernel-rt, redis:5, and systemd), SUSE (util-linux), and Ubuntu (ardour, linux-azure, linux-azure-5.11, and strongswan).
---------------------------------------------
https://lwn.net/Articles/873307/


∗∗∗ Security Bulletin: IBM Security Risk Manager on CP4S is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/


∗∗∗ Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Storwize V7000 Unified (CVE-2021-2341) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-storwize-v7000-unified-cve-2021-2341/


∗∗∗ Security Bulletin: Cross-Site Scripting Vulnerability Affects Dashboard UI of IBM Sterling B2B Integrator (CVE-2021-29764) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-dashboard-ui-of-ibm-sterling-b2b-integrator-cve-2021-29764/


∗∗∗ Security Bulletin: IBM Security Risk Manager on CP4S is affected by multiple vulnerabilities (CVE-2020-15168, CVE-2021-29912) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities-cve-2020-15168-cve-2021-29912/


∗∗∗ Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-2369 and CVE-2021-2432 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-are-affected-by-cve-2021-2369-and-cve-2021-2432/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily