Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - 23.08.2021
by Daily end-of-shift report 23 Aug '21

23 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-08-2021 18:00 − Montag 23-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ ProxyShell: Massive Angriffswelle auf ungepatchte Exchange-Server ∗∗∗ --------------------------------------------- Die Lücken sind bekannt, Patches da - trotzdem sind tausende Exchange-Server angreifbar. Nun rollt eine massive Angriffswelle, die die Schwachstellen ausnutzt. --------------------------------------------- https://heise.de/-6171597 ∗∗∗ SynAck ransomware decryptor lets victims recover files for free ∗∗∗ --------------------------------------------- Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. --------------------------------------------- https://www.bleepingcomputer.com/news/security/synack-ransomware-decryptor-… ∗∗∗ Kubernetes hardening: Drilling down on the NSA/CISA guidance ∗∗∗ --------------------------------------------- Kubernetes has become the de facto choice for container orchestration. Some studies report that up to 88% of organizations are using Kubernetes for their container orchestration needs and 74% of that occurring in production environments. That said, security remains a critical concern with as many as 94% of organizations reporting at least one security incident in their Kubernetes environments in the last 12 months. --------------------------------------------- https://www.csoonline.com/article/3629049/kubernetes-hardening-drilling-dow… ∗∗∗ Gaming-related cyberthreats in 2020 and 2021 ∗∗∗ --------------------------------------------- In this report, you will find statistics and other information about gaming-related malware, phishing schemes and other threats in 2020 and the first half of 2021. --------------------------------------------- https://securelist.com/game-related-cyberthreats/103675/ ∗∗∗ Web Censorship Systems Can Facilitate Massive DDoS Attacks ∗∗∗ --------------------------------------------- Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks. --------------------------------------------- https://threatpost.com/censorship-systems-ddos-attacks/168853/ ∗∗∗ Out of Band Phishing. Using SMS messages to Evade Network Detection, (Thu, Aug 19th) ∗∗∗ --------------------------------------------- Many companies have extensive security tools to monitor employee computers. But these precautions often fail for "out of band" access that uses cellular networks instead of Ethernet/WiFi networks. Our reader Isabella sent us this phishing email that they received: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/27768 ∗∗∗ Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group ∗∗∗ --------------------------------------------- ShinyHunters, a notorious cybercriminal underground group thats been on a data breach spree since last year, has been observed searching companies GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers modus operandi has revealed. --------------------------------------------- https://thehackernews.com/2021/08/researchers-detail-modus-operandi-of.html ∗∗∗ Details Disclosed for Critical Vulnerability in Sophos Appliances ∗∗∗ --------------------------------------------- Organizations using security appliances from Sophos have been advised to make sure their devices are up to date after a researcher disclosed the details of a critical vulnerability patched last year. --------------------------------------------- https://www.securityweek.com/details-disclosed-critical-vulnerability-sopho… ∗∗∗ LockFile: Ransomware Uses PetitPotam Exploit to Compromise Windows Domain Controllers ∗∗∗ --------------------------------------------- Previously unseen ransomware hit at least 10 organizations in ongoing campaign. --------------------------------------------- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lo… ===================== = Vulnerabilities = ===================== ∗∗∗ Das Anstecken einer Razer-Maus macht Angreifer zu Windows-10-Admins ∗∗∗ --------------------------------------------- Eine Schwachstelle in der Konfigurationssoftware Synapse von Razer gefährdet Windows-PCs. Ein Sicherheitspatch steht noch aus. --------------------------------------------- https://heise.de/-6171968 ∗∗∗ Attackers Actively Exploiting Realtek SDK Flaws ∗∗∗ --------------------------------------------- Multiple vulnerabilities in software used by 65 vendors under active attack. --------------------------------------------- https://threatpost.com/attackers-exploiting-realtek/168856/ ∗∗∗ Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems ∗∗∗ --------------------------------------------- Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. Thats according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top [...] --------------------------------------------- https://thehackernews.com/2021/08/top-15-vulnerabilities-attackers.html ∗∗∗ Micropatching MSHTML Remote Code Execution Issue (CVE-2021-33742) ∗∗∗ --------------------------------------------- June 2021 Windows Updates brought a fix for CVE-2021-33742, a remote code execution in the MSHTML component, exploitable via Microsoft browsers and potentially other applications using this component, e.g. via a malicious Microsoft Word document. Discovery of this issue was attributed to Clément Lecigne of Google’s Threat Analysis Group, while Googles security researcher Maddie Stone wrote a detailed analysis. --------------------------------------------- https://blog.0patch.com/2021/08/micropatching-mshtml-remote-code.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ffmpeg, ircii, and scrollz), Fedora (kernel, krb5, libX11, and rust-actix-http), Mageia (kernel and kernel-linus), openSUSE (aspell, chromium, dbus-1, isync, java-1_8_0-openjdk, krb5, libass, libhts, libvirt, prosody, systemd, and tor), SUSE (cpio, dbus-1, libvirt, php7, qemu, and systemd), and Ubuntu (inetutils). --------------------------------------------- https://lwn.net/Articles/867149/ ∗∗∗ Planned Vembu Full Disclosure ∗∗∗ --------------------------------------------- If you are using Vembu BDR version 3.7.0, 3.9.1 Update 1, 4.2.0 or 4.2.0.1 and have your instances exposed to public internet, you are strongly advices to upgrade to Vembu BDR v4.2.0.2. On the 25th of August we plan to release the full details of the following CVEs: CVE-2021-26471, CVE-2021-26472, and CVE-2021-26473 All of these vulnerabilities are unauthenticated remote code execution vulnerabilities. --------------------------------------------- https://csirt.divd.nl/2021/08/20/Planned-Vembu-Full-Disclosure/ ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-27221) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ F-Secure Produkte: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0898 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.08.2021
by Daily end-of-shift report 20 Aug '21

20 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-08-2021 18:00 − Freitag 20-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Securing Machine (Non-Human) Identities ∗∗∗ --------------------------------------------- We spend considerable time and focus on securing identities used by individuals and groups within our environment. While these are essential activities, we sometimes lose sight of a whole other set of identities, often highly privileged, that are just beneath the surface. --------------------------------------------- https://www.beyondtrust.com/blog/entry/securing-machine-non-human-identities ∗∗∗ You can post LinkedIn jobs as almost ANY employer — so can attackers ∗∗∗ --------------------------------------------- Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of any employer—no verification needed. And worse, the employer cannot easily take these down. --------------------------------------------- https://www.bleepingcomputer.com/news/security/you-can-post-linkedin-jobs-a… ∗∗∗ Pegasus iPhone hacks used as lure in extortion scheme ∗∗∗ --------------------------------------------- A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pegasus-iphone-hacks-used-as… ∗∗∗ Waiting for the C2 to Show Up, (Fri, Aug 20th) ∗∗∗ --------------------------------------------- Keep this in mind: "Patience is key". Sometimes when you are working on a malware sample, you depend on online resources. I'm working on a classic case: a Powershell script decodes then injects a shellcode into a process. --------------------------------------------- https://isc.sans.edu/diary/rss/27772 ∗∗∗ Project Zero: Understanding Network Access in Windows AppContainers ∗∗∗ --------------------------------------------- Being able to bypass network restrictions in AppContainer sandboxes is interesting as it expands the attack surface available to the application, such as being able to access services on localhost, as well as granting access to intranet resources in an Enterprise. --------------------------------------------- https://googleprojectzero.blogspot.com/2021/08/understanding-network-access… ∗∗∗ Gefährliche Liebschaften – Love Scammer brechen nicht nur Herzen ∗∗∗ --------------------------------------------- Mit diesen Maschen versuchen Online-Betrüger Geld aus der Partnersuche auf Dating-Plattformen herauszuschlagen. --------------------------------------------- https://www.welivesecurity.com/deutsch/2021/08/19/gefaehrliche-liebschaften… ∗∗∗ How to install Frida into an Android application ∗∗∗ --------------------------------------------- On a recent job I was testing a rather interesting piece of technology that had several server side checks but they wanted to add some additional security on the client side. --------------------------------------------- https://www.pentestpartners.com/security-blog/how-to-install-frida-into-an-… ∗∗∗ Unternehmen aufgepasst: Ignorieren Sie Fax von Branchen-Stadtplan! ∗∗∗ --------------------------------------------- UnternehmerInnen erhalten derzeit ein Fax von „Branchen-Stadtplan. Handel – Gewerbe – Industrie – Vereine & Co.