Tageszusammenfassung - 06.12.2021

End-of-Day report

Timeframe: Freitag 03-12-2021 18:00 - Montag 06-12-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner

News

Is My Site Hacked? 4 Gut Checks

Today, we-re looking at 4 quick gut check tests you can do to get the answer to the question, -is my site hacked?-

https://blog.sucuri.net/2021/12/is-my-site-hacked-4-gut-checks.html

Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks

Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, assigned the identifier CVE-2021-44515, is an authentication bypass vulnerability ...

https://thehackernews.com/2021/12/warning-yet-another-zoho-manageengine.html

Malicious KMSPico Windows Activator Stealing Users Cryptocurrency Wallets

Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed "CryptBot," is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing screenshots from the infected systems.

https://thehackernews.com/2021/12/malicious-kmspico-windows-activator.html

The Importance of Out-of-Band Networks

Out-of-band (or "OoB") networks are usually dedicated to management tasks. Many security appliances and servers have dedicated management interfaces that are used to set up, control, and monitor the device. A best practice is to connect those management interfaces to a dedicated network that is not directly connected to the network used to carry applications/users data.

https://isc.sans.edu/diary/rss/28102

Who Is the Network Access Broker -Babam-?

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in stealing remote access credentials -- such as usernames and passwords needed to remotely connect to the targets network. In this post well look at the clues left behind by "Babam," the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions ...

https://krebsonsecurity.com/2021/12/who-is-the-network-access-broker-babam/

Emotet-s back and it isn-t wasting any time

Last month we reported on how another notorious bit of malware, TrickBot, was helping Emotet come back from the dead. And then yesterday, several security researchers saw another huge spike in Emotet-s activity.

https://blog.malwarebytes.com/trojans/2021/12/emotets-back-and-it-isnt-wasting-any-time/

Vulnerabilities

Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: - Execute code on the affected device or cause it to reload unexpectedly - Cause LLDP database corruption on the affected device

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T

IBM Security Bulletins 2021-12-03

IBM Event Streams, IBM Cloud Automation Manager, IBM Data Studio Client, EDB PostreSQL with IBM, EDB Postgres Advanced Server with IBM, IBM Data Management Platform (Enterprise, Standard), IBM QRadar SIEM

https://www.ibm.com/blogs/psirt/

Security updates for Monday

Security updates have been issued by Arch Linux (isync, lib32-nss, nss, opera, and vivaldi), Debian (gerbv and xen), Fedora (autotrace, chafa, converseen, digikam, dmtx-utils, dvdauthor, eom, kxstitch, libsndfile, nss, pfstools, php-pecl-imagick, psiconv, q, R-magick, rss-glx, rubygem-rmagick, seamonkey, skopeo, synfig, synfigstudio, vdr-scraper2vdr, vdr-skinelchihd, vdr-skinnopacity, vdr-tvguide, vim, vips, and WindowMaker), Mageia (golang, kernel, kernel-linus, mariadb, and vim), openSUSE (aaa_base, python-Pygments, singularity, and tor), Red Hat (nss), Slackware (mozilla), SUSE (aaa_base, kernel, openssh, php74, and xen), and Ubuntu (libmodbus, lrzip, samba, and uriparser).

https://lwn.net/Articles/877821/

ABB Cyber Security Advisory: OmniCore RobotWare Missing Authentication Vulnerability CVE ID: CVE-2021-22279

https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch