===================== = End-of-Day report = =====================
Timeframe: Mittwoch 19-05-2021 18:00 − Donnerstag 20-05-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Exchange bleibt Hauptangriffsziel in der Microsoft-Cloud ∗∗∗ --------------------------------------------- Vectra AI hat die zehn wichtigsten Bedrohungen in Azure AD und Office 365 aufgelistet. Exchange bleibt für Angreifer offenbar unverändert attraktiv. --------------------------------------------- https://heise.de/-6050650
∗∗∗ Cisco bringt Security-Updates ∗∗∗ --------------------------------------------- Cisco hat einige Updates zu Sicherheitsprodukten angekündigt, darunter das Major Release 7.0 der Secure Firewall Threat Defense und die Integration von Snort 3. --------------------------------------------- https://heise.de/-6049957
∗∗∗ Attacken auf Android: Jetzt patchen! Wenn es denn Sicherheitsupdates gibt ... ∗∗∗ --------------------------------------------- Derzeit haben es Angreifer auf Android-Geräte abgesehen. Patches gibt es aber in der Regel nur für aktuelle Smartphones und Tablets. --------------------------------------------- https://heise.de/-6050515
∗∗∗ Fake-Shops: So erkennen Sie betrügerische Online-Shops! ∗∗∗ --------------------------------------------- Das Problem betrügerischer Online-Shops - besser bekannt als Fake-Shops - nimmt weiterhin zu. Damit Sie die unterschiedlichen Arten von Fake-Shops schnell erkennen, beschreiben wir im folgenden Artikel die gängigsten Formen und worauf bei diesen besonders aufzupassen ist. Ein Einkauf in einem Fake-Shop kann Sie nämlich wahrlich teuer zu stehen kommen. --------------------------------------------- https://www.watchlist-internet.at/news/fake-shops-so-erkennen-sie-betruegeri...
∗∗∗ Qlocker ransomware shuts down after extorting hundreds of QNAP users ∗∗∗ --------------------------------------------- The Qlocker ransomware gang has shut down their operation after earning $350,000 in a month by exploiting vulnerabilities in QNAP NAS devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qlocker-ransomware-shuts-down...
∗∗∗ Keksec Cybergang Debuts Simps Botnet for Gaming DDoS ∗∗∗ --------------------------------------------- The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities. --------------------------------------------- https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/
∗∗∗ BazarCall: Call Centers Help Spread BazarLoader Malware ∗∗∗ --------------------------------------------- Call center operators offer to personally guide victims through a process designed to infect vulnerable computers with BazarLoader malware. --------------------------------------------- https://unit42.paloaltonetworks.com/bazarloader-malware/
∗∗∗ Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware ∗∗∗ --------------------------------------------- CISA and the Federal Bureau of Investigation (FBI) have updated Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Disruption from Ransomware Attacks, originally released May 11, 2021. This update provides a downloadable STIX file of indicators of compromise (IOCs) to help network defenders find and mitigate activity associated with DarkSide ransomware. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/05/19/update-cisa-fbi-jo...
∗∗∗ Misconfiguration of third party cloud services exposed data of over 100 million users ∗∗∗ --------------------------------------------- After examining 23 Android applications, Check Point Research (CPR) noticed mobile app developers potentially exposed the personal data of over 100 million users through a variety of misconfigurations of third party cloud services. Personal data included emails, chat messages, location, passwords and photos, which, in the hands of malicious actors could lead to fraud, identity-theft and service swipes. --------------------------------------------- https://blog.checkpoint.com/2021/05/20/misconfiguration-of-third-party-cloud...
∗∗∗ Microsoft warns of malware campaign spreading a RAT masquerading as ransomware ∗∗∗ --------------------------------------------- The Microsoft security team has published details on Wednesday about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack. --------------------------------------------- https://therecord.media/microsoft-warns-of-malware-campaign-spreading-a-rat-...
===================== = Vulnerabilities = =====================
∗∗∗ ZDI-21-601: Ubiquiti Networks EdgeOS Improper Certificate Validation Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ubiquiti Networks EdgeOS on EdgeRouter X, EdgeRouter Pro X SFP, EdgeRouter 10X and EdgePoint 6-port routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-21-601/
∗∗∗ Vulnerability Spotlight: Information disclosure vulnerability in macOS SMB server ∗∗∗ --------------------------------------------- Cisco Talos recently discovered an exploitable integer overflow vulnerability in Apple macOS’ SMB server that could lead to information disclosure. --------------------------------------------- https://blog.talosintelligence.com/2021/05/vuln-spotlight-smb-information-di...
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (cacti, cacti-spine, exif, firefox, kernel, mariadb, and thunderbird), Mageia (kernel, kernel-linus, and libxml2), openSUSE (exim and jhead), Oracle (slapi-nis and xorg-x11-server), Scientific Linux (slapi-nis and xorg-x11-server), Slackware (libX11), SUSE (djvulibre, fribidi, graphviz, grub2, libass, libxml2, lz4, python-httplib2, redis, rubygem-actionpack-4_2, and xen), and Ubuntu (pillow and python-babel). --------------------------------------------- https://lwn.net/Articles/856775/
∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. --------------------------------------------- https://us-cert.cisa.gov/ncas/current-activity/2021/05/20/cisco-releases-sec...
∗∗∗ Security Bulletin: A vulnerability in IBM Java affects IBM Developer for z Systems. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-jav...
∗∗∗ Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-jav...
∗∗∗ Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-h...
∗∗∗ Security Bulletin: IBM MQ is affected by a vulnerability within libcurl (CVE-2020-8284) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vu...
∗∗∗ Security Bulletin: A security vulnerability in Node.js netmask module affects IBM Cloud Pak for Multicloud Management Managed Service ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-i...
∗∗∗ Security Bulletin: A security vulnerability in Node.js netmask module affects IBM Cloud Automation Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-i...
∗∗∗ Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability in IBM® Runtime Environment Java™ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-transpa...
∗∗∗ Security Bulletin: A security vulnerability in Node.js braces and netmask module affects IBM Cloud Pak for Multicloud Management Managed Service ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-i...
∗∗∗ Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnera...
∗∗∗ Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-i...
∗∗∗ Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager (CVE-2021-29687, CVE-2021-29688) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-h...
∗∗∗ WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2021-014