“. Die Unternehmen werden aufgefordert ihre Firmendaten zu überprüfen oder zu ergänzen und das Fax unterschrieben zurückzusenden. --------------------------------------------- https://www.watchlist-internet.at/news/unternehmen-aufgepasst-ignorieren-si… ∗∗∗ RansomClave project uses Intel SGX enclaves for ransomware attacks ∗∗∗ --------------------------------------------- Academics have developed a proof-of-concept ransomware strain that uses highly secure Intel SGX enclaves to hide and keep encryption keys safe from the prying eyes of security tools. --------------------------------------------- https://therecord.media/ransomclave-project-uses-intel-sgx-enclaves-for-ran… ∗∗∗ Cloudflare says it mitigated a record-breaking 17.2M rps DDoS attack ∗∗∗ --------------------------------------------- Internet infrastructure company Cloudflare disclosed today that it mitigated the largest volumetric distributed denial of service (DDoS) attack that was recorded to date. --------------------------------------------- https://therecord.media/cloudflare-says-it-mitigated-a-record-breaking-17-2… ∗∗∗ Mozi botnet gains the ability to tamper with its victims’ traffic ∗∗∗ --------------------------------------------- A new version of Mozi, a botnet that targets routers and IoT devices, is now capable of tampering with the web traffic of infected systems via techniques such as DNS spoofing and HTTP session hijacking, a capability that could be abused to redirect users to malicious sites. --------------------------------------------- https://therecord.media/mozi-botnet-gains-the-ability-to-tamper-with-its-vi… ===================== = Vulnerabilities = ===================== ∗∗∗ New unofficial Windows patch fixes more PetitPotam attack vectors ∗∗∗ --------------------------------------------- A second unofficial patch for the Windows PetitPotam NTLM relay attack has been released to fix further issues not addressed by Microsofts official security update. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-unofficial-windows-patch… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (libtpms and mingw-exiv2), openSUSE (389-ds, aspell, c-ares, fetchmail, firefox, go1.15, go1.16, haproxy, java-1_8_0-openjdk, krb5, libass, libmspack, libsndfile, openexr, php7, qemu, and tor), Oracle (compat-exiv2-023 and compat-exiv2-026), and SUSE (389-ds, aspell, djvulibre, fetchmail, firefox, go1.15, go1.16, java-1_8_0-openjdk, krb5, libass, libmspack, nodejs8, openexr, postgresql10, qemu, and spice-vdagent). --------------------------------------------- https://lwn.net/Articles/866906/ ∗∗∗ AVEVA SuiteLink Server ∗∗∗ --------------------------------------------- This advisory contains mitigations for Heap-based Buffer Overflow, Null Pointer Dereference, and Improper Handling of Exceptional Conditions vulnerabilities in AVEVA SuiteLink Server system management software. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-231-01 ∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-27221) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-ja… ∗∗∗ Synology-SA-21:23 ISC BIND ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_21_23 ∗∗∗ MISP: Schwachstelle ermöglicht SQL-Injection ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0894 ∗∗∗ Mehrere Schwachstellen in NetModule Router Software (NRSW) ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/mehrere-schwachstelle… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.08.2021
by Daily end-of-shift report 19 Aug '21

19 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-08-2021 18:00 − Donnerstag 19-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Cisco meldet gefährliche Remote-Angriffsmöglichkeiten auf Small Business-Router ∗∗∗ --------------------------------------------- Ein aktuelles Advisory von Cisco beschreibt eine kritische Sicherheitslücke, die mehrere Small Business-Router betrifft. Updates wird es nicht geben. --------------------------------------------- https://heise.de/-6169343 ∗∗∗ Ransomware-Attacken nehmen dramatisch zu ∗∗∗ --------------------------------------------- Mehr Ransomware-Angriffe, höhere Lösegeldforderungen und eine effizientere Verteilung - die Entwicklung der Datenerpressungsbranche ist besorgniserregend. --------------------------------------------- https://heise.de/-6169583 ∗∗∗ A Short History of Essay Spam (How We Got from Pills to Plagiarism) ∗∗∗ --------------------------------------------- >From answering beginner questions like 'What is SEO spam?' to breaking down the spammers' code and exactly how they hide their injections in compromised websites, we have written regularly about spam at Sucuri. If you’ve ever operated a WordPress website you will have certainly seen, at the very least, a litany of spam comments posted on your comments section. --------------------------------------------- https://blog.sucuri.net/2021/08/a-short-history-of-essay-spam-how-we-got-fr… ∗∗∗ Oh, Behave! Figuring Out User Behavior ∗∗∗ --------------------------------------------- I decided to embark on a journey to understand user behavior without knowing exactly how I would gather details about user activity as a research topic. A major component of this research is finding a way to gather data on user behavior without making too much noise or triggering detections in a live environment. --------------------------------------------- https://www.trustedsec.com/blog/oh-behave-figuring-out-user-behavior/ ∗∗∗ How to spot a DocuSign phish and what to do about it ∗∗∗ --------------------------------------------- Phishing scammers love well known brand names, particularly if youre expecting to hear from them. --------------------------------------------- https://blog.malwarebytes.com/social-engineering/2021/08/how-to-spot-a-docu… ∗∗∗ Health authorities in 40 countries targeted by COVID‑19 vaccine scammers ∗∗∗ --------------------------------------------- Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns --------------------------------------------- https://www.welivesecurity.com/2021/08/18/health-authorities-40-countries-t… ∗∗∗ CISA Provides Recommendations for Protecting Information from Ransomware-Caused Data Breaches ∗∗∗ --------------------------------------------- CISA has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. These data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/08/18/cisa-provides-rec… ∗∗∗ Cisco: Security devices are vulnerable to SNIcat data exfiltration technique ∗∗∗ --------------------------------------------- Networking equipment vendor Cisco said today that some of its security products fail to detect and stop traffic to malicious servers that abuse a technique called SNIcat to covertly steal data from inside corporate networks. --------------------------------------------- https://therecord.media/cisco-security-devices-are-vulnerable-to-snicat-dat… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Security Advisories 2021-08-18 ∗∗∗ --------------------------------------------- 2 critical, 5 medium severity --------------------------------------------- https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&secur… ∗∗∗ SSA-816035: Code Execution Vulnerability in SINEMA Remote Connect Client ∗∗∗ --------------------------------------------- The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-816035.txt ∗∗∗ VMSA-2021-0017 ∗∗∗ --------------------------------------------- VMware Workspace ONE UEM console patches address a denial of service vulnerability (CVE-2021-22029) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2021-0017.