[CERT-daily] Tageszusammenfassung - 23.09.2021
Daily end-of-shift report
team at cert.at
Thu Sep 23 18:10:20 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 22-09-2021 18:00 − Donnerstag 23-09-2021 18:00
Handler: Dimitri Robl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Hackers are scanning for VMware CVE-2021-22005 targets, patch now! ∗∗∗
---------------------------------------------
Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-are-scanning-for-vmware-cve-2021-22005-targets-patch-now/
∗∗∗ How REvil May Have Ripped Off Its Own Affiliates ∗∗∗
---------------------------------------------
A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments.
---------------------------------------------
https://threatpost.com/how-revil-may-have-ripped-off-its-own-affiliates/174887/
∗∗∗ Excel Recipe: Some VBA Code with a Touch of Excel4 Macro, (Thu, Sep 23rd) ∗∗∗
---------------------------------------------
Microsoft Excel supports two types of macros. The legacy format is known as “Excel4 macro” and the new (but already used for a while) is based on VBA. We already cover both formats in many diaries. Yesterday, I spotted an interesting sample that implements… both!
---------------------------------------------
https://isc.sans.edu/diary/rss/27864
∗∗∗ iOS 15 und macOS 12: Alte TLS-Versionen haben ausgedient ∗∗∗
---------------------------------------------
Apple will TLS 1.0 und 1.1 bald nicht mehr unterstützen. In iOS 15 & Co gelten die alten Versionen des Verschlüsselungsprotokolls bereits als abgekündigt.
---------------------------------------------
https://heise.de/-6199902
∗∗∗ BulletProofLink: Wo der ganze Phishing-Spam herkommt ∗∗∗
---------------------------------------------
Microsoft beschreibt im Detail, wie auch absolute Neulinge ohne Vorkenntnisse spielend leicht ins Geschäft mit geklauten Zugangsdaten einsteigen können.
---------------------------------------------
https://heise.de/-6199720
∗∗∗ Cyber Threats to Global Electric Sector on the Rise ∗∗∗
---------------------------------------------
The number of cyber intrusions and attacks targeting the Electric sector is increasing and in 2020 Dragos identified three new Activity Groups (AGs) targeting the Electric Sector: [...]
---------------------------------------------
https://www.dragos.com/blog/industry-news/cyber-threats-to-global-electric-sector-on-the-rise/
∗∗∗ Plugging the holes: How to prevent corporate data leaks in the cloud ∗∗∗
---------------------------------------------
Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration conundrums.
---------------------------------------------
https://www.welivesecurity.com/2021/09/22/plugging-holes-how-prevent-corporate-data-leaks-cloud/
∗∗∗ Rückblick auf das zweite Drittel 2021 ∗∗∗
---------------------------------------------
Das zweite Drittel 2021 ist vorbei und wie auch das erste gab es viel zu tun. Microsofts Exchange Server war diesmal nicht die einzige Mailserver-Software, in der kritische Lücken gefunden wurden; exim reihte sich mit gleich 21 Schwachsstellen in die Liste ein. Außerdem ging ab Juni wieder eine DDoS-Erpressungswelle um.
---------------------------------------------
https://cert.at/de/blog/2021/9/ruckblick-auf-das-zweite-drittel-2021
∗∗∗ CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware ∗∗∗
---------------------------------------------
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/09/22/cisa-fbi-and-nsa-release-joint-cybersecurity-advisory-conti
∗∗∗ CISA Releases Guidance: IPv6 Considerations for TIC 3.0 ∗∗∗
---------------------------------------------
The federal government has prioritized the transition of federal networks to Internet Protocol version 6 (IPv6) since the release of Office of Management and Budget (OMB) Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07. That memorandum specifically entrusts CISA with enhancing the Trusted Internet Connections (TIC) program to fully support the implementation of IPv6 in federal IT systems.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/cisa-releases-guidance-ipv6-considerations-tic-30
∗∗∗ Securing Microservices ∗∗∗
---------------------------------------------
Do you remember how it felt to get your first email account? Not only were you able to communicate with multiple people in a fast and efficient manner, it also gave you an online identity you could use to access a wide range of services. As time progressed, though, you became increasingly aware of email’s […]
---------------------------------------------
https://www.intezer.com/blog/cloud-security/securing-microservices/
=====================
= Vulnerabilities =
=====================
∗∗∗ Drupal Security Advisories ∗∗∗
---------------------------------------------
Drupal hat 12 Security Advisories zu "Contributed projects", d.h. Software, die nicht vom Drupal-Team selbst entwickelt wird, veröffentlicht. Vier davon werden als "Critical" eingestuft.
---------------------------------------------
https://www.drupal.org/security/contrib
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBMs PSIRT hat 26 Security Bulletins veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
Cisco hat 31 Security Advisories veröffentlicht. Drei davon werden als "Critical" eingestuft, 13 als "High".
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F09%2F22&firstPublishedEndDate=2021%2F09%2F23
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ruby-kaminari and tomcat8), Mageia (389-ds-base, ansible, apache, apr, cpio, curl, firefox, ghostscript, gifsicle, gpac, libarchive, libgd, libssh, lynx, nextcloud-client, openssl, postgresql, proftpd, python3, thunderbird, tor, and vim), openSUSE (chromium, ffmpeg, grilo, hivex, linuxptp, and samba), Oracle (go-toolset:ol8, kernel, kernel-container, krb5, mysql:8.0, and nodejs:12), SUSE (ffmpeg, firefox, grilo, hivex, kernel, linuxptp, nodejs14, and
---------------------------------------------
https://lwn.net/Articles/870190/
∗∗∗ Trane Symbio ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Code Injection vulnerability in Trane Symbio 700 and Symbio 800 controllers.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01
∗∗∗ Trane Tracer ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Code Injection vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge building automation products.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list