Tageszusammenfassung - 27.12.2021

End-of-Day report

Timeframe: Donnerstag 23-12-2021 18:00 - Montag 27-12-2021 18:00 Handler: Robert Waldner Co-Handler: Thomas Pribitzer

News

Rook ransomware is yet another spawn of the leaked Babuk code

A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make "a lot of money" by breaching corporate networks and encrypting devices.

https://www.bleepingcomputer.com/news/security/rook-ransomware-is-yet-another-spawn-of-the-leaked-babuk-code/

QNAP NAS devices hit in surge of ech0raix ransomware attacks

Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.

https://www.bleepingcomputer.com/news/security/qnap-nas-devices-hit-in-surge-of-ech0raix-ransomware-attacks/

Example of how attackers are trying to push crypto miners via Log4Shell, (Fri, Dec 24th)

While following Log4Shell's exploit attempts hitting our honeypots, I came across another campaign trying to push a crypto miner on the victims machines.

https://isc.sans.edu/diary/rss/28172

More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild

A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes.

https://therecord.media/more-than-1200-phishing-toolkits-capable-of-intercepting-2fa-detected-in-the-wild/

QNAP Firmware-Update Version QTS 5.0.0.1891 build 20211221 und log4j-Schwachstelle

Der Hersteller QNAP hat kurz vor Weihnachten ein Firmware-Update für sein QTS 5 freigegeben. Das Update schließt einige Schwachstellen. Zudem wurde eine log4j-Schwachstelle in QNAP-Software gemeldet.

https://www.borncity.com/blog/2021/12/26/qnap-firmware-update-version-qts-5-0-0-1891-build-20211221-und-log4j-schwachstelle/

Vulnerabilities

Garrett Walk-Through Metal Detectors Can Be Hacked Remotely

A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices.

https://thehackernews.com/2021/12/garrett-walk-through-metal-detectors.html

Remote Code Execution Vulnerabilities in Veritas Enterprise Vault

Veritas has discovered an issue where Veritas Enterprise Vault could allow Remote Code Execution on a vulnerable Enterprise Vault Server. CVSS v3.1 Base Score 9.8 CVEs: CVE-2021-44679, CVE-2021-44680, CVE-2021-44678, CVE-2021-44677, CVE-2021-44682, CVE-2021-44681

https://www.veritas.com/content/support/en_US/security/VTS21-003

IBM Security Bulletins

IBM hat 33 Security Bulletins veröffentlicht.

https://www.ibm.com/blogs/psirt/

Security updates for Friday

Security updates have been issued by Debian (webkit2gtk and wpewebkit), Fedora (httpd and singularity), Mageia (ldns, netcdf, php, ruby, thrift/golang-github-apache-thrift, thunderbird, and webkit2), openSUSE (go1.16, go1.17, libaom, and p11-kit), and SUSE (go1.16, go1.17, htmldoc, libaom, libvpx, logstash, openssh-openssl1, python3, and runc).

https://lwn.net/Articles/879791/

Security updates for Monday

Security updates have been issued by Debian (apache-log4j2, libextractor, libpcap, and wireshark), Fedora (grub2, kernel, libopenmpt, log4j, mingw-binutils, mingw-python-lxml, and seamonkey), Mageia (golang, lapack/openblas, and samba), and openSUSE (go1.16, libaom, log4j12, logback, and runc).

https://lwn.net/Articles/879891/

SolarWinds - multiple advisories

https://www.solarwinds.com/trust-center/security-advisories

Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products

http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20211215-01-log4j-en