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (exiv2, firefox, and thunderbird), Fedora (libsndfile, python-docx, and xscreensaver), openSUSE (haproxy), and SUSE (haproxy). --------------------------------------------- https://lwn.net/Articles/866753/ ∗∗∗ Positive Technologies helps to fix dangerous vulnerability in CODESYS ICS software ∗∗∗ --------------------------------------------- [...] This high-severity vulnerability (CVE-2021-36764) was discovered in the CODESYS V3 Runtime System software package (version 3.15.9.10). By exploiting it, an attacker can disable the PLC and disrupt the technological process. The vulnerability (NULL Pointer Dereference) was found in the CmpGateway component. An attacker with network access to the industrial controller can send a specially formed TCP packet and interrupt the operation of the PLC. Also, it has been found that this software contains another vulnerability (Local Privilege Escalation), which is currently being reviewed by the vendor. --------------------------------------------- https://www.ptsecurity.com/ww-en/about/news/positive-technologies-helps-to-… ∗∗∗ Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0892 ∗∗∗ Internet Systems Consortium BIND: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0890 ∗∗∗ Kritische Schwachstellen in Altus Sistemas de Automacao Produkten ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/kritische-schwachstel… ∗∗∗ Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Golang Go ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicl… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2021 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2021 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Apache HttpClient ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicl… ∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Linux kernel eBPF vulnerability CVE-2021-3490 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43346111 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.08.2021
by Daily end-of-shift report 18 Aug '21

18 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-08-2021 18:00 − Mittwoch 18-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Kritische Lücke in Blackberry QNX OS gefährdet medizinische Geräte ∗∗∗ --------------------------------------------- Blackberry hat in seinem Echtzeitbetriebssystem QNX einer gefährliche Schwachstelle geschlossen. --------------------------------------------- https://heise.de/-6168793 ∗∗∗ Kritische Sicherheitslücke: Angreifer könnten Millionen IoT-Geräte belauschen ∗∗∗ --------------------------------------------- Sicherheitsforscher warnen vor einer Schwachstelle, die etwa Millionen Babyphones und IP-Kameras gefährdet. Geräte lassen sich nicht ohne Weiteres schützen. --------------------------------------------- https://heise.de/-6168381 ∗∗∗ Fortinet: Wichtiges Sicherheitsupdate für FortiWeb OS in Vorbereitung ∗∗∗ --------------------------------------------- Für eine Lücke mit High-Einstufung liegt Exploit-Code vor, Fixes kommen aber erst Ende August. Betreiber von FortiWeb WAFs sollten Vorsichtsmaßnahmen treffen. --------------------------------------------- https://heise.de/-6168205 ∗∗∗ Vorsicht! Kostenloses Antivirenprogramm „Total AV“ entpuppt sich als Kostenfalle ∗∗∗ --------------------------------------------- Immer wieder melden uns verunsicherte LeserInnen das Antivirenprogramm „Total AV“. Der Grund dafür sind nicht-transparente Kosten sowie Probleme beim Kündigen des Abo-Vertrags. Gleichzeitig wird „Total AV“ auf vielen Seiten als das beste kostenlose Antivirenprogramm beworben. Wir haben uns das Programm genauer angesehen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-kostenloses-antivirenprogra… ∗∗∗ Sicherheitswarnung für Synology DiskStation Manager und UC SkyNAS ∗∗∗ --------------------------------------------- Der Hersteller Synology hat eine Sicherheitswarnung für seinen DiskStation Manager (Version <6.2.4-25556-2 ; 7.0) herausgegeben. In der Firmware der Geräte gibt es gleich mehrere Sicherheitslücken. Gefährdet sind auch UC SkyNAS-Einheiten. Von Synology gibt es bereits erste Firmware-Updates. Von der Ransomware eCh0raix gibt es eine neue Variante, die einen neuen Bug in QNAP und Synology NAS Devices ausnutzen kann. --------------------------------------------- https://www.borncity.com/blog/2021/08/18/sicherheitswarnung-fr-synology-dis… ∗∗∗ Diavol ransomware sample shows stronger connection to TrickBot gang ∗∗∗ --------------------------------------------- A new analysis of a Diavol ransomware sample shows a more clear connection with the gang behind the TrickBot botnet and the evolution of the malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/diavol-ransomware-sample-sho… ∗∗∗ Kerberos Authentication Spoofing: Don’t Bypass the Spec ∗∗∗ --------------------------------------------- Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS. --------------------------------------------- https://threatpost.com/kerberos-authentication-spoofing/168767/ ∗∗∗ 5 Things to Consider Before Moving Back to the Office, (Wed, Aug 18th) ∗∗∗ --------------------------------------------- Many readers will likely continue to enjoy working from home. Having not worked out of an office for about 20 years myself, I can certainly understand the appeal of working from home. But for some, this isn't an option and probably not even the preferred way to work. Having likely worked from home for over a year now, there are some things that you need to "readjust" as you are moving back. --------------------------------------------- https://isc.sans.edu/diary/rss/27762 ∗∗∗ Detecting Embedded Content in OOXML Documents ∗∗∗ --------------------------------------------- On Advanced Practices, we are always looking for new ways to find malicious activity and track adversaries over time. Today we’re sharing a technique we use to detect and cluster Microsoft Office documents - specifically those in the Office Open XML (OOXML) file format. Additionally, we’re releasing a tool so analysts and defenders can automatically generate YARA rules using this technique. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2021/08/detecting-embedded-con… ∗∗∗ WordPress Malware Camouflaged As Code ∗∗∗ --------------------------------------------- In today’s post we discuss emerging techniques that attackers are using to hide the presence of malware. In the example we discuss below, the attacker’s goal is to make everything look routine to an analyst so that they do not dig deeper and discover the presence of malware and what it is doing. --------------------------------------------- https://www.wordfence.com/blog/2021/08/wordpress-malware-camouflaged-as-cod… ∗∗∗ IT Risk Team Discovers Previously Unknown Vulnerability in Autodesk Software During Client Penetration Test ∗∗∗ --------------------------------------------- During a recent client engagement, the DGC penetration testing team identified a previously unknown vulnerability affecting the Autodesk Licensing Service, a software component bundled with nearly all licensed Autodesk products. The vulnerability exists in a software component common to most Autodesk products and impacts nearly all organizations using licensed Autodesk software in any capacity. