[CERT-daily] Tageszusammenfassung - 24.08.2021
Daily end-of-shift report
team at cert.at
Tue Aug 24 18:12:58 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Montag 23-08-2021 18:00 − Dienstag 24-08-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Triada Trojan in WhatsApp MOD ∗∗∗
---------------------------------------------
We discovered that the Trojan Triada snook into one of modified versions of the WhatsApp messenger called FMWhatsapp 16.80.0 together with the advertising software development kit (SDK).
---------------------------------------------
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
∗∗∗ Effective Threat-Hunting Queries in a Redacted World ∗∗∗
---------------------------------------------
Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers infrastructure.
---------------------------------------------
https://threatpost.com/effective-threat-hunting-queries/168864/
∗∗∗ Attackers Hunting For Twilio Credentials, (Tue, Aug 24th) ∗∗∗
---------------------------------------------
Twilio is a popular service used to send/receive SMS messages and phone calls.
---------------------------------------------
https://isc.sans.edu/diary/rss/27782
∗∗∗ Power-Apps-Portale von Microsoft: 38 Millionen Datensätze lagen offen ∗∗∗
---------------------------------------------
Sicherheitsforscher haben in Power-Apps-Portalen 38 Millionen Datensätze mit teils sensiblen Daten entdeckt – laut Microsoft aufgrund von Konfigurationsfehlern.
---------------------------------------------
https://heise.de/-6173306
∗∗∗ Vorsicht vor EU Compensation E-Mail! ∗∗∗
---------------------------------------------
Aktuell werden betrügerische E-Mails von „EU Compensation“ versendet. Eine ominöse europäische Behörde behauptet, Betrugsopfer mit einer hohen Geldsumme zu entschädigen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-eu-compensation-e-mail/
∗∗∗ Ransomware Groups to Watch: Emerging Threats ∗∗∗
---------------------------------------------
Emerging ransomware groups to watch, according to Unit 42 researchers: AvosLocker, Hive Ransomware, HelloKitty and LockBit 2.0.
---------------------------------------------
https://unit42.paloaltonetworks.com/emerging-ransomware-groups/
∗∗∗ FBI sends its first-ever alert about a ‘ransomware affiliate’ ∗∗∗
---------------------------------------------
The US Federal Bureau of Investigations has published today its first-ever public advisory detailing the modus operandi of a "ransomware affiliate."
---------------------------------------------
https://therecord.media/fbi-sends-its-first-ever-alert-about-a-ransomware-affiliate/
=====================
= Vulnerabilities =
=====================
∗∗∗ New zero-click iPhone exploit used to deploy NSO spyware ∗∗∗
---------------------------------------------
Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Groups Pegasus spyware on devices belonging to Bahraini activists.
---------------------------------------------
https://www.bleepingcomputer.com/news/apple/new-zero-click-iphone-exploit-used-to-deploy-nso-spyware/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ledgersmb, tnef, and tor), Fedora (nodejs-underscore and tor), openSUSE (aws-cli, python-boto3, python-botocore,, fetchmail, firefox, and isync), SUSE (aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 and python-PyYAML), and Ubuntu (linux-aws-5.8, linux-azure-5.8, linux-gcp-5.8, linux-oracle-5.8).
---------------------------------------------
https://lwn.net/Articles/867247/
∗∗∗ [20210801] - Core - Insufficient access control for com_media deletion endpoint ∗∗∗
---------------------------------------------
https://developer.joomla.org/security-centre/861-20210801-core-insufficient-access-control-for-com-media-deletion-endpoint.html
∗∗∗ Security Bulletin: CVE-2020-2773 (deferred from Oracle Apr 2020 CPU) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2773-deferred-from-oracle-apr-2020-cpu/
∗∗∗ Security Bulletin: Apache CXF (Publicly disclosed vulnerability) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-publicly-disclosed-vulnerability-2/
∗∗∗ Security Bulletin: XStream (Publicly disclosed vulnerability) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-xstream-publicly-disclosed-vulnerability/
∗∗∗ Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-java-sdk-that-affect-ibm-security-directory-suite-2/
∗∗∗ Security Bulletin: Update Secure Gateway Client in IBM DataPower Gateway to address several CVEs ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-update-secure-gateway-client-in-ibm-datapower-gateway-to-address-several-cves/
∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-27221) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-v12-cve-2020-27221-5/
∗∗∗ Security Bulletin: IBM Resilient Disaster Recovery (DR) system allows connections over TLS 1.0 (CVE-2021-29704) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-disaster-recovery-dr-system-allows-connections-over-tls-1-0-cve-2021-29704/
∗∗∗ Security Bulletin: CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-14781-deferred-from-oracle-oct-2020-cpu-for-java-8/
∗∗∗ OpenSSL: SM2 Decryption Buffer Overflow (CVE-2021-3711) ∗∗∗
---------------------------------------------
https://openssl.org/news/secadv/20210824.txt
∗∗∗ Overview of F5 vulnerabilities (August 2021) ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K50974556
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list