Tageszusammenfassung - 27.12.2021

End-of-Day report

Timeframe: Donnerstag 23-12-2021 18:00 - Montag 27-12-2021 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer


Rook ransomware is yet another spawn of the leaked Babuk code

A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make "a lot of money" by breaching corporate networks and encrypting devices.


QNAP NAS devices hit in surge of ech0raix ransomware attacks

Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.


Example of how attackers are trying to push crypto miners via Log4Shell, (Fri, Dec 24th)

While following Log4Shell's exploit attempts hitting our honeypots, I came across another campaign trying to push a crypto miner on the victims machines.


More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild

A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes.


QNAP Firmware-Update Version QTS build 20211221 und log4j-Schwachstelle

Der Hersteller QNAP hat kurz vor Weihnachten ein Firmware-Update für sein QTS 5 freigegeben. Das Update schließt einige Schwachstellen. Zudem wurde eine log4j-Schwachstelle in QNAP-Software gemeldet.



Garrett Walk-Through Metal Detectors Can Be Hacked Remotely

A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices.


Remote Code Execution Vulnerabilities in Veritas Enterprise Vault

Veritas has discovered an issue where Veritas Enterprise Vault could allow Remote Code Execution on a vulnerable Enterprise Vault Server. CVSS v3.1 Base Score 9.8 CVEs: CVE-2021-44679, CVE-2021-44680, CVE-2021-44678, CVE-2021-44677, CVE-2021-44682, CVE-2021-44681


IBM Security Bulletins

IBM hat 33 Security Bulletins veröffentlicht.


Security updates for Friday

Security updates have been issued by Debian (webkit2gtk and wpewebkit), Fedora (httpd and singularity), Mageia (ldns, netcdf, php, ruby, thrift/golang-github-apache-thrift, thunderbird, and webkit2), openSUSE (go1.16, go1.17, libaom, and p11-kit), and SUSE (go1.16, go1.17, htmldoc, libaom, libvpx, logstash, openssh-openssl1, python3, and runc).


Security updates for Monday

Security updates have been issued by Debian (apache-log4j2, libextractor, libpcap, and wireshark), Fedora (grub2, kernel, libopenmpt, log4j, mingw-binutils, mingw-python-lxml, and seamonkey), Mageia (golang, lapack/openblas, and samba), and openSUSE (go1.16, libaom, log4j12, logback, and runc).


SolarWinds - multiple advisories


Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products


K16090693: Apache HTTP server vulnerability CVE-2021-44224


Moxa MGate Protocol Gateways


Johnson Controls exacq Enterprise Manager