End-of-Day report
Timeframe: Dienstag 05-10-2021 18:00 - Mittwoch 06-10-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
Collaborative Research on the CONTI Ransomware Group
Ransomware remains one of the pre-eminent cyber threats, with the evolution in tactics, techniques and procedures (TTPs) amongst threat actor groups over recent years upping the stakes for both victims and defenders.
https://team-cymru.com/blog/2021/10/05/collaborative-research-on-the-conti-ransomware-group/
Syniverse: Möglicherweise SMS von Milliarden Menschen gehackt
Hacker sind über Jahre in ein Unternehmen eingedrungen, das Anrufe und SMS zwischen Mobilfunkunternehmen austauscht.
https://www.golem.de/news/syniverse-moeglicherweise-sms-von-milliarden-menschen-gehackt-2110-160105-rss.html
Threat hunting in large datasets by clustering security events
Security tools can produce very large amounts of data that even the most sophisticated organizations may struggle to manage. Big data processing tools, such as spark, can be a powerful tool in the arsenal of security teams.
https://blog.talosintelligence.com/2021/10/threat-hunting-in-large-datasets-by.html
Landespolizeidirektion Steiermark: Warnung vor Betrugsversuchen mittels LPD-SMS
Am Montag, 4. Oktober 2021, versendeten unbekannte Täter in betrügerischer Absicht SMS Nachrichten. Als Absender scheint "Landespolizeidirektion (LPD) auf". Die Polizei warnt eindringlich vor diesen Betrugsversuchen.
https://www.watchlist-internet.at/news/landespolizeidirektion-steiermark-warnung-vor-betrugsversuchen-mittels-lpd-sms/
Unsere Tipps, um unseriöse Notfalldienste zu entlarven!
Bei Notfällen wie einem Rohrbruch, Stromausfall oder einem Gasgebrechen ist schnelle Hilfe notwendig. Häufig bleibt da für eine genaue Überprüfung der Handwerksdienste keine Zeit.
https://www.watchlist-internet.at/news/unsere-tipps-um-unserioese-notfalldienste-zu-entlarven/
Cybersecurity in Power Grids: Challenges and Opportunities. (arXiv:2105.00013v2 [cs.CR] UPDATED)
Increasing volatilities within power transmission and distribution forcepower grid operators to amplify their use of communication infrastructure tomonitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors.
http://arxiv.org/abs/2105.00013
Vulnerabilities
Actively exploited Apache 0-day also allows remote code execution
Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution (RCE) abilities.
https://www.bleepingcomputer.com/news/security/actively-exploited-apache-0-day-also-allows-remote-code-execution/
IBM Security Bulletins
IBM veröffentlicht 31 Security Bulletins.
https://www.ibm.com/blogs/psirt/
Security updates for Wednesday
Security updates have been issued by Fedora (cryptopp), Mageia (apache), Slackware (httpd), and Ubuntu (squid, squid3).
https://lwn.net/Articles/872029/
FortiWebManager - Injection vulnerabilities
https://www.fortiguard.com/psirt/FG-IR-20-027
FortiAnalyzer & FortiManager - Forticloud credentials observed in cleartext in the logfile
https://www.fortiguard.com/psirt/FG-IR-21-112
FortiSDNConnector - Credential leak
https://www.fortiguard.com/psirt/FG-IR-20-183
FortiClientEMS - Session cookie does not expire after logout
https://www.fortiguard.com/psirt/FG-IR-20-072
XSA-386
https://xenbits.xen.org/xsa/advisory-386.html
Samba: Mehrere Schwachstellen ermöglichen Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K21-1034
Mitsubishi Electric GOT and Tension Controller
https://us-cert.cisa.gov/ics/advisories/icsa-21-278-01
Emerson WirelessHART Gateway
https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02
Moxa MXview Network Management Software
https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03
Medtronic MiniMed MMT-500/MMT-503 Remote Controllers (Update A)
https://us-cert.cisa.gov/ics/advisories/ICSMA-18-219-02
CISA Releases Security Advisory for Honeywell Experion and ACE Controllers
https://us-cert.cisa.gov/ncas/current-activity/2021/10/05/cisa-releases-security-advisory-honeywell-experion-and-ace