Tageszusammenfassung - 27.10.2021

End-of-Day report

Timeframe: Montag 25-10-2021 18:00 - Mittwoch 27-10-2021 18:00 Handler: Dimitri Robl Co-Handler: Wolfgang Menezes

News

Babuk ransomware decryptor released to recover files for free

Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free.

https://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/


Vorsicht: Neue Betrugswelle mit vermeintlichen DHL-SMS

Wieder sind betrügerische SMS zu Paketlieferungen im Umlauf. Ziel ist es, eine Schadsoftware aufs Handy zu bringen.

https://futurezone.at/digital-life/betrug-dhl-sms-phishing-ausstehendes-paket/401785139


Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.

https://threatpost.com/android-scammed-sms-fraud-tik-tok/175739/


Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users

The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.

https://threatpost.com/mozilla-firefox-blocks-malicious-add-ons-installed-by-455k-users/175745/


Conti Ransom Gang Starts Selling Access to Victims

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Contis malware who refuse to negotiate a ransom payment are added to Contis victim shaming blog, where confidential files stolen from victims may be published or sold.

https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/


-Hallo Mama- - Vorsicht vor Betrug über WhatsApp!

Aktuell versuchen BetrügerInnen über WhatsApp an das Geld von potentiellen Opfern zu kommen. Dafür geben Sie sich in einer Nachricht als Tochter oder Sohn der EmpfängerInnen aus und fordern die Überweisung von mehreren tausend Euro.

https://www.watchlist-internet.at/news/hallo-mama-vorsicht-vor-betrug-ueber-whatsapp/

Vulnerabilities

WordPress: Erneute Sicherheitslücke im Plugin Ninja Forms

Das beliebte Formular-Framework ist erneut von einer Sicherheitslücke betroffen. Das WordPress-Plugin ist auf mehr als einer Million Webseiten aktiv.

https://heise.de/-6229249


Security updates for Tuesday

Security updates have been issued by Debian (php7.3 and php7.4), Mageia (kernel and kernel-linus), openSUSE (chromium and virtualbox), Oracle (xstream), Red Hat (kernel, rh-ruby30-ruby, and samba), and Ubuntu (binutils and mysql-5.7).

https://lwn.net/Articles/874045/


Security updates for Wednesday

Security updates have been issued by Debian (mosquitto and php7.0), Fedora (python-django-filter and qt), Mageia (fossil, opencryptoki, and qtbase5), openSUSE (apache2, busybox, dnsmasq, ffmpeg, pcre, and wireguard-tools), Red Hat (kpatch-patch), SUSE (apache2, busybox, dnsmasq, ffmpeg, java-11-openjdk, libvirt, open-lldp, pcre, python, qemu, util-linux, and wireguard-tools), and Ubuntu (apport and libslirp).

https://lwn.net/Articles/874143/


Belden Security Bulletin - BSECV-2020-03: Potential denial of service vulnerability in PROFINET Devices via DCE-RPC Packets

A vulnerability in the PROFINET stack implementation in Classic Firmware, HiOS, and HiLCOS could lead to a denial of service via an out of memory condition.

https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=13688&mediaformatid=50063&destinationid=10016


Security Bulletin: A vulnerability exists in the restricted shell of the IBM FlashSystem 900

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-the-restricted-shell-of-the-ibm-flashsystem-900-2/


Security Bulletin: Cross-Site Scripting Vulnerability Affects Dashboard UI of IBM Sterling B2B Integrator (CVE-2021-29764)

https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-dashboard-ui-of-ibm-sterling-b2b-integrator-cve-2021-29764-2/


Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/


Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software - September 2021

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-rational-application-developer-for-websphere-software-september-2021-2/


Security Bulletin: Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-engineering-lifecycle-management-and-ibm-engineering-products-2/


Security Bulletin: Openstack Compute (Nova) noVNC proxy

https://www.ibm.com/blogs/psirt/security-bulletin-openstack-compute-nova-novnc-proxy/


Security Bulletin: Insufficient session expiration in IBM i2 iBase

https://www.ibm.com/blogs/psirt/security-bulletin-insufficient-session-expiration-in-ibm-i2-ibase/


Grafana vulnerability CVE-2021-39226

https://support.f5.com/csp/article/K22322802


Paessler PRTG: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes

https://www.cert-bund.de/advisoryshort/CB-K21-1114


Red Hat OpenShift: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

https://www.cert-bund.de/advisoryshort/CB-K21-1121


Fuji Electric Tellus Lite V-Simulator and V-Server Lite

https://us-cert.cisa.gov/ics/advisories/icsa-21-299-01


Adobe Releases Security Updates for Multiple Products

https://us-cert.cisa.gov/ncas/current-activity/2021/10/27/adobe-releases-security-updates-multiple-products


Apple Releases Security Updates for Multiple Products

https://us-cert.cisa.gov/ncas/current-activity/2021/10/27/apple-releases-security-updates-multiple-products