===================== = End-of-Day report = =====================
Timeframe: Donnerstag 14-10-2021 18:00 − Freitag 15-10-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Accenture confirms data breach after August ransomware attack ∗∗∗ --------------------------------------------- Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the companys systems in August 2021. --------------------------------------------- https://www.bleepingcomputer.com/news/security/accenture-confirms-data-breac...
∗∗∗ BlackByte Ransomware – Pt. 1 In-depth Analysis ∗∗∗ --------------------------------------------- During a recent malware incident response case, we encountered an interesting piece of ransomware that goes by the name of BlackByte. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ra...
∗∗∗ BlackByte Ransomware – Pt 2. Code Obfuscation Analysis ∗∗∗ --------------------------------------------- We received the original launcher file from an Incident Response case. It was about 630 KB of JScript code which was seemingly full of garbage code – hiding the real intent. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ra...
∗∗∗ Employee offboarding: Why companies must close a crucial gap in their security strategy ∗∗∗ --------------------------------------------- There are various ways a departing employee could put your organization at risk of a data breach. How do you offboard employees the right way and ensure your data remains safe? --------------------------------------------- https://www.welivesecurity.com/2021/10/14/employee-offboarding-companies-clo...
∗∗∗ Ongoing Cyber Threats to U.S. Water and Wastewater Systems Sector Facilities ∗∗∗ --------------------------------------------- CISA, the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that details ongoing cyber threats to U.S. Water and Wastewater Systems (WWS) Sector. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/10/14/ongoing-cyber-thre...
∗∗∗ A malware botnet has made more than $24.7 million since 2019 ∗∗∗ --------------------------------------------- The operators of a malware botnet known as MyKings are believed to have made more than $24.7 million through what security researchers call a "clipboard hijacker." --------------------------------------------- https://therecord.media/a-malware-botnet-has-made-more-than-24-7-million-sin...
===================== = Vulnerabilities = =====================
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 11 Security Bulletins veröffentlicht. --------------------------------------------- https://www.ibm.com/blogs/psirt/
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (squashfs-tools, tomcat9, and wordpress), Fedora (openssh), openSUSE (kernel, mbedtls, and rpm), Oracle (httpd, kernel, and kernel-container), SUSE (firefox, kernel, and rpm), and Ubuntu (linux-azure, linux-azure-5.4). --------------------------------------------- https://lwn.net/Articles/873056/
∗∗∗ ZDI-21-1211: (0Day) Fuji Electric Alpha5 A5V File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1211/
∗∗∗ ZDI-21-1210: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1210/
∗∗∗ ZDI-21-1209: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1209/
∗∗∗ ZDI-21-1208: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-1208/
∗∗∗ Schneider Electric CNM ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-287-01
∗∗∗ Uffizio GPS Tracker ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-287-02
∗∗∗ Mitsubishi Electric MELSEC iQ-R Series ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-287-03
∗∗∗ Siemens RUGGEDCOM ROX (Update A) ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01
∗∗∗ Apache Releases Security Advisory for Tomcat ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/10/15/apache-releases-se...
∗∗∗ SYSS-2019-018/SYSS-2019-019: Unsichere Dateisystemberechtigungen und Installationsmodi in Ivanti DSM ∗∗∗ --------------------------------------------- https://www.syss.de/pentest-blog/syss-2019-018/syss-2019-019-unsichere-datei...
∗∗∗ Change in Magniber Ransomware Vulnerability (CVE-2021-40444) ∗∗∗ --------------------------------------------- https://asec.ahnlab.com/en/27264/