===================== = End-of-Day report = =====================
Timeframe: Montag 23-08-2021 18:00 − Dienstag 24-08-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Triada Trojan in WhatsApp MOD ∗∗∗ --------------------------------------------- We discovered that the Trojan Triada snook into one of modified versions of the WhatsApp messenger called FMWhatsapp 16.80.0 together with the advertising software development kit (SDK). --------------------------------------------- https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
∗∗∗ Effective Threat-Hunting Queries in a Redacted World ∗∗∗ --------------------------------------------- Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers infrastructure. --------------------------------------------- https://threatpost.com/effective-threat-hunting-queries/168864/
∗∗∗ Attackers Hunting For Twilio Credentials, (Tue, Aug 24th) ∗∗∗ --------------------------------------------- Twilio is a popular service used to send/receive SMS messages and phone calls. --------------------------------------------- https://isc.sans.edu/diary/rss/27782
∗∗∗ Power-Apps-Portale von Microsoft: 38 Millionen Datensätze lagen offen ∗∗∗ --------------------------------------------- Sicherheitsforscher haben in Power-Apps-Portalen 38 Millionen Datensätze mit teils sensiblen Daten entdeckt – laut Microsoft aufgrund von Konfigurationsfehlern. --------------------------------------------- https://heise.de/-6173306
∗∗∗ Vorsicht vor EU Compensation E-Mail! ∗∗∗ --------------------------------------------- Aktuell werden betrügerische E-Mails von „EU Compensation“ versendet. Eine ominöse europäische Behörde behauptet, Betrugsopfer mit einer hohen Geldsumme zu entschädigen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-eu-compensation-e-mail/
∗∗∗ Ransomware Groups to Watch: Emerging Threats ∗∗∗ --------------------------------------------- Emerging ransomware groups to watch, according to Unit 42 researchers: AvosLocker, Hive Ransomware, HelloKitty and LockBit 2.0. --------------------------------------------- https://unit42.paloaltonetworks.com/emerging-ransomware-groups/
∗∗∗ FBI sends its first-ever alert about a ‘ransomware affiliate’ ∗∗∗ --------------------------------------------- The US Federal Bureau of Investigations has published today its first-ever public advisory detailing the modus operandi of a "ransomware affiliate." --------------------------------------------- https://therecord.media/fbi-sends-its-first-ever-alert-about-a-ransomware-af...
===================== = Vulnerabilities = =====================
∗∗∗ New zero-click iPhone exploit used to deploy NSO spyware ∗∗∗ --------------------------------------------- Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Groups Pegasus spyware on devices belonging to Bahraini activists. --------------------------------------------- https://www.bleepingcomputer.com/news/apple/new-zero-click-iphone-exploit-us...
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ledgersmb, tnef, and tor), Fedora (nodejs-underscore and tor), openSUSE (aws-cli, python-boto3, python-botocore,, fetchmail, firefox, and isync), SUSE (aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 and python-PyYAML), and Ubuntu (linux-aws-5.8, linux-azure-5.8, linux-gcp-5.8, linux-oracle-5.8). --------------------------------------------- https://lwn.net/Articles/867247/
∗∗∗ [20210801] - Core - Insufficient access control for com_media deletion endpoint ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/861-20210801-core-insufficient-...
∗∗∗ Security Bulletin: CVE-2020-2773 (deferred from Oracle Apr 2020 CPU) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2773-deferred-fro...
∗∗∗ Security Bulletin: Apache CXF (Publicly disclosed vulnerability) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-publicly-disclo...
∗∗∗ Security Bulletin: XStream (Publicly disclosed vulnerability) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-xstream-publicly-disclosed...
∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerab...
∗∗∗ Security Bulletin: Update Secure Gateway Client in IBM DataPower Gateway to address several CVEs ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-update-secure-gateway-clie...
∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-27221) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-jav...
∗∗∗ Security Bulletin: IBM Resilient Disaster Recovery (DR) system allows connections over TLS 1.0 (CVE-2021-29704) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-disaster-rec...
∗∗∗ Security Bulletin: CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-14781-deferred-fr...
∗∗∗ OpenSSL: SM2 Decryption Buffer Overflow (CVE-2021-3711) ∗∗∗ --------------------------------------------- https://openssl.org/news/secadv/20210824.txt
∗∗∗ Overview of F5 vulnerabilities (August 2021) ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K50974556