===================== = End-of-Day report = =====================
Timeframe: Montag 19-07-2021 18:00 − Dienstag 20-07-2021 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ New MosaicLoader malware targets software pirates via online ads ∗∗∗ --------------------------------------------- An ongoing worldwide campaign is pushing new malware dubbed MosaicLoader advertising camouflaged as cracked software via search engine results to infect wannabe software pirates systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-mosaicloader-malware-targ...
∗∗∗ Summer of SAM - incorrect permissions on Windows 10/11 hives, (Tue, Jul 20th) ∗∗∗ --------------------------------------------- If you opened Twitter today you were probably flooded with news about the latest security issue with Windows. --------------------------------------------- https://isc.sans.edu/diary/rss/27652
∗∗∗ 6 typische Phishing-Attacken ∗∗∗ --------------------------------------------- Phishing, Smishing, Vishing - kennen Sie den Unterschied? --------------------------------------------- https://sec-consult.com/de/blog/detail/6-common-types-of-phishing-attacks/
∗∗∗ Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware ∗∗∗ --------------------------------------------- The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). --------------------------------------------- https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from...
∗∗∗ Don’t Wanna Pay Ransom Gangs? Test Your Backups. ∗∗∗ --------------------------------------------- Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only theyd had proper data backups. --------------------------------------------- https://krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-ba...
∗∗∗ Vorsicht vor gefälschtem „Voicemail“ SMS ∗∗∗ --------------------------------------------- „Sie haben eine neue Voicemail“: Dieses lästige Fake-SMS mit einem Link zu einer angeblichen Sprachnachricht erhalten momentan unzählige HandynutzerInnen. Klicken Sie keinesfalls auf den Link. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschtem-voicemail-s...
∗∗∗ AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department ∗∗∗ --------------------------------------------- This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. --------------------------------------------- https://us-cert.cisa.gov/ncas/alerts/aa21-200a
∗∗∗ Significant Historical Cyber-Intrusion Campaigns Targeting ICS ∗∗∗ --------------------------------------------- CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/significant-histor...
===================== = Vulnerabilities = =====================
∗∗∗ TYPO3 Security Advisories for 2021-07-20 ∗∗∗ --------------------------------------------- TYPO3-CORE-SA-2021-009 - TYPO3-CORE-SA-2021-012 --------------------------------------------- https://typo3.org/help/security-advisories
∗∗∗ Forensischer Bericht: iMessage-Lücke für Pegasus Spyware wird weiterhin genutzt ∗∗∗ --------------------------------------------- Amnesty International geht davon aus, dass eine iMessage-Lücke zur Installation von Spyware der Überwachungsfirma NSO Group bis heute ausgenutzt wird. --------------------------------------------- https://heise.de/-6141467
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel, libjdom1-java, rabbitmq-server, and systemd), Fedora (glibc), Gentoo (libpano13, libslirp, mpv, pjproject, pycharm-community, and rpm), Mageia (glibc, libuv, mbedtls, rvxt-unicode, mxrvt, eterm, tomcat, and zziplib), openSUSE (dbus-1, firefox, go1.15, lasso, nodejs10, nodejs12, nodejs14, and sqlite3), SUSE (go1.15), and Ubuntu (containerd). --------------------------------------------- https://lwn.net/Articles/863617/
∗∗∗ Oracle Releases July 2021 Critical Patch Update ∗∗∗ --------------------------------------------- Oracle has released its Critical Patch Update for July 2021 to address 327 vulnerabilities across multiple products. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/oracle-releases-ju...
∗∗∗ Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug ∗∗∗ --------------------------------------------- Security experts have found a severe vulnerability in a common printer driver used by HP, Xerox, and Samsung. --------------------------------------------- https://therecord.media/hundreds-of-millions-of-hp-xerox-and-samsung-printer...
∗∗∗ New Sequoia bug gives you root access on most Linux systems ∗∗∗ --------------------------------------------- Security auditing firm Qualys said today it discovered a new vulnerability in the Linux operating system that can grant attackers root access on most distros, such as Ubuntu, Debian, and Fedora. --------------------------------------------- https://therecord.media/new-sequoia-bug-gives-you-root-access-on-most-linux-...
∗∗∗ Sicherheitsupdates: Root-Lücke bedroht FortiManager und FortiAnalyzer ∗∗∗ --------------------------------------------- https://heise.de/-6142498
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect OS Images for Red Hat Linux Systems used by IBM Cloud Pak System (Jan2021 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: IBM App Connect Enterprise v11 is affected by vulnerabilities in Node.js (CVE-2021-23358) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise...
∗∗∗ Security Bulletin: Vulnerability in self-service console affects IBM Cloud Pak System (CVE-2021-20478) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-self-serv...
∗∗∗ Security Bulletin: A vulnerability in IBM Spectrum Scale could allow an authenticated user to gain elevated privileges (CVE-2020-9492) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spe...
∗∗∗ Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Pak System (CVE-2020-1971) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-a...
∗∗∗ Security Bulletin: Vulnerabilities in Docker affect IBM Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-docker-...
∗∗∗ Security Bulletin: Vulnerabilities in Python affect OS Image for RedHat bundled with Cloud Pak System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-python-...
∗∗∗ Security Bulletin: Watson Explorer is affected by Apache PDFBox vulnerabilities (CVE-2021-27807, CVE-2021-27906, CVE-2021-31811, CVE-2021-31812) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-watson-explorer-is-affecte...
∗∗∗ Security Bulletin: Vulnerability in jackson-databind affects Cloud Pak System (CVE-2020-25649) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-d...
∗∗∗ Security Bulletin: IBM API Connect is impacted by vulnerabilities in node.js and OpenSSL (CVE-2021-23840, CVE-2021-22884, CVE-2021-22883) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacte...
∗∗∗ Vulnerabilities in CODESYS V2 runtime systems ∗∗∗ --------------------------------------------- https://psirt.bosch.com/security-advisories/bosch-sa-670099.html