[CERT-daily] Tageszusammenfassung - 04.06.2021

Fri Jun 4 18:09:15 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 02-06-2021 18:00 − Freitag 04-06-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Vorsicht: Phishing-Mail von World4You im Umlauf! ∗∗∗
---------------------------------------------
Kriminelle versenden derzeit eine gefälschte World4You-Phishingmail an Webseiten-BetreiberInnnen. Darin heißt es, dass die registrierte Domain der EmpfängerInnen abläuft und daher verlängert werden muss. Gehen Sie nicht auf die Zahlungsforderung ein. Denn das Geld und Ihre Kreditkartendaten landen direkt in den Händen von Kriminellen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-phishing-mail-von-world4you-im-umlauf/


∗∗∗ Schlupflöcher für Schadcode in Videokonferenz-Software Cisco Webex geschlossen ∗∗∗
---------------------------------------------
Cisco hat Sicherheitsupdates für mehrere Produkte wie Router und Webex veröffentlicht.
---------------------------------------------
https://heise.de/-6062229


∗∗∗ Email spoofing: how attackers impersonate legitimate senders ∗∗∗
---------------------------------------------
This article analyzes different ways of the spoofing email addresses through changing the From header, which provides information about the senders name and address.
---------------------------------------------
https://securelist.com/email-spoofing-types/102703/


∗∗∗ Exchange Servers Targeted by ‘Epsilon Red’ Malware ∗∗∗
---------------------------------------------
REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests.
---------------------------------------------
https://threatpost.com/exchange-servers-epsilon-red-ransomware/166640/


∗∗∗ How to hack into 5500 accounts… just using “credential stuffing” ∗∗∗
---------------------------------------------
Passwords - dont just pay them lip service.
---------------------------------------------
https://nakedsecurity.sophos.com/2021/06/04/how-to-hack-into-5500-accounts-just-using-credential-stuffing/


∗∗∗ Russian Dolls VBS Obfuscation, (Fri, Jun 4th) ∗∗∗
---------------------------------------------
We received an interesting sample from one of our readers (thanks Henry!) and we like this. If you find something interesting, we are always looking for fresh meat! Henry's sample was delivered in a password-protected ZIP archive and the file was a VBS script called "presentation_37142.vbs" 
---------------------------------------------
https://isc.sans.edu/diary/rss/27494


∗∗∗ Build, Hack, and Defend Azure Identity ∗∗∗
---------------------------------------------
An Introduction to PurpleCloud Hybrid + Identity Cyber Range
---------------------------------------------
https://www.sans.org/blog/build-hack-defend-azure-identity?msc=rss


∗∗∗ Necro Python bot adds new exploits and Tezos mining to its bag of tricks ∗∗∗
---------------------------------------------
Some malware families stay static in terms of their functionality. But a newly discovered malware campaign utilizing the Necro Python bot shows this actor is adding new functionality and improving its chances of [...]
---------------------------------------------
https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html


∗∗∗ Organizations Warned: STUN Servers Increasingly Abused for DDoS Attacks ∗∗∗
---------------------------------------------
Application and network performance management company NETSCOUT warned organizations this week that STUN servers have been increasingly abused for distributed denial-of-service (DDoS) attacks, and there are tens of thousands of servers that could be abused for such attacks by malicious actors.
---------------------------------------------
https://www.securityweek.com/organizations-warned-stun-servers-increasingly-abused-ddos-attacks


∗∗∗ ESET Threat Report T1 2021 ∗∗∗
---------------------------------------------
A view of the T1 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts The post ESET Threat Report T1 2021 appeared first on WeLiveSecurity
---------------------------------------------
https://www.welivesecurity.com/2021/06/03/eset-threat-report-t12021/


∗∗∗ WebLogic RCE Leads to XMRig ∗∗∗
---------------------------------------------
This report will review an intrusion where, the threat actor took advantage of a WebLogic remote code execution vulnerability (CVE-2020–14882) to gain initial access to the system before installing [...]
---------------------------------------------
https://thedfirreport.com/2021/06/03/weblogic-rce-leads-to-xmrig/


∗∗∗ CISA Releases Best Practices for Mapping to MITRE ATT&CK® ∗∗∗
---------------------------------------------
As part of an effort to encourage a common language in threat actor analysis, CISA has released Best Practices for MITRE ATT&CK® Mapping. The guide shows analysts—through instructions and examples—how to map adversary behavior to the MITRE ATT&CK framework. CISA created this guide in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI), a DHS-owned R&D center operated by MITRE, which [...]
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/06/02/cisa-releases-best-practices-mapping-mitre-attckr


∗∗∗ FontPack: A dangerous update ∗∗∗
---------------------------------------------
Attribution secrets: Who is behind stealing credentials and bank card data by asking to install fake Flash Player, browser or font updates?
---------------------------------------------
https://blog.group-ib.com/fontpack


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
Cisco hat Advisories zu 13 Schwachstellen veröffentlicht. Keine davon wird als "Critical" eingestuft, fünf als "High".
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F06%2F02&firstPublishedEndDate=2021%2F06%2F04


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, curl, dhclient, dhcp, firefox, keycloak, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, opera, packagekit, pam-u2f, postgresql, rabbitmq, redis, ruby-bundler, and zint), Debian (caribou, firefox-esr, imagemagick, and isc-dhcp), Fedora (mapserver, mingw-python-pillow, and python-pillow), openSUSE (chromium), Red Hat (firefox, glib2, pki-core:10.6, polkit, rh-ruby26-ruby, and rh-ruby27-ruby), SUSE [...]
---------------------------------------------
https://lwn.net/Articles/858144/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (lasso), Fedora (mingw-djvulibre, mingw-exiv2, python-lxml, and singularity), openSUSE (ceph, dhcp, inn, nginx, opera, polkit, upx, and xstream), Oracle (firefox, perl, and polkit), Scientific Linux (firefox), SUSE (avahi, csync2, djvulibre, libwebp, polkit, python-py, slurm, slurm_18_08, thunderbird, and umoci), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, [...]
---------------------------------------------
https://lwn.net/Articles/858331/


∗∗∗ Advantech iView ∗∗∗
---------------------------------------------
This advisory contains mitigations for Missing Authentication for Critical Function, and SQL Injection vulnerabilities in Advantech iView IoT device management application.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security Advisory - Command Injection Vulnerability in Huawei Products ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210602-01-cmdinj-en


∗∗∗ Security Advisory - Race Condition Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210602-01-cgp-en


∗∗∗ Drupal: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0610

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily