[CERT-daily] Tageszusammenfassung - 21.10.2021

Thu Oct 21 18:07:35 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 20-10-2021 18:00 − Donnerstag 21-10-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Wolfgang Menezes

=====================
=       News        =
=====================

∗∗∗ Cybercrime matures as hackers are forced to work smarter ∗∗∗
---------------------------------------------
An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cybercrime-matures-as-hackers-are-forced-to-work-smarter/


∗∗∗ Franken-phish: TodayZoo built from other phishing kits ∗∗∗
---------------------------------------------
A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing and email threats today.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/10/21/franken-phish-todayzoo-built-from-other-phishing-kits/


∗∗∗ "Stolen Images Evidence" campaign pushes Sliver-based malware, (Thu, Oct 21st) ∗∗∗
---------------------------------------------
On Wednesday 2021-10-20, Proofpoint reported the TA551 (Shathak) campaign started pushing malware based on Sliver.  Sliver is a framework used by red teams for adversary simluation and penetration testing.
---------------------------------------------
https://isc.sans.edu/diary/rss/27954


∗∗∗ Die Rückkehr der Rootkits – signiert von Microsoft ∗∗∗
---------------------------------------------
Forscher haben in den vergangenen Monaten verstärkt die vermeintlich ausgestorbenen Kernelschadprogramme wiederentdeckt. Eingeschleust werden sie heute anders.
---------------------------------------------
https://heise.de/-6224944


∗∗∗ Innovation aus Österreich: Fake-Shop Detector entlarvt Online-Betrüger ∗∗∗
---------------------------------------------
Fake-Shops im Internet werden immer zahlreicher und zugleich schwieriger zu erkennen. Unterstützung bietet ab sofort die Beta-Version des Fake-Shop Detectors: Das Tool untersucht im Internet-Browser in Echtzeit, ob es sich um seriöse oder betrügerische Onlineshops handelt und stellt somit ein Best Practice für den Nutzen und die Chancen des Einsatzes von Künstlicher Intelligenz für Konsumentinnen und Konsumenten dar. 
---------------------------------------------
https://www.watchlist-internet.at/news/innovation-aus-oesterreich-fake-shop-detector-entlarvt-online-betrueger/


∗∗∗ Using Discord infrastructure for malicious intent ∗∗∗
---------------------------------------------
Research by: Idan Shechter & Omer Ventura Check Point Research (CPR) spotted a multi-functional malware with the capability to take screenshots, download and execute additional files, and perform keylogging – all by using the core features of Discord There are currently over 150 million monthly active users on Discord Users must be aware that Discord’s bot…
---------------------------------------------
https://blog.checkpoint.com/2021/10/21/using-discord-infrastructure-for-malicious-intent/


∗∗∗ Google unmasks two-year-old phishing & malware campaign targeting YouTube users ∗∗∗
---------------------------------------------
Almost two years after a wave of complaints flooded Googles support forums about YouTube accounts getting hijacked even if users had two-factor authentication enabled, Googles security team has finally tracked down the root cause of these attacks.
---------------------------------------------
https://therecord.media/google-unmasks-two-year-old-phishing-malware-campaign-targeting-youtube-users/


∗∗∗ Kernel Karnage – Part 1 ∗∗∗
---------------------------------------------
I start the first week of my internship in true spooktober fashion as I dive into a daunting subject that’s been scaring me for some time now: The Windows Kernel. 1. KdPrint(“Hello, world!\n”); 
---------------------------------------------
https://blog.nviso.eu/2021/10/21/kernel-karnage-part-1/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM veröffentlichte 19 Security Bulletins.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
Cisco hat acht Security Advisories veröffentlicht. Keines davon wird als "Critical" eingestuft, eines als "High".
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F10%2F20&firstPublishedEndDate=2021%2F10%2F21


∗∗∗ Anonymous User is Able to Access Query Component JQL Endpoint - CVE-2021-39127 ∗∗∗
---------------------------------------------
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability.
---------------------------------------------
https://jira.atlassian.com/browse/JRASERVER-72003


∗∗∗ WinRAR’s vulnerable trialware: when free software isn’t free ∗∗∗
---------------------------------------------
In this article we discuss a vulnerability in the trial version of WinRAR which has significant consequences for the management of third-party software. This vulnerability allows an attacker to intercept and modify requests sent to the user of the application.
---------------------------------------------
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python-babel, squashfs-tools, and uwsgi), Fedora (gfbgraph and rust-coreos-installer), Mageia (aom, libslirp, redis, and vim), openSUSE (fetchmail, go1.16, go1.17, mbedtls, ncurses, python, squid, and ssh-audit), Red Hat (java-1.8.0-openjdk and java-11-openjdk), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (fetchmail, git, go1.16, go1.17, ncurses, postgresql10, python, python36, and squid), and Ubuntu (linux, linux-aws,
---------------------------------------------
https://lwn.net/Articles/873601/


∗∗∗ B. Braun Infusomat Space Large Volume Pump ∗∗∗
---------------------------------------------
This advisory contains mitigation for Unrestricted Upload of File with Dangerous Type, Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, and Improper Input Validation vulnerabilities in the B. Braun Infusomat Space Large Volume Pump.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-21-294-01


∗∗∗ ICONICS GENESIS64 and Mitsubishi Electric MC Works64 ∗∗∗
---------------------------------------------
This advisory contains mitigations for Out-of-bounds Read, and Out-of-bounds Write vulnerabilities in ICONICS GENESIS64 and Mitsubishi Electric MC Works64 HMI SCADA systems.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01


∗∗∗ Delta Electronics DIALink ∗∗∗
---------------------------------------------
This advisory contains mitigations for Cleartext Transmission of Sensitive Information, Cross-site Scripting, Improper Neutralization of Formula Elements in a CSV File, Cleartext Storage of Sensitive Information, Uncontrolled Search Path Element, and Incorrect Default Permissions vulnerabilities in the Delta Electronics DIALink industrial automation server.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02


∗∗∗ ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA ∗∗∗
---------------------------------------------
This advisory contains mitigations for an Uncontrolled Recursion vulnerability in ICONICS GENESIS64, Mitsubishi Electric MC Works64 third-party OPC Foundation products.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-294-03


∗∗∗ RCE in GridPro Request Management for Windows Azure Pack (CVE-2021-40371) ∗∗∗
---------------------------------------------
We recently discovered a vulnerability in GridPro Request Management versions <=2.0.7905 for Windows Azure Pack by GridPro Software. The vulnerability was assigned CVE-2021-40371 by GridPro and in the worst case scenario allows attackers to remotely execute code on the server.
---------------------------------------------
https://certitude.consulting/blog/en/rce-in-gridpro-request-management-for-windows-azure-pack-cve-2021-40371/


∗∗∗ Security Advisory - Path Traversal Vulnerability in Huawei FusionCube Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211020-01-pathtraversal-en


∗∗∗ Security Advisory - CSV Injection Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211020-01-csv-en


∗∗∗ Security Advisory - Improper Signature Management Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211020-01-signature-en

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily