Tageszusammenfassung - 02.11.2021

End-of-Day report

Timeframe: Freitag 29-10-2021 18:00 - Dienstag 02-11-2021 18:00 Handler: Wolfgang Menezes Co-Handler: Thomas Pribitzer

News

Trojan Source: Programmiersprachen lassen sich per Unicode trojanisieren

Ein Forschungsteam zeigt systematisch, wie sich mit Unicode-Tricks Code manipulieren lässt. Open-Source-Communitys und die IT-Industrie reagieren.

https://www.golem.de/news/trojan-source-programmiersprachen-lassen-sich-per-unicode-trojanisieren-2111-160751-rss.html

BlackMatter Ransomware Operators Develop Custom Data Exfiltration Tool

The cybercriminals operating the BlackMatter ransomware have started using a custom data exfiltration tool in their attacks, Symantec reports.

https://www.securityweek.com/blackmatter-ransomware-operators-develop-custom-data-exfiltration-tool

FBI Publishes IOCs for Hello Kitty Ransomware

The Federal Bureau of Investigation (FBI) has published a flash alert to share details on the tactics, techniques and procedures (TTPs) and indicators of compromise (IOCs) associated with the Hello Kitty ransomware, which is also known as FiveHands.

https://www.securityweek.com/fbi-publishes-iocs-hello-kitty-ransomware

Webseiten-BetreiberInnen aufgepasst: Gefälschte E-Mails von WORLD4YOU im Umlauf

Zahlreiche Webseiten-BetreiberInnen erhalten momentan betrügerische E-Mails im Namen von Wordl4You. In den betrügerischen E-Mails wird behauptet, dass die Domain gesperrt wurde, abgelaufen ist oder verlängert werden muss.

https://www.watchlist-internet.at/news/webseiten-betreiberinnen-aufgepasst-gefaelschte-e-mails-von-world4you-im-umlauf/

EU Digital Green Certificate: Was gilt eigentlich bei uns?

Nachdem der digitale grüne Pass gerade in den Medien ist, und ich für den Standard den Erklärbären mache, will ich hier ein paar technische Informationen dokumentieren, die für einen Zeitungsartikel dann doch zu technisch sind.

https://cert.at/de/blog/2021/10/eu-digital-green-certificate-was-gilt-eigentlich-bei-uns

Shodan Verified Vulns 2021-11-01

Das "Cyber-Security-Month" Oktober ist vorbei, aber, wie ein Blick in unsere Shodan-Daten vom 2021-11-01 verrät, hatte es keinen direkt sichtbaren Effekt: Die Veränderungen zu Anfang Oktober sind überschaubar.

https://cert.at/de/aktuelles/2021/11/shodan-verified-vulns-2021-11-01

From Zero to Domain Admin

This report will go through an intrusion from July that began with an email, which included a link to Google-s Feed Proxy service that was used to download a malicious Word document.

https://thedfirreport.com/2021/11/01/from-zero-to-domain-admin/

Vulnerabilities

Android November patch fixes actively exploited kernel bug

Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components.

https://www.bleepingcomputer.com/news/security/android-november-patch-fixes-actively-exploited-kernel-bug/

Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild

A now-patched critical remote code execution (RCE) vulnerability in GitLabs web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks.

https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html

IBM Security Bulletins

Tivoli Composite Application Manager for Transactions, InfoSphere Information Server, InfoSphere DataStage Flow Designer, API Connect, Application Discovery and Delivery Intelligence, MessageGateway, PowerSC.

https://www.ibm.com/blogs/psirt/

Firefox-Updates schließen zahlreiche Sicherheitslücken

Die Entwickler der Mozilla Foundation haben im Webbrowser Firefox mehr als ein Dutzend Sicherheitslücken gestopft.

https://heise.de/-6245344

Security updates for Monday

Security updates have been issued by Arch Linux (bind, chromium, freerdp, opera, webkit2gtk, and wpewebkit), Debian (cron, cups, elfutils, ffmpeg, libmspack, libsdl1.2, libsdl2, opencv, and tiff), Fedora (java-latest-openjdk, stb, and thunderbird), Mageia (cairo, cloud-init, docker, ffmpeg, libcaca, php, squid, and webkit2), openSUSE (busybox, chromium, civetweb, containerd, docker, runc, dnsmasq, fetchmail, flatpak, go1.16, krb5, ncurses, python, python-Pygments, squid, strongswan, transfig, webkit2gtk).

https://lwn.net/Articles/874623/

Security updates for Tuesday

Security updates have been issued by Debian (asterisk, bind9, glusterfs, and openjdk-11), Fedora (ansible and CuraEngine), openSUSE (mailman and opera), Oracle (binutils and flatpak), Red Hat (curl, flatpak, java-1.8.0-ibm, kernel, kernel-rt, libsolv, python3, samba, and webkit2gtk3), Scientific Linux (binutils and flatpak), SUSE (binutils and transfig), and Ubuntu (ceph and mailman).

https://lwn.net/Articles/874818/

Kaspersky Patches Vulnerability That Can Lead to Unbootable System

Kaspersky published two advisories on Monday to warn customers about a vulnerability that can lead to unbootable systems and a phishing campaign involving messages sent from a Kaspersky email address.

https://www.securityweek.com/kaspersky-patches-vulnerability-can-lead-unbootable-system