===================== = End-of-Day report = =====================
Timeframe: Montag 14-06-2021 18:00 − Dienstag 15-06-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ Paradise Ransomware source code released on a hacking forum ∗∗∗ --------------------------------------------- The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation. --------------------------------------------- https://www.bleepingcomputer.com/news/security/paradise-ransomware-source-co...
∗∗∗ Andariel evolves to target South Korea with ransomware ∗∗∗ --------------------------------------------- In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. --------------------------------------------- https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomwar...
∗∗∗ Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more, (Tue, Jun 15th) ∗∗∗ --------------------------------------------- Vulnerable perimeter devices remain a popular target, and we do see consistent exploit attempts against them. --------------------------------------------- https://isc.sans.edu/diary/rss/27528
∗∗∗ Experts Shed Light On Distinctive Tactics Used by Hades Ransomware ∗∗∗ --------------------------------------------- Cybersecurity researchers on Tuesday disclosed "distinctive" tactics, techniques, and procedures (TTPs) adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER. --------------------------------------------- https://thehackernews.com/2021/06/experts-shed-light-on-distinctive.html
∗∗∗ What’s past is prologue – A new world of critical infrastructure security ∗∗∗ --------------------------------------------- Attackers have targeted American critical infrastructure several times over the past few years, putting at risk U.S. electrical grids, oil pipelines and water supply systems. --------------------------------------------- https://blog.talosintelligence.com/2021/06/new-world-after-pipeline-ransomwa...
∗∗∗ Tracking Amazon delivery staff ∗∗∗ --------------------------------------------- The Amazon delivery tracking API allows ultra-precise tracking of drivers. Amazon claim that customers can only track the driver for the 10 stops prior to theirs. --------------------------------------------- https://www.pentestpartners.com/security-blog/tracking-amazon-delivery-staff...
∗∗∗ Beantragen Sie Kredite nicht auf ulacglobalfinanzen.com ∗∗∗ --------------------------------------------- Sie sind auf der Suche nach einem Kredit und recherchieren im Internet günstige Konditionen? Möglicherweise kommt Ihnen dann ulacglobalfinanzen.com unter – eine unseriöse Kreditgesellschaft mit großartigen Konditionen und unkomplizierter Abwicklung. Wer dort um einen Kredit ansucht, verliert jedoch Geld und übermittelt Kriminellen persönliche Daten! --------------------------------------------- https://www.watchlist-internet.at/news/beantragen-sie-kredite-nicht-auf-ulac...
∗∗∗ Vishing: What is it and how do I avoid getting scammed? ∗∗∗ --------------------------------------------- How do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself, your family and your business? --------------------------------------------- https://www.welivesecurity.com/2021/06/14/vishing-what-is-it-how-avoid-getti...
∗∗∗ Ransomware attacks continue to Surge, hitting a 93% increase year over year ∗∗∗ --------------------------------------------- Number of organizations impacted by ransomware has risen to 1210 in June 2021. Check Point Research sees a 41% increase in attacks since the beginning of 2021 and a 93% increase year over year. --------------------------------------------- https://blog.checkpoint.com/2021/06/14/ransomware-attacks-continue-to-surge-...
===================== = Vulnerabilities = =====================
∗∗∗ SonicWall schließt Denial-of-Service-Lücke in Firewall-Betriebssystem SonicOS ∗∗∗ --------------------------------------------- Das webbasierte Management-Interface einiger SonicOS-Versionen hätte mittels spezieller POST-Requests lahmgelegt werden können. Updates ändern das. --------------------------------------------- https://heise.de/-6071069
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (389-ds-base, dhcp, firefox, glib2, hivex, kernel, postgresql, qemu-kvm, qt5-qtimageformats, samba, and xorg-x11-server), Fedora (kernel and kernel-tools), Oracle (kernel and postgresql), Red Hat (dhcp and gupnp), Scientific Linux (gupnp and postgresql), SUSE (postgresql10 and xterm), and Ubuntu (imagemagick). --------------------------------------------- https://lwn.net/Articles/859842/
∗∗∗ iOS 12.5.4 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT212548
∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential Cross Site Scripting (XSS) CVE-2020-5000 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-mana...
∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl...
∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2020-27221, CVE-2020-14782) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-jav...
∗∗∗ Security Bulletin: IBM Event Streams is potentially affected by multiple node vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-poten...
∗∗∗ Security Bulletin: Genivia gSOAP vulnerabilities affect IBM Spectrum Protect for Virtual Environments:Data Protection for VMware and Spectrum Protect Client (CVE-2020-13575, CVE-2020-13578, CVE-2020-13574, CVE-2020-13577, CVE-2020-13576, ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-genivia-gsoap-vulnerabilit...
∗∗∗ Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonsto...
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-10531) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-releas...
∗∗∗ Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-13947) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-...
∗∗∗ Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2021-27290) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-ibm-ap...
∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-ser...