[CERT-daily] Tageszusammenfassung - 15.10.2021
Daily end-of-shift report
team at cert.at
Fri Oct 15 18:10:05 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 14-10-2021 18:00 − Freitag 15-10-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Accenture confirms data breach after August ransomware attack ∗∗∗
---------------------------------------------
Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the companys systems in August 2021.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/accenture-confirms-data-breach-after-august-ransomware-attack/
∗∗∗ BlackByte Ransomware – Pt. 1 In-depth Analysis ∗∗∗
---------------------------------------------
During a recent malware incident response case, we encountered an interesting piece of ransomware that goes by the name of BlackByte.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
∗∗∗ BlackByte Ransomware – Pt 2. Code Obfuscation Analysis ∗∗∗
---------------------------------------------
We received the original launcher file from an Incident Response case. It was about 630 KB of JScript code which was seemingly full of garbage code – hiding the real intent.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-2-code-obfuscation-analysis/
∗∗∗ Employee offboarding: Why companies must close a crucial gap in their security strategy ∗∗∗
---------------------------------------------
There are various ways a departing employee could put your organization at risk of a data breach. How do you offboard employees the right way and ensure your data remains safe?
---------------------------------------------
https://www.welivesecurity.com/2021/10/14/employee-offboarding-companies-close-crucial-gap-security/
∗∗∗ Ongoing Cyber Threats to U.S. Water and Wastewater Systems Sector Facilities ∗∗∗
---------------------------------------------
CISA, the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that details ongoing cyber threats to U.S. Water and Wastewater Systems (WWS) Sector.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/10/14/ongoing-cyber-threats-us-water-and-wastewater-systems-sector
∗∗∗ A malware botnet has made more than $24.7 million since 2019 ∗∗∗
---------------------------------------------
The operators of a malware botnet known as MyKings are believed to have made more than $24.7 million through what security researchers call a "clipboard hijacker."
---------------------------------------------
https://therecord.media/a-malware-botnet-has-made-more-than-24-7-million-since-2019/
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM hat 11 Security Bulletins veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (squashfs-tools, tomcat9, and wordpress), Fedora (openssh), openSUSE (kernel, mbedtls, and rpm), Oracle (httpd, kernel, and kernel-container), SUSE (firefox, kernel, and rpm), and Ubuntu (linux-azure, linux-azure-5.4).
---------------------------------------------
https://lwn.net/Articles/873056/
∗∗∗ ZDI-21-1211: (0Day) Fuji Electric Alpha5 A5V File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1211/
∗∗∗ ZDI-21-1210: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1210/
∗∗∗ ZDI-21-1209: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1209/
∗∗∗ ZDI-21-1208: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1208/
∗∗∗ Schneider Electric CNM ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-287-01
∗∗∗ Uffizio GPS Tracker ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-287-02
∗∗∗ Mitsubishi Electric MELSEC iQ-R Series ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-287-03
∗∗∗ Siemens RUGGEDCOM ROX (Update A) ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01
∗∗∗ Apache Releases Security Advisory for Tomcat ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/10/15/apache-releases-security-advisory-tomcat
∗∗∗ SYSS-2019-018/SYSS-2019-019: Unsichere Dateisystemberechtigungen und Installationsmodi in Ivanti DSM ∗∗∗
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2019-018/syss-2019-019-unsichere-dateisystemberechtigungen-und-installationsmodi-in-ivanti-dsm
∗∗∗ Change in Magniber Ransomware Vulnerability (CVE-2021-40444) ∗∗∗
---------------------------------------------
https://asec.ahnlab.com/en/27264/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list