End-of-Day report
Timeframe: Montag 25-10-2021 18:00 - Mittwoch 27-10-2021 18:00
Handler: Dimitri Robl
Co-Handler: Wolfgang Menezes
News
Babuk ransomware decryptor released to recover files for free
Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free.
https://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/
Vorsicht: Neue Betrugswelle mit vermeintlichen DHL-SMS
Wieder sind betrügerische SMS zu Paketlieferungen im Umlauf. Ziel ist es, eine Schadsoftware aufs Handy zu bringen.
https://futurezone.at/digital-life/betrug-dhl-sms-phishing-ausstehendes-paket/401785139
Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.
https://threatpost.com/android-scammed-sms-fraud-tik-tok/175739/
Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users
The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.
https://threatpost.com/mozilla-firefox-blocks-malicious-add-ons-installed-by-455k-users/175745/
Conti Ransom Gang Starts Selling Access to Victims
The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Contis malware who refuse to negotiate a ransom payment are added to Contis victim shaming blog, where confidential files stolen from victims may be published or sold.
https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/
-Hallo Mama- - Vorsicht vor Betrug über WhatsApp!
Aktuell versuchen BetrügerInnen über WhatsApp an das Geld von potentiellen Opfern zu kommen. Dafür geben Sie sich in einer Nachricht als Tochter oder Sohn der EmpfängerInnen aus und fordern die Überweisung von mehreren tausend Euro.
https://www.watchlist-internet.at/news/hallo-mama-vorsicht-vor-betrug-ueber-whatsapp/
Vulnerabilities
WordPress: Erneute Sicherheitslücke im Plugin Ninja Forms
Das beliebte Formular-Framework ist erneut von einer Sicherheitslücke betroffen. Das WordPress-Plugin ist auf mehr als einer Million Webseiten aktiv.
https://heise.de/-6229249
Security updates for Tuesday
Security updates have been issued by Debian (php7.3 and php7.4), Mageia (kernel and kernel-linus), openSUSE (chromium and virtualbox), Oracle (xstream), Red Hat (kernel, rh-ruby30-ruby, and samba), and Ubuntu (binutils and mysql-5.7).
https://lwn.net/Articles/874045/
Security updates for Wednesday
Security updates have been issued by Debian (mosquitto and php7.0), Fedora (python-django-filter and qt), Mageia (fossil, opencryptoki, and qtbase5), openSUSE (apache2, busybox, dnsmasq, ffmpeg, pcre, and wireguard-tools), Red Hat (kpatch-patch), SUSE (apache2, busybox, dnsmasq, ffmpeg, java-11-openjdk, libvirt, open-lldp, pcre, python, qemu, util-linux, and wireguard-tools), and Ubuntu (apport and libslirp).
https://lwn.net/Articles/874143/
Belden Security Bulletin - BSECV-2020-03: Potential denial of service vulnerability in PROFINET Devices via DCE-RPC Packets
A vulnerability in the PROFINET stack implementation in Classic Firmware, HiOS, and HiLCOS could lead to a denial of service via an out of memory condition.
https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=13688&mediaformatid=50063&destinationid=10016
Security Bulletin: A vulnerability exists in the restricted shell of the IBM FlashSystem 900
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-the-restricted-shell-of-the-ibm-flashsystem-900-2/
Security Bulletin: Cross-Site Scripting Vulnerability Affects Dashboard UI of IBM Sterling B2B Integrator (CVE-2021-29764)
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-dashboard-ui-of-ibm-sterling-b2b-integrator-cve-2021-29764-2/
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software - September 2021
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-rational-application-developer-for-websphere-software-september-2021-2/
Security Bulletin: Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-engineering-lifecycle-management-and-ibm-engineering-products-2/
Security Bulletin: Openstack Compute (Nova) noVNC proxy
https://www.ibm.com/blogs/psirt/security-bulletin-openstack-compute-nova-novnc-proxy/
Security Bulletin: Insufficient session expiration in IBM i2 iBase
https://www.ibm.com/blogs/psirt/security-bulletin-insufficient-session-expiration-in-ibm-i2-ibase/
Grafana vulnerability CVE-2021-39226
https://support.f5.com/csp/article/K22322802
Paessler PRTG: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes
https://www.cert-bund.de/advisoryshort/CB-K21-1114
Red Hat OpenShift: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
https://www.cert-bund.de/advisoryshort/CB-K21-1121
Fuji Electric Tellus Lite V-Simulator and V-Server Lite
https://us-cert.cisa.gov/ics/advisories/icsa-21-299-01
Adobe Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/10/27/adobe-releases-security-updates-multiple-products
Apple Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/10/27/apple-releases-security-updates-multiple-products