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/risk-te… ∗∗∗ Houdini Malware Returns and Amazons Sidewalk Enter Corporate Networks ∗∗∗ --------------------------------------------- The nature of a secure access service edge (SASE) platform provides visibility into a large number of internet data flows - and the larger the platform, the more dataflows can be analyzed. An analysis of more than 250 billion network flows during Q2 2021 shows increasing threats, a new use of an old malware, and the growing incidence of consumer devices in the workplace. --------------------------------------------- https://www.securityweek.com/houdini-malware-returns-and-amazons-sidewalk-e… ∗∗∗ Breaking the Android Bootloader on the Qualcomm Snapdragon 660 ∗∗∗ --------------------------------------------- This post is a companion to the DEF CON 29 video available here. A few months ago I purchased an Android phone to do some research around a specific series [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/breaking-the-android-bootload… ∗∗∗ Dumpster diving is a filthy business ∗∗∗ --------------------------------------------- One man's trash is another man's treasure - here's why you should think twice about what you toss in the recycling bin --------------------------------------------- https://www.welivesecurity.com/2021/08/17/dumpster-diving-is-filthy-busines… ∗∗∗ Cobalt Strike: Detect this Persistent Threat ∗∗∗ --------------------------------------------- Cobalt Strike is a penetration testing tool created by Raphael Mudge in 2012. To this day, it remains extremely popular in red team activities and used for malicious purposes by threat actors. --------------------------------------------- https://www.intezer.com/blog/malware-analysis/cobalt-strike-detect-this-per… ===================== = Vulnerabilities = ===================== ∗∗∗ Adobe sichert Photoshop & Co. außer der Reihe ab ∗∗∗ --------------------------------------------- Der Softwarehersteller Adobe schließt unter anderem in Bridge, Media Encoder und XMP Toolkit SDK Sicherheitslücken. --------------------------------------------- https://heise.de/-6168132 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (haproxy), Fedora (c-ares, hivex, kernel, libtpms, newsflash, python-django, rust-gettext-rs, and rust-gettext-sys), openSUSE (c-ares and libsndfile), Scientific Linux (cloud-init, edk2, exiv2, firefox, kernel, kpatch-patch, microcode_ctl, sssd, and thunderbird), SUSE (c-ares, fetchmail, haproxy, kernel, libmspack, libsndfile, rubygem-puma, spice-vdagent, and webkit2gtk3), and Ubuntu (exiv2, haproxy, linux, linux-aws, linux-aws-5.4, linux-azure, [...] --------------------------------------------- https://lwn.net/Articles/866669/ ∗∗∗ ThroughTek Kalay P2P SDK ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Improper Access Control vulnerability in the ThroughTek Kalay P2P SDK software kit. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-229-01 ∗∗∗ Advantech WebAccess/NMS ∗∗∗ --------------------------------------------- This advisory contains mitigations for an Improper Authentication vulnerability in Advantech WebAccess/NMS network management systems. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-229-02 ∗∗∗ xArrow SCADA ∗∗∗ --------------------------------------------- This advisory contains mitigations for Cross-site Scripting, and Improper Input Validation vulnerability in the xArrow SCADA human-machine interface. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-229-03 ∗∗∗ Huawei EchoLife HG8045Q vulnerable to OS command injection ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN41646618/ ∗∗∗ Firefox & Thunderbird: Security-Fixes für Browser und Mail-Client verfügbar ∗∗∗ --------------------------------------------- https://heise.de/-6168771 ∗∗∗ glibc vulnerability CVE-2021-35942 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K98121587 ∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0880 ∗∗∗ QEMU: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0885 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.08.2021
by Daily end-of-shift report 17 Aug '21

17 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Montag 16-08-2021 18:00 − Dienstag 17-08-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Malware dev infects own PC and data ends up on intel platform ∗∗∗ --------------------------------------------- A malware developer unleashed their creation on their system to try out new features and the data ended up on a cybercrime intelligence platform, exposing a glimpse of the cybercriminal endeavor. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malware-dev-infects-own-pc-a… ∗∗∗ Copyright scammers turn to phone numbers instead of web links ∗∗∗ --------------------------------------------- Forewarned is forearmed. Here's our advice on dealing with "copyright infringement" scammers. --------------------------------------------- https://nakedsecurity.sophos.com/2021/08/16/copyright-scammers-turn-to-phon… ∗∗∗ Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution), (Tue, Aug 17th) ∗∗∗ --------------------------------------------- The vulnerability and this PoC exploit are well documented as CVE-2021-3129. The vulnerability takes advantage of the Ignition "Solutions." Solutions enable the developer to inject code snippets to aid in debugging. --------------------------------------------- https://isc.sans.edu/diary/rss/27758 ∗∗∗ Vorsicht vor Fake-Zahlungsbestätigungen von Kriminellen auf bazar.at ∗∗∗ --------------------------------------------- Wer auf bazar.at Waren zum Verkauf anbietet, muss sich momentan vor kriminellen InteressentInnen in Acht nehmen! Diese fragen nach der Verfügbarkeit und behaupten, die Zahlung über bazar.at abzuwickeln. Achtung: bazar.at bietet keine solche Zahlungsart und die Bestätigungsseiten sind gefälscht! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-fake-zahlungsbestaetigu… ∗∗∗ Thoughts on Detection ∗∗∗ --------------------------------------------- After helping with many clients with numerous detection rules, I observed one consistent theme that kept popping up, many of the rules were written in a way that seemed to be missing a large portion of the potential detection opportunities. --------------------------------------------- https://posts.specterops.io/thoughts-on-detection-3c5cab66f511 ∗∗∗ 1Password Secret Retrieval — Methodology and Implementation ∗∗∗ --------------------------------------------- 1Password is a password manager developed by AgileBits Inc., providing a place for users to store various passwords, software licenses, and other sensitive information in a virtual vaults secured with a PBKDF2 master password. --------------------------------------------- https://posts.specterops.io/1password-secret-retrieval-methodology-and-impl… ∗∗∗ Personal VPN and Its Evasions: Risk Factors and How to Maintain Network Visibility ∗∗∗ --------------------------------------------- Personal VPN usage on organizations’ networks can obscure network visibility and open the door to cybercrime such as data exfiltration. --------------------------------------------- https://unit42.paloaltonetworks.com/person-vpn-network-visibility/ ∗∗∗ ProxyShell in Österreich ∗∗∗ --------------------------------------------- In seinem Talk auf der BlackHat US 2021 stellte Sicherheitsforscher Orange Tsai eine weitere Kombination von Lücken vor, die es AngreiferInnen ermöglicht, beliebige Befehle als NT Authority\System über das Netzwerk auszuführen, ohne sich authentifizieren zu müssen. --------------------------------------------- https://cert.at/de/aktuelles/2021/8/proxyshell-in-osterreich ∗∗∗ New HolesWarm botnet targets Windows and Linux servers ∗∗∗ --------------------------------------------- A new botnet named HolesWarm has been slowly growing in the shadows since June this year, exploiting more than 20 known vulnerabilities to break into Windows and Linux servers and then deploy cryptocurrency-mining malware. --------------------------------------------- https://therecord.media/new-holeswarm-botnet-targets-windows-and-linux-serv… ===================== = Vulnerabilities = ===================== ∗∗∗ Fortinet patches bug letting attackers takeover servers remotely ∗∗∗ --------------------------------------------- Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall (WAF) installations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fortinet-patches-bug-letting… ∗∗∗ Security: Glibc-Bugfix machte Lücke einfacher ausnutzbar ∗∗∗ --------------------------------------------- Das Beheben von Sicherheitslücken ist nicht immer so einfach, wie es anfangs scheint, was nun auch das Team der Glibc erfahren musste. --------------------------------------------- https://www.golem.de/news/security-glibc-bugfix-machte-luecke-einfacher-aus… ∗∗∗ ZDI-21-971: (Pwn2Own) Zoom Heap based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zoom Clients. