[CERT-daily] Tageszusammenfassung - 31.03.2021
Daily end-of-shift report
team at cert.at
Wed Mar 31 18:15:16 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 30-03-2021 18:00 − Mittwoch 31-03-2021 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Financial Cyberthreats in 2020 ∗∗∗
---------------------------------------------
This research is a continuation of our annual financial threat reports providing an overview of the latest trends and key events across the financial threat landscape. The study covers the common phishing threats, along with Windows and Android-based financial malware.
---------------------------------------------
https://securelist.com/financial-cyberthreats-in-2020/101638/
∗∗∗ Ziggy Ransomware Gang Offers Refunds to Victims ∗∗∗
---------------------------------------------
Ziggy joins Fonix ransomware group and shuts down, with apologies to targets.
---------------------------------------------
https://threatpost.com/ziggy-ransomware-gang-offers-refund-to-victims/165124/
∗∗∗ 3MinMax Series Topic Review - Apple Acquisition ∗∗∗
---------------------------------------------
Apple devices are an entirely different platform than Windows, and there are many different considerations when preparing to acquire an Apple machine.
---------------------------------------------
https://www.sans.org/blog/3minmax-series-topic-review---apple-acquisition
∗∗∗ [SANS ISC] Quick Analysis of a Modular InfoStealer ∗∗∗
---------------------------------------------
This morning, an interesting phishing email landed in my spam trap. The mail was redacted in Spanish and, as usual, asked the recipient to urgently process the attached document.
---------------------------------------------
https://blog.rootshell.be/2021/03/31/sans-isc-quick-analysis-of-a-modular-infostealer/
∗∗∗ Whistleblower: Ubiquiti Breach “Catastrophic” ∗∗∗
---------------------------------------------
On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.
---------------------------------------------
https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/
∗∗∗ The Often-Overlooked Element of a Hack: Endpoints ∗∗∗
---------------------------------------------
It is Vital to Maintain Granular Visibility and Control Over Access Points to Establish Resilience
---------------------------------------------
https://www.securityweek.com/often-overlooked-element-hack-endpoints
∗∗∗ Vorsicht beim Fahrrad-Kauf: marti-bosom.de ist ein Fake-Shop! ∗∗∗
---------------------------------------------
Mit den wärmer werdenden Temperaturen beginnt die Fahrrad-Saison. Für viele ist es die Zeit, um sich ein neues Fahrrad zu kaufen. Aufgrund der anhaltenden Corona-Krise passiert das immer öfter online. Hier gilt es jedoch vorsichtig zu sein, da es auch in diesem Bereich betrügerische Fake-Shops gibt.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-beim-fahrrad-kauf-marti-bosomde-ist-ein-fake-shop/
∗∗∗ Ransomware: Why were now facing a perfect storm ∗∗∗
---------------------------------------------
Normalising the act of paying a ransom to cyber criminals does nothing to protect anyone against ransomware, warns report.
---------------------------------------------
https://www.zdnet.com/article/ransomware-why-were-now-facing-a-perfect-storm/
∗∗∗ Gaming mods, cheat engines are spreading Trojan malware and planting backdoors ∗∗∗
---------------------------------------------
Mods and cheat systems for games are being exploited to deploy information-stealing malware.
---------------------------------------------
https://www.zdnet.com/article/gaming-tools-backdoored-cheat-engines-are-now-new-weapons-in-cyberattacks/
∗∗∗ BLEKeeper: Response Time Behavior Based Man-In-The-Middle Attack Detection ∗∗∗
---------------------------------------------
Bluetooth Low Energy (BLE) has become one of the most popular wireless communication protocols and is used in billions of smart devices. Despite several security features, the hardware and software limitations of thesedevices makes them vulnerable to man-in-the-middle (MITM) attacks.
---------------------------------------------
http://arxiv.org/abs/2103.16235
=====================
= Vulnerabilities =
=====================
∗∗∗ Fake jQuery files infect WordPress sites with malware ∗∗∗
---------------------------------------------
Researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-jquery-files-infect-wordpress-sites-with-malware/
∗∗∗ Angreifer könnten Admin-Zugangsdaten von VMware vRealize kopieren ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für die Management-Software für Cloud-Umgebungen vRealize Operations.
---------------------------------------------
https://heise.de/-6002805
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl, ldb, leptonlib, and linux-4.19), Fedora (busybox), Gentoo (openssl, redis, salt, and sqlite), Mageia (firefox, fwupd, glib2.0, python-aiohttp, radare2, thunderbird, and zeromq), openSUSE (firefox), SUSE (ovmf, tomcat, and zabbix), and Ubuntu (curl, lxml, and pygments).
---------------------------------------------
https://lwn.net/Articles/851269/
∗∗∗ Google Releases Security Updates for Chrome ∗∗∗
---------------------------------------------
Google has released Chrome version 89.0.4389.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/03/31/google-releases-security-updates-chrome
∗∗∗ SECURITY BULLETIN: March 2021 Security Bulletin for Trend Micro OfficeScan XG SP1 ∗∗∗
---------------------------------------------
https://success.trendmicro.com/solution/000286157
∗∗∗ Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K98221124
∗∗∗ cURL: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0333
∗∗∗ Denial of Service in Rexroth ActiveMover using EtherNet/IP protocol ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-282922.html
∗∗∗ Denial of Service in Rexroth ActiveMover using Profinet protocol ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-637429.html
∗∗∗ SYSS-2021-006: SQL Injection-Schwachstelle in FireEye EX ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-006-sql-injection-schwachstelle-in-fireeye-ex
∗∗∗ SYSS-2021-005: SQL Injection-Schwachstelle in FireEye EX ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-005-sql-injection-schwachstelle-in-fireeye-ex
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list