End-of-Day report
Timeframe: Montag 18-10-2021 18:00 - Dienstag 19-10-2021 18:00
Handler: Wolfgang Menezes
Co-Handler: Stephan Richter
News
Umfrage: Komplexe IT und Firmenstrukturen gefährden die Cybersicherheit
Manager in Deutschland erachten unübersichtliche Technologien, Datenbestände, Betriebsumgebungen und Lieferketten als große Einfallstore für Cyberangreifer.
https://heise.de/-6222835
Sicherheitsforscher: Microsoft-Cloud verteilt zu leichtfertig Malware
IT-Spezialisten und Insider werfen Microsoft vor, auf ihren Cloud-Diensten gehostete Malware viel zu langsam zu entfernen.
https://heise.de/-6222542
SMS über eine ausständige Geldstrafe ist Fake
Viele ÖsterreicherInnen erhalten momentan ein SMS, das über ein angeblich ausstehendes Bußgeld informiert. In der Nachricht werden Sie aufgefordert, die Zahlung sofort vorzunehmen, ansonsten drohen rechtliche Schritte. Um die Zahlung zu tätigen, sollte ein Link angeklickt werden. Vorsicht: Diese Benachrichtigung ist nicht echt! Sie werden auf eine gefälschte oesterreich.gv.at-Seite geführt. Kriminelle versuchen dort an Ihre Bankdaten zu kommen.
https://www.watchlist-internet.at/news/sms-ueber-eine-ausstaendige-geldstrafe-ist-fake/
Free BlackByte decryptor released, after researchers say they found flaw in ransomware code
Security experts have released a free decryption tool that can be used by BlackByte ransomware victims to decrypt and recover their files. Thats right - you dont need to pay the ransom. Predictably, the ransomware gang isnt happy.
https://grahamcluley.com/free-blackbyte-decryptor-released-after-researchers-say-they-found-flaw-in-ransomware-code/
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on BlackMatter Ransomware
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released joint Cybersecurity Advisory (CSA): BlackMatter Ransomware. Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and Agriculture Sector organization. Using an analyzed sample of BlackMatter ransomware and information from trusted third parties, this CSA [...]
https://us-cert.cisa.gov/ncas/current-activity/2021/10/18/cisa-fbi-and-nsa-release-joint-cybersecurity-advisory-blackmatter
LightBasin hacking group breaches 13 global telecoms in two years
A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years.
https://www.bleepingcomputer.com/news/security/lightbasin-hacking-group-breaches-13-global-telecoms-in-two-years/
Trickbot module descriptions
In this article we describe the functionality of the Trickbot (aka TrickLoader or Trickster) banking malware modules and provide a tip on how to download and analyze these modules.
https://securelist.com/trickbot-module-descriptions/104603/
A New Variant of FlawedGrace Spreading Through Mass Email Campaigns
Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint tied the malware campaign with high confidence to TA505, [...]
https://thehackernews.com/2021/10/a-new-variant-of-flawedgrace-spreading.html
-Killware-: Is it just as bad as it sounds?
"Killware," as USA TODAY put it, is the latest cyberthreat thats even eclipsing ransomware. But is it all its hyped up to be?
https://blog.malwarebytes.com/cybercrime/2021/10/killware-is-it-just-as-bad-as-it-sounds/
Vulnerabilities
Microsoft fixes Surface Pro 3 TPM bypass with public exploit code
Microsoft has patched a security feature bypass vulnerability impacting Surface Pro 3 tablets that enables threat actors to introduce malicious devices within enterprise environments.
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-surface-pro-3-tpm-bypass-with-public-exploit-code/
Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services
Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine. Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used [...]
https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html
Security Bulletin for Trend Micro Apex One and Apex One as a Service
Trend Micro hat Security Advisories zu acht Schwachstellen veröffentlicht. Die Lücken sind zwischen "Low" und "High" eingestuft.
https://success.trendmicro.com/solution/000289229
Security Bulletin for Trend Micro Worry-Free Business Security and Worry-Free Business Security Services
Trend Micro has released new patches for Trend Micro Worry-Free Business Security 10.0 SP1 and Worry-Free Services (SaaS) that resolve several vulnerabilities listed below.
https://success.trendmicro.com/solution/000289230
RHSA-2021:3759 - Security Advisory
Red Hat OpenShift Container Platform release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
https://access.redhat.com/errata/RHSA-2021:3759
Vulnerability Spotlight: Multiple vulnerabilities in ZTE MF971R LTE router
Cisco Talos recently discovered multiple vulnerabilities in the ZTE MF971R LTE portable router. The MF971R is a portable router with Wi-Fi support and works as an LTE/GSM modem. An attacker could [...]
https://blog.talosintelligence.com/2021/10/vuln-spotlight-.html
Security updates for Tuesday
Security updates have been issued by Debian (redmine and strongswan), Fedora (containerd, fail2ban, grafana, moby-engine, and thunderbird), openSUSE (curl, firefox, glibc, kernel, libqt5-qtsvg, rpm, ssh-audit, systemd, and webkit2gtk3), Red Hat (389-ds:1.4, curl, kernel, kernel-rt, redis:5, and systemd), SUSE (util-linux), and Ubuntu (ardour, linux-azure, linux-azure-5.11, and strongswan).
https://lwn.net/Articles/873307/
Security Bulletin: IBM Security Risk Manager on CP4S is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/
Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Storwize V7000 Unified (CVE-2021-2341)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-storwize-v7000-unified-cve-2021-2341/
Security Bulletin: Cross-Site Scripting Vulnerability Affects Dashboard UI of IBM Sterling B2B Integrator (CVE-2021-29764)
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-dashboard-ui-of-ibm-sterling-b2b-integrator-cve-2021-29764/
Security Bulletin: IBM Security Risk Manager on CP4S is affected by multiple vulnerabilities (CVE-2020-15168, CVE-2021-29912)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities-cve-2020-15168-cve-2021-29912/
Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-2369 and CVE-2021-2432
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-are-affected-by-cve-2021-2369-and-cve-2021-2432/