Timeframe: Donnerstag 23-12-2021 18:00 - Montag 27-12-2021 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
Rook ransomware is yet another spawn of the leaked Babuk code
A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make "a lot of money" by breaching corporate networks and encrypting devices.
QNAP NAS devices hit in surge of ech0raix ransomware attacks
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.
Example of how attackers are trying to push crypto miners via Log4Shell, (Fri, Dec 24th)
While following Log4Shell's exploit attempts hitting our honeypots, I came across another campaign trying to push a crypto miner on the victims machines.
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes.
QNAP Firmware-Update Version QTS 220.127.116.111 build 20211221 und log4j-Schwachstelle
Der Hersteller QNAP hat kurz vor Weihnachten ein Firmware-Update für sein QTS 5 freigegeben. Das Update schließt einige Schwachstellen. Zudem wurde eine log4j-Schwachstelle in QNAP-Software gemeldet.
Garrett Walk-Through Metal Detectors Can Be Hacked Remotely
A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices.
Remote Code Execution Vulnerabilities in Veritas Enterprise Vault
Veritas has discovered an issue where Veritas Enterprise Vault could allow Remote Code Execution on a vulnerable Enterprise Vault Server. CVSS v3.1 Base Score 9.8 CVEs: CVE-2021-44679, CVE-2021-44680, CVE-2021-44678, CVE-2021-44677, CVE-2021-44682, CVE-2021-44681
IBM Security Bulletins
IBM hat 33 Security Bulletins veröffentlicht.
Security updates for Friday
Security updates have been issued by Debian (webkit2gtk and wpewebkit), Fedora (httpd and singularity), Mageia (ldns, netcdf, php, ruby, thrift/golang-github-apache-thrift, thunderbird, and webkit2), openSUSE (go1.16, go1.17, libaom, and p11-kit), and SUSE (go1.16, go1.17, htmldoc, libaom, libvpx, logstash, openssh-openssl1, python3, and runc).
Security updates for Monday
Security updates have been issued by Debian (apache-log4j2, libextractor, libpcap, and wireshark), Fedora (grub2, kernel, libopenmpt, log4j, mingw-binutils, mingw-python-lxml, and seamonkey), Mageia (golang, lapack/openblas, and samba), and openSUSE (go1.16, libaom, log4j12, logback, and runc).
SolarWinds - multiple advisories
Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products
K16090693: Apache HTTP server vulnerability CVE-2021-44224
Moxa MGate Protocol Gateways
Johnson Controls exacq Enterprise Manager