Tageszusammenfassung - 15.10.2021

End-of-Day report

Timeframe: Donnerstag 14-10-2021 18:00 - Freitag 15-10-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer

News

Accenture confirms data breach after August ransomware attack

Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the companys systems in August 2021.

https://www.bleepingcomputer.com/news/security/accenture-confirms-data-breach-after-august-ransomware-attack/

BlackByte Ransomware - Pt. 1 In-depth Analysis

During a recent malware incident response case, we encountered an interesting piece of ransomware that goes by the name of BlackByte.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/

BlackByte Ransomware - Pt 2. Code Obfuscation Analysis

We received the original launcher file from an Incident Response case. It was about 630 KB of JScript code which was seemingly full of garbage code - hiding the real intent.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-2-code-obfuscation-analysis/

Employee offboarding: Why companies must close a crucial gap in their security strategy

There are various ways a departing employee could put your organization at risk of a data breach. How do you offboard employees the right way and ensure your data remains safe?

https://www.welivesecurity.com/2021/10/14/employee-offboarding-companies-close-crucial-gap-security/

Ongoing Cyber Threats to U.S. Water and Wastewater Systems Sector Facilities

CISA, the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that details ongoing cyber threats to U.S. Water and Wastewater Systems (WWS) Sector.

https://us-cert.cisa.gov/ncas/current-activity/2021/10/14/ongoing-cyber-threats-us-water-and-wastewater-systems-sector

A malware botnet has made more than $24.7 million since 2019

The operators of a malware botnet known as MyKings are believed to have made more than $24.7 million through what security researchers call a "clipboard hijacker."

https://therecord.media/a-malware-botnet-has-made-more-than-24-7-million-since-2019/

Vulnerabilities

IBM Security Bulletins

IBM hat 11 Security Bulletins veröffentlicht.

https://www.ibm.com/blogs/psirt/

Security updates for Friday

Security updates have been issued by Debian (squashfs-tools, tomcat9, and wordpress), Fedora (openssh), openSUSE (kernel, mbedtls, and rpm), Oracle (httpd, kernel, and kernel-container), SUSE (firefox, kernel, and rpm), and Ubuntu (linux-azure, linux-azure-5.4).

https://lwn.net/Articles/873056/

ZDI-21-1211: (0Day) Fuji Electric Alpha5 A5V File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-21-1211/

ZDI-21-1210: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-21-1210/

ZDI-21-1209: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-21-1209/

ZDI-21-1208: (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-21-1208/

SYSS-2019-018/SYSS-2019-019: Unsichere Dateisystemberechtigungen und Installationsmodi in Ivanti DSM

https://www.syss.de/pentest-blog/syss-2019-018/syss-2019-019-unsichere-dateisystemberechtigungen-und-installationsmodi-in-ivanti-dsm

Change in Magniber Ransomware Vulnerability (CVE-2021-40444)

https://asec.ahnlab.com/en/27264/