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-971/ ∗∗∗ Sicherheitsupdate für Google Chrome beseitigt Angriffsmöglichkeiten ∗∗∗ --------------------------------------------- Für die Desktop-Fassungen des Chrome-Browsers (Win, macOS & Linux) ist eine Aktualisierung verfügbar, die mehrere Schwachstellen beseitigt. --------------------------------------------- https://heise.de/-6167542 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (firefox), openSUSE (cpio and rpm), Oracle (compat-exiv2-026, exiv2, firefox, kernel, kernel-container, qemu, sssd, and thunderbird), Red Hat (cloud-init, edk2, kernel, kpatch-patch, microcode_ctl, and sssd), and SUSE (cpio, firefox, and libcares2). --------------------------------------------- https://lwn.net/Articles/866567/ ∗∗∗ Millions of IoT Devices Exposed to Attacks Due to Cloud Platform Vulnerability ∗∗∗ --------------------------------------------- Researchers at FireEye’s threat intelligence and incident response unit Mandiant have identified a critical vulnerability that exposes millions of IoT devices to remote attacks. --------------------------------------------- https://www.securityweek.com/millions-iot-devices-exposed-attacks-due-cloud… ∗∗∗ iCloud for Windows 12.5 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT212607 ∗∗∗ Security Bulletin: Vulnerabilities in Node.js in IBM DataPower Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-j… ∗∗∗ Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-1971, CVE-2020-15999, CVE-2017-12652) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-i… ∗∗∗ Security Bulletin: IBM DataPower Gateway potentially vulnerable to CSRF attack ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-pot… ∗∗∗ Security Bulletin: IBM API Connect on cloud is impacted by HTTP header injection vulnerability (CVE-2020-4706) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-on-cloud-… ∗∗∗ Security Bulletin: Prototype pollution flaw in y18n in IBM DataPower Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-prototype-pollution-flaw-… ∗∗∗ Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-27919) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impact… ∗∗∗ Security Bulletin: Multiple vulnerabilities in AngularJS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: Potential DoS in IBM DataPower Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-potential-dos-in-ibm-data… ∗∗∗ Security Bulletin: IBM DataPower Gateway vulnerable to a DoS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vul… ∗∗∗ Synology-SA-21:22 DSM ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_21_22 ∗∗∗ Apache HTTP Server: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0878 ∗∗∗ Integer Overflow to RCE — ManageEngine Asset Explorer Agent (CVE-2021–20082) ∗∗∗ --------------------------------------------- https://medium.com/tenable-techblog/integer-overflow-to-rce-manageengine-as… ∗∗∗ Stored XSS to RCE Chain as SYSTEM in ManageEngine ServiceDesk Plus ∗∗∗ --------------------------------------------- https://medium.com/tenable-techblog/stored-xss-to-rce-chain-as-system-in-ma… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.08.2021
by Daily end-of-shift report 16 Aug '21

16 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-08-2021 18:00 − Montag 16-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Keine Panik nach Ransomware-Angriff ∗∗∗ --------------------------------------------- Sieben Maßnahmen, die Opfer während oder nach einem erfolgreichen Ransomware-Angriff ergreifen sollten, schildert Daniel Clayton, Vice President of Global Services and Support bei Bitdefender, in einem Gastbeitrag. --------------------------------------------- https://www.zdnet.de/88396234/keine-panik-nach-ransomware-angriff/ ∗∗∗ USA: 100 Millionen T-Mobile-Kunden von Datenleck betroffen ∗∗∗ --------------------------------------------- Kriminelle haben Server von T-Mobile gehackt und umfangreiche Kundendaten kopiert. Diese bieten sie nun zum Verkauf an. --------------------------------------------- https://www.golem.de/news/usa-100-millionen-t-mobile-kunden-von-datenleck-b… ∗∗∗ Microsoft Teams korrekt absichern – Teil 2 ∗∗∗ --------------------------------------------- Wie die Absicherung der beliebten Kollaborations-Software am besten gelingt, schildert Bert Skorupski, Senior Manager Sales Engineering bei Quest Software, im zweiten Teil seines Gastbeitrages. --------------------------------------------- https://www.zdnet.de/88396232/microsoft-teams-korrekt-absichern-teil-2/ ∗∗∗ Firewalls and middleboxes can be weaponized for gigantic DDoS attacks ∗∗∗ --------------------------------------------- In an award-winning paper today, academics said they discovered a way to abuse the TCP protocol, firewalls, and other network middleboxes to launch giant distributed denial of service (DDoS) attacks against any target on the internet. --------------------------------------------- https://therecord.media/firewalls-and-middleboxes-can-be-weaponized-for-gig… ∗∗∗ The sextortion Scams: The Numbers Show That What We Have Is A Failure Of Education ∗∗∗ --------------------------------------------- Subject: Your account was under attack! Change your credentials! [...] Did you receive a message phrased more or less like that, which then went on to say that they have a video of you performing an embarrasing activity while visiting an "adult" site, which they will send to all your contacts unless you buy Bitcoin and send to a specific ID? The good news is that the video does not exist. I know this, because neither does our friend Adnan here. --------------------------------------------- https://bsdly.blogspot.com/2020/02/the-sextortion-scams-numbers-show-that.h… ∗∗∗ Windows 365 exposes Microsoft Azure credentials in plaintext ∗∗∗ --------------------------------------------- A security researcher has figured out a way to dump a users unencrypted plaintext Microsoft Azure credentials from Microsofts new Windows 365 Cloud PC service using Mimikatz. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/windows-365-exposes-microso… ∗∗∗ Colonial Pipeline reports data breach after May ransomware attack ∗∗∗ --------------------------------------------- Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. --------------------------------------------- https://www.bleepingcomputer.com/news/security/colonial-pipeline-reports-da… ∗∗∗ Simple Tips For Triage Of MALWARE Bazaars Daily Malware Batches, (Sun, Aug 15th) ∗∗∗ --------------------------------------------- I was asked for tips to triage MALWARE Bazaar's daily malware batches. On Linux / macOS, you can unzip a malware batch and triage it with the file command. There is no file command on Windows, but there are Windows versions you can install, and you can also use my file-magic tool (it's a Python tool that uses Python module python-magic-bin). --------------------------------------------- https://isc.sans.edu/diary/rss/27750 ∗∗∗ Discovering CAPTCHA Protected Phishing Campaigns ∗∗∗ --------------------------------------------- CAPTCHA-protected phishing campaigns are becoming more popular. We share techniques to detect malicious content despite these evasions. --------------------------------------------- https://unit42.paloaltonetworks.com/captcha-protected-phishing/ ∗∗∗ Trickbot Deploys a Fake 1Password Installer ∗∗∗ --------------------------------------------- Over the past years, Trickbot has established itself as modular and multifunctional malware. Initially focusing on bank credential theft, the Trickbot operators have extended its capabilities. --------------------------------------------- https://thedfirreport.com/2021/08/16/trickbot-deploys-a-fake-1password-inst… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisories for COMMAX Products ∗∗∗ --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5667.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5666.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5664.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5663.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5662.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5660.php --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ ∗∗∗ Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain ∗∗∗ --------------------------------------------- At least 65 vendors affected by severe vulnerabilities that enable unauthenticated attackers to fully compromise the target device and execute arbitrary code with the highest level of privilege. --------------------------------------------- https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot… ∗∗∗ XSS Vulnerability Patched in SEOPress Affects 100,000 sites ∗∗∗ --------------------------------------------- On July 29, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in SEOPress, a WordPress plugin installed on over 100,000 sites. This flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable site which would execute anytime a user accessed the [...] --------------------------------------------- https://www.wordfence.com/blog/2021/08/xss-vulnerability-patched-in-seopres… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (c-ares, firefox, fossil, gitlab, jupyterlab, loki, lynx, opera, prosody, and vivaldi), Debian (amd64-microcode, exiv2, ffmpeg, thunderbird, and trafficserver), Fedora (libsndfile, rust-argh, rust-argh_derive, rust-argh_shared, rust-askalono-cli, rust-asyncgit, rust-bugreport, rust-crosstermion, rust-diskonaut, rust-dua-cli, rust-fancy-regex, rust-fedora-update-feedback, rust-filetreelist, rust-git-version, rust-git-version-macro, rust-gitui, [...] --------------------------------------------- https://lwn.net/Articles/866473/ ∗∗∗ PEPPERL+FUCHS: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service ∗∗∗ --------------------------------------------- PEPPERL+FUCHS: Critical vulnerabilities have been discovered in the product and in the utilized components jQuery by jQuery Team and TLS Version 1.0/1.1. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2021-027 ∗∗∗ Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2021 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-… ∗∗∗ Security Bulletin: IBM Transparent Cloud Tiering is affected by a vulnerability in Apache Commons IO ( CVE-2021-29425) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-transparent-cloud-tie… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.08.2021
