===================== = End-of-Day report = =====================
Timeframe: Montag 28-06-2021 18:00 − Dienstag 29-06-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Ransomware gangs now creating websites to recruit affiliates ∗∗∗ --------------------------------------------- Ever since two prominent Russian-speaking cybercrime forums banned ransomware-related topics, criminal operations have been forced to promote their service through alternative methods. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-creating...
∗∗∗ Microsoft successfully hit by dependency hijacking again ∗∗∗ --------------------------------------------- Microsoft has once again been successfully hit by a dependency hijacking attack. This month, another researcher found an npm internal dependency being used by an open-source project. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-successfully-hit-by...
∗∗∗ Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground ∗∗∗ --------------------------------------------- After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, its happened again - with big security ramifications. --------------------------------------------- https://threatpost.com/data-700m-linkedin-users-cyber-underground/167362/
∗∗∗ CFBF Files Strings Analysis, (Mon, Jun 28th) ∗∗∗ --------------------------------------------- The Office file format that predates the OOXML format, is a binary format based on the CFBF format. I informally call this the ole file format. --------------------------------------------- https://isc.sans.edu/diary/rss/27576
∗∗∗ Diving into a Google Sweepstakes Phishing E-mail, (Tue, Jun 29th) ∗∗∗ --------------------------------------------- I was recently forwarded another phishing e-mail to examine. This time, it was an e-mail that claimed to be from Google. The e-mail included a pdf file, and instructed the recipient download the file for further information. --------------------------------------------- https://isc.sans.edu/diary/rss/27578
∗∗∗ Verschlüsselungstrojaner REvil hat es nun auf virtuelle Maschinen abgesehen ∗∗∗ --------------------------------------------- Mehrere Sicherheitsforscher warnen vor einer neuen REvil-Version, die noch mehr Geräte bedroht. --------------------------------------------- https://heise.de/-6122156
∗∗∗ Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+ ∗∗∗ --------------------------------------------- Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on video displays as well as printers. --------------------------------------------- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-cve-2021-1665...
∗∗∗ Instagram: Kooperationsanfragen von wegego.com sind Fake ∗∗∗ --------------------------------------------- Momentan werden Instagram-NutzerInnen vermehrt von einem Profil namens sara.wegego – einer angeblichen Brand Ambassador Managerin bei wegego.com – angeschrieben. Ihnen wird eine Kooperation mit dem Unternehmen angeboten. --------------------------------------------- https://www.watchlist-internet.at/news/instagram-kooperationsanfragen-von-we...
∗∗∗ CISA Begins Cataloging Bad Practices that Increase Cyber Risk ∗∗∗ --------------------------------------------- In a blog post by Executive Assistant Director (EAD) Eric Goldstein, CISA announced the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critical Functions. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/06/29/cisa-begins-catalo...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (klibc and libjdom2-java), Mageia (bash, glibc, gnutls, java-openjdk, kernel, kernel-linus, leptonica, libgcrypt, openjpeg2, tor, and trousers), openSUSE (bouncycastle, chromium, go1.16, and kernel), Oracle (docker-engine docker-cli and qemu), Red Hat (kpatch-patch), and SUSE (arpwatch, go1.16, kernel, libsolv, microcode_ctl, and python-urllib3, python-requests). --------------------------------------------- https://lwn.net/Articles/861310/
∗∗∗ PoC released for dangerous Windows PrintNightmare bug ∗∗∗ --------------------------------------------- Proof-of-concept exploit code has been published online today for a vulnerability in the Windows Print Spooler service (spoolsv.exe) that can allow a total compromise of Windows systems. --------------------------------------------- https://therecord.media/poc-released-for-dangerous-windows-printnightmare-bu...
∗∗∗ Security Bulletin: Vulnerabilities in Python, Tornado, and Urllib3 affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-python-...
∗∗∗ Security Bulletin: IBM DataQuant Fix for (All) Apache PDF Box (Publicly disclosed vulnerability) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-dataquant-fix-for-all-...
∗∗∗ Security Bulletin: IBM Spectrum Protect Plus has Insecure File Permissions due to not setting the Sticky Bit (CVE-2021-20490) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-plus-...
∗∗∗ Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise v11 are affected by vulnerabilities in Node.js (CVE-2021-3450, CVE-2021-3449) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ib...
∗∗∗ Security Bulletin: Multiple vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: Vulnerabilities in Redis, MinIO, Golang, and Urllib3 affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-redis-m...
∗∗∗ Security Bulletin: Vulnerabilities in MongoDB, Node.js, Docker, and XStream affect IBM Spectrum Protect Plus ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-mongodb...
∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise v11 (CVE-2021-3449 , CVE-2021-3450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl...
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise v11 (CVE-2021-23839, CVE-2021-23840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl...
∗∗∗ Security Bulletin: IBM® Db2® could allow an authenticated user to overwrite arbirary files due to improper group permissions. (CVE-2020-4945) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-an-aut...
∗∗∗ Security Bulletin: IBM® Db2® could allow a local user to access and change the configuration of DB2 due to a race condition via a symbolic link. (CVE-2020-4885) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-a-loca...
∗∗∗ Easily Exploitable Critical Vulnerabilities Patched in ProfilePress Plugin ∗∗∗ --------------------------------------------- https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabi...
∗∗∗ Red Hat OpenShift: Mehrere Schwachstellen ermöglichen Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0700
∗∗∗ MISP: Schwachstelle ermöglicht nicht spezifizierten Angriff ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K21-0699