[CERT-daily] Tageszusammenfassung - 27.10.2021

Daily end-of-shift report team at cert.at
Wed Oct 27 18:27:52 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 25-10-2021 18:00 − Mittwoch 27-10-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Wolfgang Menezes

=====================
=       News        =
=====================

∗∗∗ Babuk ransomware decryptor released to recover files for free ∗∗∗
---------------------------------------------
Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/


∗∗∗ Vorsicht: Neue Betrugswelle mit vermeintlichen DHL-SMS ∗∗∗
---------------------------------------------
Wieder sind betrügerische SMS zu Paketlieferungen im Umlauf. Ziel ist es, eine Schadsoftware aufs Handy zu bringen.
---------------------------------------------
https://futurezone.at/digital-life/betrug-dhl-sms-phishing-ausstehendes-paket/401785139


∗∗∗ Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads ∗∗∗
---------------------------------------------
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.
---------------------------------------------
https://threatpost.com/android-scammed-sms-fraud-tik-tok/175739/


∗∗∗ Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users ∗∗∗
---------------------------------------------
The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.
---------------------------------------------
https://threatpost.com/mozilla-firefox-blocks-malicious-add-ons-installed-by-455k-users/175745/


∗∗∗ Conti Ransom Gang Starts Selling Access to Victims ∗∗∗
---------------------------------------------
The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Contis malware who refuse to negotiate a ransom payment are added to Contis victim shaming blog, where confidential files stolen from victims may be published or sold.
---------------------------------------------
https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/


∗∗∗ „Hallo Mama“ - Vorsicht vor Betrug über WhatsApp! ∗∗∗
---------------------------------------------
Aktuell versuchen BetrügerInnen über WhatsApp an das Geld von potentiellen Opfern zu kommen. Dafür geben Sie sich in einer Nachricht als Tochter oder Sohn der EmpfängerInnen aus und fordern die Überweisung von mehreren tausend Euro.
---------------------------------------------
https://www.watchlist-internet.at/news/hallo-mama-vorsicht-vor-betrug-ueber-whatsapp/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ WordPress: Erneute Sicherheitslücke im Plugin Ninja Forms ∗∗∗
---------------------------------------------
Das beliebte Formular-Framework ist erneut von einer Sicherheitslücke betroffen. Das WordPress-Plugin ist auf mehr als einer Million Webseiten aktiv.
---------------------------------------------
https://heise.de/-6229249


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (php7.3 and php7.4), Mageia (kernel and kernel-linus), openSUSE (chromium and virtualbox), Oracle (xstream), Red Hat (kernel, rh-ruby30-ruby, and samba), and Ubuntu (binutils and mysql-5.7).
---------------------------------------------
https://lwn.net/Articles/874045/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mosquitto and php7.0), Fedora (python-django-filter and qt), Mageia (fossil, opencryptoki, and qtbase5), openSUSE (apache2, busybox, dnsmasq, ffmpeg, pcre, and wireguard-tools), Red Hat (kpatch-patch), SUSE (apache2, busybox, dnsmasq, ffmpeg, java-11-openjdk, libvirt, open-lldp, pcre, python, qemu, util-linux, and wireguard-tools), and Ubuntu (apport and libslirp).
---------------------------------------------
https://lwn.net/Articles/874143/


∗∗∗ Belden Security Bulletin – BSECV-2020-03: Potential denial of service vulnerability in PROFINET Devices via DCE-RPC Packets ∗∗∗
---------------------------------------------
A vulnerability in the PROFINET stack implementation in Classic Firmware, HiOS, and HiLCOS could lead to a denial of service via an out of memory condition.
---------------------------------------------
https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=13688&mediaformatid=50063&destinationid=10016


∗∗∗ Security Bulletin: A vulnerability exists in the restricted shell of the IBM FlashSystem 900 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-the-restricted-shell-of-the-ibm-flashsystem-900-2/


∗∗∗ Security Bulletin: Cross-Site Scripting Vulnerability Affects Dashboard UI of IBM Sterling B2B Integrator (CVE-2021-29764) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-dashboard-ui-of-ibm-sterling-b2b-integrator-cve-2021-29764-2/


∗∗∗ Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/


∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software – September 2021 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-rational-application-developer-for-websphere-software-september-2021-2/


∗∗∗ Security Bulletin: Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-engineering-lifecycle-management-and-ibm-engineering-products-2/


∗∗∗ Security Bulletin: Openstack Compute (Nova) noVNC proxy ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openstack-compute-nova-novnc-proxy/


∗∗∗ Security Bulletin: Insufficient session expiration in IBM i2 iBase ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-insufficient-session-expiration-in-ibm-i2-ibase/


∗∗∗ Grafana vulnerability CVE-2021-39226 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K22322802


∗∗∗ Paessler PRTG: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1114


∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-1121


∗∗∗ Fuji Electric Tellus Lite V-Simulator and V-Server Lite ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-299-01


∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/10/27/adobe-releases-security-updates-multiple-products


∗∗∗ Apple Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/10/27/apple-releases-security-updates-multiple-products

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list