by Daily end-of-shift report 13 Aug '21

13 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-08-2021 18:00 − Freitag 13-08-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Angreifer kombinieren ProxyShell-Lücken und attackieren Microsoft Exchange ∗∗∗ --------------------------------------------- Nach gezielten Scans gibt es nun erste Attacken auf Exchange Server. In Deutschland gibt es tausende verwundbare Systeme. Patches sind verfügbar. --------------------------------------------- https://heise.de/-6164957 ∗∗∗ Unseriöse Shops kopieren Webseiten von beliebten Schuhmarken! ∗∗∗ --------------------------------------------- Wer Dr. Marten- oder Skecher-Schuhe in einem Online-Shop kaufen will, sollte sich vorher vergewissern, ob der Shop auch seriös ist. Denn derzeit werden der Watchlist Internet vermehrt Markenfälscher-Shops gemeldet, die unglaublich günstige Markenschuhe anbieten. Wenn das Impressum fehlt und die Schuhe zu unglaublichen Preisen angeboten werden, sollten Sie lieber Abstand von einem Einkauf nehmen. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-shops-kopieren-webseiten-… ∗∗∗ SynAck ransomware releases decryption keys after El_Cometa rebrand ∗∗∗ --------------------------------------------- The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El_Cometa group. --------------------------------------------- https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-d… ∗∗∗ WordPress Sites Abused in Aggah Spear-Phishing Campaign ∗∗∗ --------------------------------------------- The Pakistan-linked threat groups campaign uses compromised WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea. --------------------------------------------- https://threatpost.com/aggah-wordpress-spearphishing/168657/ ∗∗∗ Example of Danabot distributed through malspam, (Fri, Aug 13th) ∗∗∗ --------------------------------------------- Danabot is an information stealer known for targeting banking data on infected Windows hosts. According to Proofpoint, Danabot version 4 started appearing in the wild in October 2020. We recently discovered a Danabot sample during an infection kicked off by an email attachment sent on Thursday 2021-08-12. Today's diary reviews this Danabot infection. --------------------------------------------- https://isc.sans.edu/diary/rss/27744 ∗∗∗ Using AI to Scale Spear Phishing ∗∗∗ --------------------------------------------- The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAI's GPT-3 platform in conjunction with other AI-as-a-service products focused on personality analysis to generate phishing emails tailored to their colleagues' backgrounds and traits. --------------------------------------------- https://www.schneier.com/blog/archives/2021/08/using-ai-to-scale-spear-phis… ∗∗∗ Phishing campaign goes old school, dusts off Morse code ∗∗∗ --------------------------------------------- Sometimes new technology just doesnt get the job done. --------------------------------------------- https://blog.malwarebytes.com/reports/2021/08/phishing-campaign-goes-old-sc… ∗∗∗ Examining threats to device security in the hybrid workplace ∗∗∗ --------------------------------------------- As employees split their time between office and off-site work, there's a greater potential for company devices and data to fall into the wrong hands --------------------------------------------- https://www.welivesecurity.com/2021/08/12/examining-threats-device-security… ∗∗∗ Hackers tried to exploit two zero-days in Trend Micro's Apex One EDR platform ∗∗∗ --------------------------------------------- Cyber-security firm Trend Micro said hackers tried to exploit two zero-day vulnerabilities in its Apex One EDR platform in an attempt to go after its customers in attacks that took place earlier this year. --------------------------------------------- https://therecord.media/hackers-tried-to-exploit-two-zero-days-in-trend-mic… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005 ∗∗∗ --------------------------------------------- The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. --------------------------------------------- https://www.drupal.org/sa-core-2021-005 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (commons-io, curl, and firefox-esr), Fedora (perl-Encode), openSUSE (golang-github-prometheus-prometheus, grafana, and python-reportlab), Oracle (.NET Core 2.1, 389-ds:1.4, cloud-init, go-toolset:ol8, nodejs:12, nodejs:14, and rust-toolset:ol8), SUSE (aspell, firefox, kernel, and rpm), and Ubuntu (linux, linux-aws, linux-kvm, linux-lts-xenial and postgresql-10, postgresql-12, postgresql-13). --------------------------------------------- https://lwn.net/Articles/866185/ ∗∗∗ Cognex In-Sight OPC Server ∗∗∗ --------------------------------------------- This advisory contains mitigations for a Deserialization of Untrusted Data vulnerability in Cognex In-Sight OPC Server industrial software. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-224-01 ∗∗∗ Horner Automation Cscape ∗∗∗ --------------------------------------------- This advisory contains mitigations for Out-of-bounds Write, Access of Uninitialized Pointer, and Out-of-bounds Read vulnerabilities in Horner Automation Cscape control system application programming software. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-224-02 ∗∗∗ Sensormatic Electronics C-CURE 9000 (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-21-182-02 Sensormatic Electronics C-CURE 9000 that was published July 1, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for an Improper Input Validation vulnerability in Sensormatic Electronics C-CURE 9000 industrial software. --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-182-02 ∗∗∗ Security Bulletin: De-serialization Vulnerability Affects IBM Partner Engagement Manager (CVE-2021-29781) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-de-serialization-vulnerab… ∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to possible information disclosure in a multi-domain deployment. (CVE-2021-29880) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulner… ∗∗∗ Security Bulletin: Vulnerability in self-service console affects IBM Cloud Pak System (CVE-2021-20478) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-self-ser… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.08.2021
by Daily end-of-shift report 12 Aug '21

12 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 11-08-2021 18:00 − Donnerstag 12-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ PrintNightmare: Schon wieder eine Drucker-Lücke in Windows ohne Patch ∗∗∗ --------------------------------------------- Microsoft kriegt seine Druckerverwaltung offensichtlich nicht in den Griff, Angreifer könnten sich erneut System-Rechte verschaffen. --------------------------------------------- https://heise.de/-6163743 ∗∗∗ Accenture Opfer der Lockbit Ransomware ∗∗∗ --------------------------------------------- Das IT-Beratungsunternehmen Accenture ist wohl Opfer eines Cyber-Angriffs mit der Lockbit-Ransomware geworden. Das Unternehmen hat den Angriff inzwischen eingestanden. Bei dem Ransomware-Befall scheinen auch Daten abgezogen worden zu sein. Hier einige Informationen, was inzwischen bekannt ist. --------------------------------------------- https://www.borncity.com/blog/2021/08/12/accenture-opfer-der-lockbit-ransom… ∗∗∗ QR Code Scammers Get Creative with Bitcoin ATMs ∗∗∗ --------------------------------------------- Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technologys trust relationship with users. --------------------------------------------- https://threatpost.com/qr-code-scammers-bitcoin-atms/168621/ ∗∗∗ 7 ways to harden your environment against compromise ∗∗∗ --------------------------------------------- Here at the global Microsoft Compromise Recovery Security Practice (CRSP), we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware and the deployment of crypto-mining tools. --------------------------------------------- https://www.microsoft.com/security/blog/2021/08/11/7-ways-to-harden-your-en… ∗∗∗ Best Practices for Web Form Security ∗∗∗ --------------------------------------------- Web