[CERT-daily] Tageszusammenfassung - 06.10.2021

Daily end-of-shift report team at cert.at
Wed Oct 6 18:06:25 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 05-10-2021 18:00 − Mittwoch 06-10-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Collaborative Research on the CONTI Ransomware Group ∗∗∗
---------------------------------------------
Ransomware remains one of the pre-eminent cyber threats, with the evolution in tactics, techniques and procedures (TTPs) amongst threat actor groups over recent years upping the stakes for both victims and defenders.
---------------------------------------------
https://team-cymru.com/blog/2021/10/05/collaborative-research-on-the-conti-ransomware-group/


∗∗∗ Syniverse: Möglicherweise SMS von Milliarden Menschen gehackt ∗∗∗
---------------------------------------------
Hacker sind über Jahre in ein Unternehmen eingedrungen, das Anrufe und SMS zwischen Mobilfunkunternehmen austauscht.
---------------------------------------------
https://www.golem.de/news/syniverse-moeglicherweise-sms-von-milliarden-menschen-gehackt-2110-160105-rss.html


∗∗∗ Threat hunting in large datasets by clustering security events ∗∗∗
---------------------------------------------
Security tools can produce very large amounts of data that even the most sophisticated organizations may struggle to manage. Big data processing tools, such as spark, can be a powerful tool in the arsenal of security teams.
---------------------------------------------
https://blog.talosintelligence.com/2021/10/threat-hunting-in-large-datasets-by.html


∗∗∗ Landespolizeidirektion Steiermark: Warnung vor Betrugsversuchen mittels LPD-SMS ∗∗∗
---------------------------------------------
Am Montag, 4. Oktober 2021, versendeten unbekannte Täter in betrügerischer Absicht SMS Nachrichten. Als Absender scheint "Landespolizeidirektion (LPD) auf". Die Polizei warnt eindringlich vor diesen Betrugsversuchen.
---------------------------------------------
https://www.watchlist-internet.at/news/landespolizeidirektion-steiermark-warnung-vor-betrugsversuchen-mittels-lpd-sms/


∗∗∗ Unsere Tipps, um unseriöse Notfalldienste zu entlarven! ∗∗∗
---------------------------------------------
Bei Notfällen wie einem Rohrbruch, Stromausfall oder einem Gasgebrechen ist schnelle Hilfe notwendig. Häufig bleibt da für eine genaue Überprüfung der Handwerksdienste keine Zeit.
---------------------------------------------
https://www.watchlist-internet.at/news/unsere-tipps-um-unserioese-notfalldienste-zu-entlarven/


∗∗∗ Cybersecurity in Power Grids: Challenges and Opportunities. (arXiv:2105.00013v2 [cs.CR] UPDATED) ∗∗∗
---------------------------------------------
Increasing volatilities within power transmission and distribution forcepower grid operators to amplify their use of communication infrastructure tomonitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors.
---------------------------------------------
http://arxiv.org/abs/2105.00013



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Actively exploited Apache 0-day also allows remote code execution ∗∗∗
---------------------------------------------
Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution (RCE) abilities.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/actively-exploited-apache-0-day-also-allows-remote-code-execution/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM veröffentlicht 31 Security Bulletins.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (cryptopp), Mageia (apache), Slackware (httpd), and Ubuntu (squid, squid3).
---------------------------------------------
https://lwn.net/Articles/872029/


∗∗∗ FortiWebManager - Injection vulnerabilities ∗∗∗
---------------------------------------------
https://www.fortiguard.com/psirt/FG-IR-20-027


∗∗∗ FortiAnalyzer & FortiManager - Forticloud credentials observed in cleartext in the logfile ∗∗∗
---------------------------------------------
https://www.fortiguard.com/psirt/FG-IR-21-112


∗∗∗ FortiSDNConnector - Credential leak ∗∗∗
---------------------------------------------
https://www.fortiguard.com/psirt/FG-IR-20-183


∗∗∗ FortiClientEMS - Session cookie does not expire after logout ∗∗∗
---------------------------------------------
https://www.fortiguard.com/psirt/FG-IR-20-072


∗∗∗ XSA-386 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-386.html


∗∗∗ Samba: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-1034


∗∗∗ Mitsubishi Electric GOT and Tension Controller ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-278-01


∗∗∗ Emerson WirelessHART Gateway ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02


∗∗∗ Moxa MXview Network Management Software ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03


∗∗∗ Medtronic MiniMed MMT-500/MMT-503 Remote Controllers (Update A) ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/ICSMA-18-219-02


∗∗∗ CISA Releases Security Advisory for Honeywell Experion and ACE Controllers ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/10/05/cisa-releases-security-advisory-honeywell-experion-and-ace

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list