Tageszusammenfassung - 31.03.2021

End-of-Day report

Timeframe: Dienstag 30-03-2021 18:00 - Mittwoch 31-03-2021 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer

News

Financial Cyberthreats in 2020

This research is a continuation of our annual financial threat reports providing an overview of the latest trends and key events across the financial threat landscape. The study covers the common phishing threats, along with Windows and Android-based financial malware.

https://securelist.com/financial-cyberthreats-in-2020/101638/


Ziggy Ransomware Gang Offers Refunds to Victims

Ziggy joins Fonix ransomware group and shuts down, with apologies to targets.

https://threatpost.com/ziggy-ransomware-gang-offers-refund-to-victims/165124/


3MinMax Series Topic Review - Apple Acquisition

Apple devices are an entirely different platform than Windows, and there are many different considerations when preparing to acquire an Apple machine.

https://www.sans.org/blog/3minmax-series-topic-reviewapple-acquisition


[SANS ISC] Quick Analysis of a Modular InfoStealer

This morning, an interesting phishing email landed in my spam trap. The mail was redacted in Spanish and, as usual, asked the recipient to urgently process the attached document.

https://blog.rootshell.be/2021/03/31/sans-isc-quick-analysis-of-a-modular-infostealer/


Whistleblower: Ubiquiti Breach -Catastrophic-

On Jan. 11, Ubiquiti Inc. [NYSE:UI] - a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras - disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.

https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/


The Often-Overlooked Element of a Hack: Endpoints

It is Vital to Maintain Granular Visibility and Control Over Access Points to Establish Resilience

https://www.securityweek.com/often-overlooked-element-hack-endpoints


Vorsicht beim Fahrrad-Kauf: marti-bosom.de ist ein Fake-Shop!

Mit den wärmer werdenden Temperaturen beginnt die Fahrrad-Saison. Für viele ist es die Zeit, um sich ein neues Fahrrad zu kaufen. Aufgrund der anhaltenden Corona-Krise passiert das immer öfter online. Hier gilt es jedoch vorsichtig zu sein, da es auch in diesem Bereich betrügerische Fake-Shops gibt.

https://www.watchlist-internet.at/news/vorsicht-beim-fahrrad-kauf-marti-bosomde-ist-ein-fake-shop/


Ransomware: Why were now facing a perfect storm

Normalising the act of paying a ransom to cyber criminals does nothing to protect anyone against ransomware, warns report.

https://www.zdnet.com/article/ransomware-why-were-now-facing-a-perfect-storm/


Gaming mods, cheat engines are spreading Trojan malware and planting backdoors

Mods and cheat systems for games are being exploited to deploy information-stealing malware.

https://www.zdnet.com/article/gaming-tools-backdoored-cheat-engines-are-now-new-weapons-in-cyberattacks/


BLEKeeper: Response Time Behavior Based Man-In-The-Middle Attack Detection

Bluetooth Low Energy (BLE) has become one of the most popular wireless communication protocols and is used in billions of smart devices. Despite several security features, the hardware and software limitations of thesedevices makes them vulnerable to man-in-the-middle (MITM) attacks.

http://arxiv.org/abs/2103.16235

Vulnerabilities

Fake jQuery files infect WordPress sites with malware

Researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware.

https://www.bleepingcomputer.com/news/security/fake-jquery-files-infect-wordpress-sites-with-malware/


Angreifer könnten Admin-Zugangsdaten von VMware vRealize kopieren

Es gibt wichtige Sicherheitsupdates für die Management-Software für Cloud-Umgebungen vRealize Operations.

https://heise.de/-6002805


Security updates for Wednesday

Security updates have been issued by Debian (curl, ldb, leptonlib, and linux-4.19), Fedora (busybox), Gentoo (openssl, redis, salt, and sqlite), Mageia (firefox, fwupd, glib2.0, python-aiohttp, radare2, thunderbird, and zeromq), openSUSE (firefox), SUSE (ovmf, tomcat, and zabbix), and Ubuntu (curl, lxml, and pygments).

https://lwn.net/Articles/851269/


Google Releases Security Updates for Chrome

Google has released Chrome version 89.0.4389.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

https://us-cert.cisa.gov/ncas/current-activity/2021/03/31/google-releases-security-updates-chrome


SECURITY BULLETIN: March 2021 Security Bulletin for Trend Micro OfficeScan XG SP1

https://success.trendmicro.com/solution/000286157


Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686

https://support.f5.com/csp/article/K98221124


cURL: Mehrere Schwachstellen

http://www.cert-bund.de/advisoryshort/CB-K21-0333


Denial of Service in Rexroth ActiveMover using EtherNet/IP protocol

https://psirt.bosch.com/security-advisories/bosch-sa-282922.html


Denial of Service in Rexroth ActiveMover using Profinet protocol

https://psirt.bosch.com/security-advisories/bosch-sa-637429.html


SYSS-2021-006: SQL Injection-Schwachstelle in FireEye EX

https://www.syss.de/pentest-blog/syss-2021-006-sql-injection-schwachstelle-in-fireeye-ex


SYSS-2021-005: SQL Injection-Schwachstelle in FireEye EX

https://www.syss.de/pentest-blog/syss-2021-005-sql-injection-schwachstelle-in-fireeye-ex