[CERT-daily] Tageszusammenfassung - 06.05.2021
Daily end-of-shift report
team at cert.at
Thu May 6 18:38:11 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 05-05-2021 18:00 − Donnerstag 06-05-2021 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ RotaJakiro, the Linux version of the OceanLotus ∗∗∗
---------------------------------------------
On Apr 28, we published our RotaJakiro backdoor blog, at that time, we didn’t have the answer for a very important question, what is this backdoor exactly for? We asked the community for clues and two days ago we got a hint, PE(Thanks!) wrote the following comment on
---------------------------------------------
https://blog.netlab.360.com/rotajakiro_linux_version_of_oceanlotus/
∗∗∗ Alternative Ways To Perform Basic Tasks, (Thu, May 6th) ∗∗∗
---------------------------------------------
I like to spot techniques used by malware developers to perform basic tasks. We know the lolbins[1] that are pre-installed tools used to perform malicious activities. Many lolbins are used, for example, to download some content from the Internet. Some tools are so powerful that they can also be used to perform unexpected tasks.
---------------------------------------------
https://isc.sans.edu/diary/rss/27392
∗∗∗ Strong, Secure Passwords Are Key to Helping Reduce Risk to Your Organization ∗∗∗
---------------------------------------------
Blog post on how to create strong, secure passwords to reduce risk to your organization.
---------------------------------------------
https://www.sans.org/blog/strong-secure-passwords-are-key-to-helping-reduce-risk-to-your-organization
∗∗∗ BSI veröffentlicht Whitepaper zum aktuellen Stand der Prüfbarkeit von KI-Systemen ∗∗∗
---------------------------------------------
Basierend auf einem vom BSI, vom Verband der TÜVs und vom Fraunhofer HHI ausgetragenen internationalen Expertenworkshop wurde ein Whitepaper zum aktuellen Stand, offenen Fragen und zukünftig wichtigen Aktivitäten bezüglich der Prüfbarkeit von KI-Systemen verfasst.
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Whitepaper_Pruefbarkeit_KI-Systeme_060521.html
∗∗∗ TrickBot: Get to Know the Malware That Refuses to Be Killed ∗∗∗
---------------------------------------------
Versatile, easy to use, and widely available, TrickBot has become a favorite tool of threat actors of all skill levels and a formidable threat that security teams in all organizations should be familiar with. Over the last five years, TrickBot has earned a reputation as a remarkably adaptive modular malware, with its operators regularly updating its software to be more effective and potent against a wide range of targets worldwide.
---------------------------------------------
https://www.riskiq.com/blog/external-threat-management/trickbot/
∗∗∗ Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software ∗∗∗
---------------------------------------------
The incident started with a student who didnt want to pay for a license and ended with the loss of research.
---------------------------------------------
https://www.zdnet.com/article/ryuk-ransomware-finds-foothold-in-bio-research-institute-through-a-student-who-wouldnt-pay-for-software/
∗∗∗ CISA Releases Analysis Reports on New FiveHands Ransomware ∗∗∗
---------------------------------------------
CISA is aware of a recent, successful cyberattack against an organization using a new ransomware variant, known as FiveHands, that has been used to successfully conduct a cyberattack against an organization. CISA has released AR21-126A: FiveHands Ransomware and MAR-10324784-1.v1: FiveHands Ransomware to provide analysis of the threat actor’s tactics, techniques, and procedures as well as indicators of compromise (IOCs).
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/05/06/cisa-releases-analysis-reports-new-fivehands-ransomware
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco SD-WAN: Angreifer könnten Admin-Accounts erstellen ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für mehrere Produkte von Cisco.
---------------------------------------------
https://heise.de/-6038258
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python-django), Fedora (java-latest-openjdk, libopenmpt, python-yara, skopeo, thunderbird, and yara), openSUSE (ceph and openexr), Red Hat (postgresql), SUSE (libxml2), and Ubuntu (exim4 and gnome-autoar).
---------------------------------------------
https://lwn.net/Articles/855613/
∗∗∗ Android users’ privacy at risk as Check Point Research identifies vulnerability on Qualcomm’s mobile station modems ∗∗∗
---------------------------------------------
Check Point Research (CPR) found a security vulnerability in Qualcomm’s mobile station modem (MSM), the chip responsible for cellular communication in nearly 40% of the world’s phones. If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them [...]
---------------------------------------------
https://blog.checkpoint.com/2021/05/06/android-users-privacy-at-risk-as-check-point-research-identifies-vulnerability-on-qualcomms-mobile-station-modems/
∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in FusionCompute Product ∗∗∗
---------------------------------------------
https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210506-01-inputvalidate-en
∗∗∗ Ruby on Rails: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0480
∗∗∗ Foxit Reader & PhantomPDF: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0481
∗∗∗ VMware vRealize Operations: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0489
∗∗∗ ZDI-21-523: (0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-523/
∗∗∗ ZDI-21-522: (0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-522/
∗∗∗ ZDI-21-521: (0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-521/
∗∗∗ ZDI-21-520: (0Day) Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-520/
∗∗∗ Security Bulletin: Vulnerability in Fabric OS used by IBM b-type SAN directors and switches. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-fabric-os-used-by-ibm-b-type-san-directors-and-switches-3/
∗∗∗ Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-8287) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2020-8287/
∗∗∗ Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-8265) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2020-8265/
∗∗∗ Security Bulletin: A vulnerabilities in IBM Java affects IBM Rational Asset Analyzer. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerabilities-in-ibm-java-affects-ibm-rational-asset-analyzer/
∗∗∗ Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-28500) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2020-28500/
∗∗∗ Security Bulletin: Vulnerabilities in IBM Java affecting IBM Rational Asset Analyzer. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-affecting-ibm-rational-asset-analyzer-2/
∗∗∗ Security Bulletin: Vulnerabilitiìy identified in IBM DB2 that is shipped as component and pattern type or pType with Cloud Pak System and Cloud Pak System Software Suite. Cloud Pak System addressed response with new DB2 pType ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilitiy-identified-in-ibm-db2-that-is-shipped-as-component-and-pattern-type-or-ptype-with-cloud-pak-system-and-cloud-pak-system-software-suite-cloud-pak-system-address/
∗∗∗ Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-4/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list