form security ⁠— the set of tools and practices intended to protect web forms from attacks and abuse ⁠— is one of the most critical aspects of overall website security. Web forms allow users to interact with your site and enable a lot of useful functionality. However, once a user can interact with your site to do something useful there is a new attack surface for a hacker to exploit. --------------------------------------------- https://blog.sucuri.net/2021/08/best-practices-for-web-form-security.html ∗∗∗ Experts Shed Light On New Russian Malware-as-a-Service Written in Rust ∗∗∗ --------------------------------------------- A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts. --------------------------------------------- https://thehackernews.com/2021/08/experts-shed-light-on-new-russian.html ∗∗∗ Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT ∗∗∗ --------------------------------------------- Group TA505 has been active for at least seven years, making wide-ranging connections with other threat actors involved in ransomware, stealing credit card numbers and exfiltrating data. One of the common tools in TA505s arsenal is ServHelper. --------------------------------------------- https://blog.talosintelligence.com/2021/08/raccoon-and-amadey-install-servh… ∗∗∗ Why No HTTPS? The 2021 Version ∗∗∗ --------------------------------------------- More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the worlds largest websites that didnt properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than [...] --------------------------------------------- https://www.troyhunt.com/why-no-https-the-2021-version/ ∗∗∗ August 2021 ICS Patch Tuesday: Siemens, Schneider Address Over 50 Flaws ∗∗∗ --------------------------------------------- Siemens and Schneider Electric on Tuesday released 18 security advisories addressing a total of more than 50 vulnerabilities affecting their products. The vendors have provided patches, mitigations, and general security recommendations for reducing the risk of attacks. --------------------------------------------- https://www.securityweek.com/august-2021-ics-patch-tuesday-siemens-schneide… ∗∗∗ IISerpent: Malware‑driven SEO fraud as a service ∗∗∗ --------------------------------------------- The last in our series on IIS threats introduces a malicious IIS extension used to manipulate page rankings for third-party websites --------------------------------------------- https://www.welivesecurity.com/2021/08/11/iiserpent-malware-driven-seo-frau… ∗∗∗ Affiliates Unlocked: Gangs Switch Between Different Ransomware Families ∗∗∗ --------------------------------------------- The demise of Sodinokibi has led to a surge in LockBit activity, while there’s evidence affiliates are using multiple ransomware families to achieve their goals. --------------------------------------------- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ra… ∗∗∗ CobaltSpam tool can flood Cobalt Strike malware servers ∗∗∗ --------------------------------------------- A security researcher has published this week a tool to flood Cobalt Strike servers—often used by malware gangs—with fake beacons in order to corrupt their internal databases of infected systems. --------------------------------------------- https://therecord.media/cobaltspam-tool-can-flood-cobalt-strike-malware-ser… ===================== = Vulnerabilities = ===================== ∗∗∗ Intel schließt Sicherheitslücken in Laptops, Linux-Treibern & Co. ∗∗∗ --------------------------------------------- Angreifer könnten Intel-PCs attackieren und im schlimmsten Fall die volle Kontrolle über Computer erlangen. Sicherheitsupdates sind verfügbar. --------------------------------------------- https://heise.de/-6163478 ∗∗∗ JavaScript-Framework: Next.js 11.1 behebt eine Open-Redirect-Sicherheitslücke ∗∗∗ --------------------------------------------- Das React-Framework Next.js erhält knapp zwei Monate nach der letzten Hauptversion ein Update auf Version 11.1, um mögliche Open Redirects zu verhindern. --------------------------------------------- https://heise.de/-6163575 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.8.0-openjdk), Debian (firefox-esr, libspf2, and openjdk-11-jre-dcevm), Fedora (bluez, fetchmail, and prosody), Oracle (edk2, glib2, kernel, and libuv), Red Hat (.NET Core 3.1), SUSE (cpio), and Ubuntu (firefox and openssh). --------------------------------------------- https://lwn.net/Articles/866076/ ∗∗∗ Plone vulnerable to open redirect ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN50804280/ ∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to CSV Injection (CVE-2021-20509) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-manageme… ∗∗∗ Security Vulnerabilities fixed in Thunderbird 91 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/ ∗∗∗ TRUMPF Laser GmbH: multiple products prone to codesys runtime vulnerabilities ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2021-033 ∗∗∗ Node.js: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0866 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.08.2021
by Daily end-of-shift report 11 Aug '21

11 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-08-2021 18:00 − Mittwoch 11-08-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ Kaseyas universal REvil decryption key leaked on a hacking forum ∗∗∗ --------------------------------------------- The universal decryption key for REvils attack on Kaseyas customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. --------------------------------------------- https://www.bleepingcomputer.com/news/security/kaseyas-universal-revil-decr… ∗∗∗ New AdLoad malware variant slips through Apples XProtect defenses ∗∗∗ --------------------------------------------- A new AdLoad malware variant is slipping through Apples YARA signature-based XProtect built-in antivirus tech to infect Macs. --------------------------------------------- https://www.bleepingcomputer.com/news/apple/new-adload-malware-variant-slip… ∗∗∗ TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike, (Wed, Aug 11th) ∗∗∗ --------------------------------------------- TA551 (also known as Shathak) represents a threat actor behind malspam that has pushed different families of malware over the past few years. --------------------------------------------- https://isc.sans.edu/diary/rss/27738 ∗∗∗ Das Conti-Leak: Bedienungsanleitung für Ransomware ∗∗∗ --------------------------------------------- In den Handbüchern für Affiliates beschreiben die Kriminellen minutiös, wie man ein Netz auskundschaftet, Zugang ausweitet und schließlich Daten verschlüsselt. --------------------------------------------- https://heise.de/-6160551 ∗∗∗ Anonym im Internet: Sicherheitsupdates für Tor Browser und Tails OS erschienen ∗∗∗ --------------------------------------------- Die Entwickler haben Komponenten von Tor Browser und Tails aktualisiert, um die Sicherheit aufrechtzuerhalten. --------------------------------------------- https://heise.de/-6161195 ∗∗∗ 5 Costly Mistakes in Cyber Incident Response Preparation ∗∗∗ --------------------------------------------- Even with the best preparation and retainers, incident response is rarely an inexpensive endeavor in terms of money, people, operational disruption, or time. --------------------------------------------- https://www.dragos.com/blog/industry-news/5-costly-mistakes-in-cyber-incide… ∗∗∗ Conducting Architecture Reviews in Light of the New TSA Directives ∗∗∗ --------------------------------------------- TSA, the sector-specific agency for pipelines, released its first directive to the pipeline industry on May 27th and followed up with a second directive on July 20th. --------------------------------------------- https://www.dragos.com/blog/industry-news/conducting-architecture-reviews-i… ∗∗∗ Why Are Ransomware Attacks Against OT Increasing? ∗∗∗ --------------------------------------------- Most discussions around cybersecurity understandably focus on information technology (IT). Assets like cloud services and data centers are typically what companies spend the most time and effort securing. Recently, though, operational technology (OT) has come under increasing scrutiny from leading security experts in both the private and public sectors. --------------------------------------------- https://www.tripwire.com/state-of-security/ics-security/why-are-ransomware-… ∗∗∗ Hacker kapern Instagram-Profil und erpressen Opfer ∗∗∗ --------------------------------------------- BetrügerInnen haben es auf Instagram-Accounts mit vielen FollowerInnen abgesehen: Sie hacken deren Konten und verlangen anschließend Lösegeld. Wird nicht bezahlt, drohen die Hacker, das Profil zu löschen. --------------------------------------------- https://www.watchlist-internet.at/news/hacker-kapern-instagram-profil-und-e… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#608209: NicheStack embedded TCP/IP has vulnerabilities ∗∗∗ --------------------------------------------- HCC Embeddeds software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. --------------------------------------------- https://kb.cert.org/vuls/id/608209 ∗∗∗ Patchday: Microsoft meldet abermals Attacken auf Windows ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für unter anderem kritische Lücken in Azure, Edge und verschiedenen Windows-Versionen. --------------------------------------------- https://heise.de/-6160526 ∗∗∗ Free Micropatches for "PetitPotam" (CVE-2021-36942) ∗∗∗ --------------------------------------------- Update 8/11/2021-B: Neither Microsofts August fix nor our micropatch seem to have covered all PetitPotam affected code. Both fixed the anonymous attack vector but we're investigating additional authenticated paths now and looking for the best way to patch that too. --------------------------------------------- https://blog.0patch.com/2021/08/free-micropatches-for-petitpotam.