Tageszusammenfassung - 05.11.2021

End-of-Day report

Timeframe: Donnerstag 04-11-2021 18:00 - Freitag 05-11-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Phishing emails deliver spooky zombie-themed MirCop ransomware

A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes.

https://www.bleepingcomputer.com/news/security/phishing-emails-deliver-spooky-zombie-themed-mircop-ransomware/


Bluetooth-Lücken Braktooth: Das Patchen geht nur schleppend voran

Für Braktooth-Attacken anfällige Bluetooth-Geräte könnten zeitnah in den Fokus von Angreifern rücken. Patches sind noch längst nicht flächendeckend verfügbar.

https://heise.de/-6254474


SSL certificate research highlights pitfalls for company data, competition

Analysis reveals hidden risks for organizations that do not monitor their certificate usage.

https://www.zdnet.com/article/ssl-certificate-research-highlights-pitfalls-for-company-data/


The IoT is getting a lot bigger, but security is still getting left behind

Four in five Internet of Things device vendors dont provide any information on how to disclose security vulnerabilities. That means problems just dont get fixed.

https://www.zdnet.com/article/the-iot-is-getting-a-lot-bigger-but-security-is-still-getting-left-behind/


Malware found in coa and rc, two npm packages with 23M weekly downloads

The security team of the npm JavaScript package manager has warned users that two of its most popular packages had been hijacked by a threat actor who released new versions laced with what appeared to be password-stealing malware.

https://therecord.media/malware-found-in-coa-and-rc-two-npm-packages-with-23m-weekly-downloads/


Datenbank mit Millionen Daten von VPN-Nutzern ungeschützt im Internet (Okt. 2021)

Wer VPN-Anbieter nutzt, muss sich auf deren Sicherheit und Integrität verlassen können. Sicherheitsforscher Bob Diachenko von comparitech ist kürzlich im Internet auf eine ungeschützte Datenbank (kein Passwort) gestoßen, die mehr als 300 Millionen Datensätze mit den persönlichen Daten [...]

https://www.borncity.com/blog/2021/11/05/datenbank-mit-millionen-daten-von-vpn-nutzern-ungeschtzt-im-internet-okt-2021/


Phishing PDF Files with CAPTCHA Screen Being Mass-distributed

Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by AhnLab-s ASD infrastructure since July up till now amount to 1,500,000.

https://asec.ahnlab.com/en/28431/

Vulnerabilities

ZDI-21-1278: Hewlett Packard Enterprise iLO Amplifier Pack backup Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise iLO Amplifier Pack. Authentication is not required to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-21-1278/


Security updates for Friday

Security updates have been issued by Debian (python3.5, redis, and udisks2), Fedora (rust), openSUSE (binutils, java-1_8_0-openj9, and qemu), Oracle (firefox and httpd), Red Hat (thunderbird), Scientific Linux (thunderbird), and SUSE (binutils, qemu, and systemd).

https://lwn.net/Articles/875212/


SYSS-2021-048/SYSS-2021-049: PHP Event Calendar - SQL Injection und Persistent Cross-Site Scripting

Im "PHP Event Calendar" wurden zwei Sicherheitslücken gefunden. So kann die Datenbank ausgelesen oder die Sitzung anderer Nutzer kompromittiert werden.

https://www.syss.de/pentest-blog/syss-2021-048/syss-2021-049-php-event-calendar-sql-injection-und-persistent-cross-site-scripting


D-LINK Router: Mehrere Schwachstellen

https://www.cert-bund.de/advisoryshort/CB-K21-1157


Security Bulletin: IBM Security Guardium is affected by an OpenLDAP vulnerability (CVE-2020-25692)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openldap-vulnerability-cve-2020-25692-3/


Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-29753

https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2021-29753/


Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-9/


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-25/


Security Bulletin: IBM Security Guardium is affected by the following vulnerabilities ( CVE-2021-29773, CVE-2021-2161)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-the-following-vulnerabilities-cve-2021-29773-cve-2021-2161-2/


Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-9/


Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-cve-2020-25705-cve-2020-28374-4/


Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in Golang

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-golang/


Security Bulletin: IBM Security Guardium is affected by a Reliance on Untrusted Inputs in Security Descision

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-reliance-on-untrusted-inputs-in-security-descision-3/


Security Bulletin: IBM Security Guardium is affected by a Weak Password Policy vulnerability (CVE-2021-20418)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-weak-password-policy-vulnerability-cve-2021-20418-3/


Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilites

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilites-4/


Security Bulletin: IBM Security Guardium is affected by a Oracle MySQL vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-oracle-mysql-vulnerabilities-4/