End-of-Day report
Timeframe: Donnerstag 04-11-2021 18:00 - Freitag 05-11-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Phishing emails deliver spooky zombie-themed MirCop ransomware
A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes.
https://www.bleepingcomputer.com/news/security/phishing-emails-deliver-spooky-zombie-themed-mircop-ransomware/
Bluetooth-Lücken Braktooth: Das Patchen geht nur schleppend voran
Für Braktooth-Attacken anfällige Bluetooth-Geräte könnten zeitnah in den Fokus von Angreifern rücken. Patches sind noch längst nicht flächendeckend verfügbar.
https://heise.de/-6254474
SSL certificate research highlights pitfalls for company data, competition
Analysis reveals hidden risks for organizations that do not monitor their certificate usage.
https://www.zdnet.com/article/ssl-certificate-research-highlights-pitfalls-for-company-data/
The IoT is getting a lot bigger, but security is still getting left behind
Four in five Internet of Things device vendors dont provide any information on how to disclose security vulnerabilities. That means problems just dont get fixed.
https://www.zdnet.com/article/the-iot-is-getting-a-lot-bigger-but-security-is-still-getting-left-behind/
Malware found in coa and rc, two npm packages with 23M weekly downloads
The security team of the npm JavaScript package manager has warned users that two of its most popular packages had been hijacked by a threat actor who released new versions laced with what appeared to be password-stealing malware.
https://therecord.media/malware-found-in-coa-and-rc-two-npm-packages-with-23m-weekly-downloads/
Datenbank mit Millionen Daten von VPN-Nutzern ungeschützt im Internet (Okt. 2021)
Wer VPN-Anbieter nutzt, muss sich auf deren Sicherheit und Integrität verlassen können. Sicherheitsforscher Bob Diachenko von comparitech ist kürzlich im Internet auf eine ungeschützte Datenbank (kein Passwort) gestoßen, die mehr als 300 Millionen Datensätze mit den persönlichen Daten [...]
https://www.borncity.com/blog/2021/11/05/datenbank-mit-millionen-daten-von-vpn-nutzern-ungeschtzt-im-internet-okt-2021/
Phishing PDF Files with CAPTCHA Screen Being Mass-distributed
Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by AhnLab-s ASD infrastructure since July up till now amount to 1,500,000.
https://asec.ahnlab.com/en/28431/
Vulnerabilities
ZDI-21-1278: Hewlett Packard Enterprise iLO Amplifier Pack backup Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise iLO Amplifier Pack. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-21-1278/
Security updates for Friday
Security updates have been issued by Debian (python3.5, redis, and udisks2), Fedora (rust), openSUSE (binutils, java-1_8_0-openj9, and qemu), Oracle (firefox and httpd), Red Hat (thunderbird), Scientific Linux (thunderbird), and SUSE (binutils, qemu, and systemd).
https://lwn.net/Articles/875212/
SYSS-2021-048/SYSS-2021-049: PHP Event Calendar - SQL Injection und Persistent Cross-Site Scripting
Im "PHP Event Calendar" wurden zwei Sicherheitslücken gefunden. So kann die Datenbank ausgelesen oder die Sitzung anderer Nutzer kompromittiert werden.
https://www.syss.de/pentest-blog/syss-2021-048/syss-2021-049-php-event-calendar-sql-injection-und-persistent-cross-site-scripting
D-LINK Router: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K21-1157
Security Bulletin: IBM Security Guardium is affected by an OpenLDAP vulnerability (CVE-2020-25692)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openldap-vulnerability-cve-2020-25692-3/
Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-29753
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2021-29753/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-9/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-25/
Security Bulletin: IBM Security Guardium is affected by the following vulnerabilities ( CVE-2021-29773, CVE-2021-2161)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-the-following-vulnerabilities-cve-2021-29773-cve-2021-2161-2/
Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-9/
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-cve-2020-25705-cve-2020-28374-4/
Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in Golang
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-golang/
Security Bulletin: IBM Security Guardium is affected by a Reliance on Untrusted Inputs in Security Descision
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-reliance-on-untrusted-inputs-in-security-descision-3/
Security Bulletin: IBM Security Guardium is affected by a Weak Password Policy vulnerability (CVE-2021-20418)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-weak-password-policy-vulnerability-cve-2021-20418-3/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilites
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilites-4/
Security Bulletin: IBM Security Guardium is affected by a Oracle MySQL vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-oracle-mysql-vulnerabilities-4/