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ceph), Fedora (buildah, containernetworking-plugins, and podman), openSUSE (chromium, kernel, php7, python-CairoSVG, python-Pillow, seamonkey, and transfig), Red Hat (microcode_ctl), SUSE (kernel and libcares2), and Ubuntu (c-ares). --------------------------------------------- https://lwn.net/Articles/865978/ ∗∗∗ Intel Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Intel has released security updates to address vulnerabilities multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/intel-releases-mu… ∗∗∗ iTunes 12.11.4 for Windows ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT212609 ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2021-20427) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OpenLDAP vulnerability (CVE-2020-25692) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-disconnected-log-coll… ∗∗∗ Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager DR ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affe… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Reliance on Untrusted Inputs in Security Descision ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Weak Password Policy vulnerability (CVE-2021-20418) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-ident… ∗∗∗ VMSA-2021-0016 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2021-0016.html ∗∗∗ AMD Prozessoren: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0852 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.08.2021
by Daily end-of-shift report 10 Aug '21

10 Aug '21

===================== = End-of-Day report = ===================== Timeframe: Montag 09-08-2021 18:00 − Dienstag 10-08-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer ===================== = News = ===================== ∗∗∗ eCh0raix ransomware now targets both QNAP and Synology NAS devices ∗∗∗ --------------------------------------------- A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ech0raix-ransomware-now-targ… ∗∗∗ Team Cymru’s Threat Hunting Maturity Model Explained ∗∗∗ --------------------------------------------- In this four part series we’ll be looking at Team Cymru’s Threat Hunting Maturity Model. --------------------------------------------- https://team-cymru.com/blog/2021/08/09/team-cymrus-threat-hunting-maturity-… ∗∗∗ Chaos Malware Walks Line Between Ransomware and Wiper ∗∗∗ --------------------------------------------- The dangerous malware has been rapidly developed since June and could be released into the wild soon. --------------------------------------------- https://threatpost.com/chaos-malware-ransomware-wiper/168520/ ∗∗∗ Vulnerability Management Resources ∗∗∗ --------------------------------------------- SANS Vulnerability Management Resources collected in one place for easy access. --------------------------------------------- https://www.sans.org/blog/vulnerability-management-resources ∗∗∗ XLSM Malware with MacroSheets ∗∗∗ --------------------------------------------- Excel-based malware has been around for decades and has been in the limelight in recent years. --------------------------------------------- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/xlsm-malware-with-macr… ∗∗∗ Gefälschtes E-Mail der Post im Umlauf ∗∗∗ --------------------------------------------- Sie warten auf ein Paket? Dann nehmen Sie sich vor gefälschten Benachrichtigungen der Post in Acht. BetrügerInnen behaupten in einer E-Mail, dass Ihr Paket nicht zugestellt werden konnte und Sie über einen Link einen weiteren Zustellversuch anfordern müssen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschtes-e-mail-der-post-im-umla… ===================== = Vulnerabilities = ===================== ∗∗∗ Root-Lücke in VPN-Lösung Pulse Connect Secure als Schadcode-Schlupfloch ∗∗∗ --------------------------------------------- Ein wichtiges Sicherheitsupdates schließt Schwachstellen in der Fernzugriff-Software Pulse Connect Secure. --------------------------------------------- https://heise.de/-6159492 ∗∗∗ Firefox und Firefox ESR gegen verschiedene Attacken abgesichert ∗∗∗ --------------------------------------------- Mozilla hat mehrere Sicherheitslücken in seinem Webbrowser Firefox geschlossen. --------------------------------------------- https://heise.de/-6160037 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (flatpak and microcode_ctl), Debian (c-ares, lynx, openjdk-8, and tomcat9), Fedora (kernel), openSUSE (apache-commons-compress, aria2, djvulibre, fastjar, kernel, libvirt, linuxptp, mysql-connector-java, nodejs8, virtualbox, webkit2gtk3, and wireshark), Oracle (kernel, kernel-container, and microcode_ctl), Red Hat (glib2, kernel, kernel-rt, kpatch-patch, and rust-toolset-1.52 and rust-toolset-1.52-rust), Scientific Linux (microcode_ctl), [...] --------------------------------------------- https://lwn.net/Articles/865872/ ∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- Adobe has released security updates to address vulnerabilities in multiple Adobe products. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/adobe-releases-se… ∗∗∗ WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN65388002/ ∗∗∗ SSA-938030: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-938030.txt ∗∗∗ SSA-865327: Incorrect Authorization Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-865327.txt ∗∗∗ SSA-830194: Missing Authentication Vulnerability in S7-1200 Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-830194.txt ∗∗∗ SSA-818688: Multiple Vulnerabilities in Solid Edge before SE2021MP7 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-818688.txt ∗∗∗ SSA-756744: OS Command Injection Vulnerability in SINEC NMS ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-756744.txt ∗∗∗ SSA-679335: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-679335.txt ∗∗∗ SSA-553445: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-553445.txt ∗∗∗ SSA-365397: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-365397.txt ∗∗∗ SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-309571.txt ∗∗∗ SSA-158827: Denial-of-Service Vulnerability in Automation License Manager ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-158827.txt ∗∗∗ Security Bulletin: A vulnerability in glibc impacts IBM Watson™ Speech Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-glibc-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct File Agent ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-ja… ∗∗∗ Security Bulletin: IBM Planning Analytics Spreadsheet Services is affected by security vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-sp… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by a Oracle MySQL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ Security Bulletin: Vulnerability in self-service console affects IBM Cloud Pak System (CVE-2021-20478) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-self-ser… ∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-… ∗∗∗ XSA-357 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-357.html ∗∗∗ TYPO3 Core: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0842 ∗∗∗ SAP Patchday August 2021: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0847 ∗∗∗ Citrix ShareFile storage zones controller security update ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX322787 ∗∗∗ XML External Entity Expansion in MobileTogether Server ∗∗∗ --------------------------------------------- https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-002/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily