[CERT-daily] Tageszusammenfassung - 15.06.2021
Daily end-of-shift report
team at cert.at
Tue Jun 15 18:19:39 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Montag 14-06-2021 18:00 − Dienstag 15-06-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Paradise Ransomware source code released on a hacking forum ∗∗∗
---------------------------------------------
The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/paradise-ransomware-source-code-released-on-a-hacking-forum/
∗∗∗ Andariel evolves to target South Korea with ransomware ∗∗∗
---------------------------------------------
In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload.
---------------------------------------------
https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/
∗∗∗ Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more, (Tue, Jun 15th) ∗∗∗
---------------------------------------------
Vulnerable perimeter devices remain a popular target, and we do see consistent exploit attempts against them.
---------------------------------------------
https://isc.sans.edu/diary/rss/27528
∗∗∗ Experts Shed Light On Distinctive Tactics Used by Hades Ransomware ∗∗∗
---------------------------------------------
Cybersecurity researchers on Tuesday disclosed "distinctive" tactics, techniques, and procedures (TTPs) adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER.
---------------------------------------------
https://thehackernews.com/2021/06/experts-shed-light-on-distinctive.html
∗∗∗ What’s past is prologue – A new world of critical infrastructure security ∗∗∗
---------------------------------------------
Attackers have targeted American critical infrastructure several times over the past few years, putting at risk U.S. electrical grids, oil pipelines and water supply systems.
---------------------------------------------
https://blog.talosintelligence.com/2021/06/new-world-after-pipeline-ransomware-ONG.html
∗∗∗ Tracking Amazon delivery staff ∗∗∗
---------------------------------------------
The Amazon delivery tracking API allows ultra-precise tracking of drivers. Amazon claim that customers can only track the driver for the 10 stops prior to theirs.
---------------------------------------------
https://www.pentestpartners.com/security-blog/tracking-amazon-delivery-staff/
∗∗∗ Beantragen Sie Kredite nicht auf ulacglobalfinanzen.com ∗∗∗
---------------------------------------------
Sie sind auf der Suche nach einem Kredit und recherchieren im Internet günstige Konditionen? Möglicherweise kommt Ihnen dann ulacglobalfinanzen.com unter – eine unseriöse Kreditgesellschaft mit großartigen Konditionen und unkomplizierter Abwicklung. Wer dort um einen Kredit ansucht, verliert jedoch Geld und übermittelt Kriminellen persönliche Daten!
---------------------------------------------
https://www.watchlist-internet.at/news/beantragen-sie-kredite-nicht-auf-ulacglobalfinanzencom/
∗∗∗ Vishing: What is it and how do I avoid getting scammed? ∗∗∗
---------------------------------------------
How do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself, your family and your business?
---------------------------------------------
https://www.welivesecurity.com/2021/06/14/vishing-what-is-it-how-avoid-getting-scammed/
∗∗∗ Ransomware attacks continue to Surge, hitting a 93% increase year over year ∗∗∗
---------------------------------------------
Number of organizations impacted by ransomware has risen to 1210 in June 2021. Check Point Research sees a 41% increase in attacks since the beginning of 2021 and a 93% increase year over year.
---------------------------------------------
https://blog.checkpoint.com/2021/06/14/ransomware-attacks-continue-to-surge-hitting-a-93-increase-year-over-year/
=====================
= Vulnerabilities =
=====================
∗∗∗ SonicWall schließt Denial-of-Service-Lücke in Firewall-Betriebssystem SonicOS ∗∗∗
---------------------------------------------
Das webbasierte Management-Interface einiger SonicOS-Versionen hätte mittels spezieller POST-Requests lahmgelegt werden können. Updates ändern das.
---------------------------------------------
https://heise.de/-6071069
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (389-ds-base, dhcp, firefox, glib2, hivex, kernel, postgresql, qemu-kvm, qt5-qtimageformats, samba, and xorg-x11-server), Fedora (kernel and kernel-tools), Oracle (kernel and postgresql), Red Hat (dhcp and gupnp), Scientific Linux (gupnp and postgresql), SUSE (postgresql10 and xterm), and Ubuntu (imagemagick).
---------------------------------------------
https://lwn.net/Articles/859842/
∗∗∗ iOS 12.5.4 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT212548
∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential Cross Site Scripting (XSS) CVE-2020-5000 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-corporate-payment-services-is-affected-by-a-potential-cross-site-scripting-xss-cve-2020-5000/
∗∗∗ Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841-2/
∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2020-27221, CVE-2020-14782) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments-3/
∗∗∗ Security Bulletin: IBM Event Streams is potentially affected by multiple node vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-potentially-affected-by-multiple-node-vulnerabilities/
∗∗∗ Security Bulletin: Genivia gSOAP vulnerabilities affect IBM Spectrum Protect for Virtual Environments:Data Protection for VMware and Spectrum Protect Client (CVE-2020-13575, CVE-2020-13578, CVE-2020-13574, CVE-2020-13577, CVE-2020-13576, ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-genivia-gsoap-vulnerabilities-affect-ibm-spectrum-protect-for-virtual-environmentsdata-protection-for-vmware-and-spectrum-protect-client-cve-2020-13575-cve-2020-13578-cve-2020-1/
∗∗∗ Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/
∗∗∗ Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-10531) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-10531/
∗∗∗ Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-13947) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-activemq-affects-ibm-operations-analytics-predictive-insights-cve-2020-13947-2/
∗∗∗ Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2021-27290) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-27290/
∗∗∗ Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list