End-of-Day report
Timeframe: Mittwoch 19-05-2021 18:00 - Donnerstag 20-05-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Exchange bleibt Hauptangriffsziel in der Microsoft-Cloud
Vectra AI hat die zehn wichtigsten Bedrohungen in Azure AD und Office 365 aufgelistet. Exchange bleibt für Angreifer offenbar unverändert attraktiv.
https://heise.de/-6050650
Cisco bringt Security-Updates
Cisco hat einige Updates zu Sicherheitsprodukten angekündigt, darunter das Major Release 7.0 der Secure Firewall Threat Defense und die Integration von Snort 3.
https://heise.de/-6049957
Attacken auf Android: Jetzt patchen! Wenn es denn Sicherheitsupdates gibt ...
Derzeit haben es Angreifer auf Android-Geräte abgesehen. Patches gibt es aber in der Regel nur für aktuelle Smartphones und Tablets.
https://heise.de/-6050515
Fake-Shops: So erkennen Sie betrügerische Online-Shops!
Das Problem betrügerischer Online-Shops - besser bekannt als Fake-Shops - nimmt weiterhin zu. Damit Sie die unterschiedlichen Arten von Fake-Shops schnell erkennen, beschreiben wir im folgenden Artikel die gängigsten Formen und worauf bei diesen besonders aufzupassen ist. Ein Einkauf in einem Fake-Shop kann Sie nämlich wahrlich teuer zu stehen kommen.
https://www.watchlist-internet.at/news/fake-shops-so-erkennen-sie-betruegerische-online-shops/
Qlocker ransomware shuts down after extorting hundreds of QNAP users
The Qlocker ransomware gang has shut down their operation after earning $350,000 in a month by exploiting vulnerabilities in QNAP NAS devices.
https://www.bleepingcomputer.com/news/security/qlocker-ransomware-shuts-down-after-extorting-hundreds-of-qnap-users/
Keksec Cybergang Debuts Simps Botnet for Gaming DDoS
The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities.
https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/
BazarCall: Call Centers Help Spread BazarLoader Malware
Call center operators offer to personally guide victims through a process designed to infect vulnerable computers with BazarLoader malware.
https://unit42.paloaltonetworks.com/bazarloader-malware/
Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware
CISA and the Federal Bureau of Investigation (FBI) have updated Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Disruption from Ransomware Attacks, originally released May 11, 2021. This update provides a downloadable STIX file of indicators of compromise (IOCs) to help network defenders find and mitigate activity associated with DarkSide ransomware.
https://us-cert.cisa.gov/ncas/current-activity/2021/05/19/update-cisa-fbi-joint-cybersecurity-advisory-darkside-ransomware
Misconfiguration of third party cloud services exposed data of over 100 million users
After examining 23 Android applications, Check Point Research (CPR) noticed mobile app developers potentially exposed the personal data of over 100 million users through a variety of misconfigurations of third party cloud services. Personal data included emails, chat messages, location, passwords and photos, which, in the hands of malicious actors could lead to fraud, identity-theft and service swipes.
https://blog.checkpoint.com/2021/05/20/misconfiguration-of-third-party-cloud-services-exposed-data-of-over-100-million-users/
Microsoft warns of malware campaign spreading a RAT masquerading as ransomware
The Microsoft security team has published details on Wednesday about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack.
https://therecord.media/microsoft-warns-of-malware-campaign-spreading-a-rat-masquerading-as-ransomware/
Vulnerabilities
ZDI-21-601: Ubiquiti Networks EdgeOS Improper Certificate Validation Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ubiquiti Networks EdgeOS on EdgeRouter X, EdgeRouter Pro X SFP, EdgeRouter 10X and EdgePoint 6-port routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device.
http://www.zerodayinitiative.com/advisories/ZDI-21-601/
Vulnerability Spotlight: Information disclosure vulnerability in macOS SMB server
Cisco Talos recently discovered an exploitable integer overflow vulnerability in Apple macOS- SMB server that could lead to information disclosure.
https://blog.talosintelligence.com/2021/05/vuln-spotlight-smb-information-disclosure.html
Security updates for Thursday
Security updates have been issued by Fedora (cacti, cacti-spine, exif, firefox, kernel, mariadb, and thunderbird), Mageia (kernel, kernel-linus, and libxml2), openSUSE (exim and jhead), Oracle (slapi-nis and xorg-x11-server), Scientific Linux (slapi-nis and xorg-x11-server), Slackware (libX11), SUSE (djvulibre, fribidi, graphviz, grub2, libass, libxml2, lz4, python-httplib2, redis, rubygem-actionpack-4_2, and xen), and Ubuntu (pillow and python-babel).
https://lwn.net/Articles/856775/
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
https://us-cert.cisa.gov/ncas/current-activity/2021/05/20/cisco-releases-security-updates-multiple-products
Security Bulletin: A vulnerability in IBM Java affects IBM Developer for z Systems.
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-affects-ibm-developer-for-z-systems-2/
Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional-5/
Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-virtual-appliance/
Security Bulletin: IBM MQ is affected by a vulnerability within libcurl (CVE-2020-8284)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-libcurl-cve-2020-8284/
Security Bulletin: A security vulnerability in Node.js netmask module affects IBM Cloud Pak for Multicloud Management Managed Service
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-netmask-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
Security Bulletin: A security vulnerability in Node.js netmask module affects IBM Cloud Automation Manager
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-netmask-module-affects-ibm-cloud-automation-manager/
Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability in IBM® Runtime Environment Java-
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-transparent-cloud-tiering-is-affected-by-a-vulnerability-in-ibm-runtime-environment-java/
Security Bulletin: A security vulnerability in Node.js braces and netmask module affects IBM Cloud Pak for Multicloud Management Managed Service
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-braces-and-netmask-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-3/
Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-lodash-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service-2/
Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager (CVE-2021-29687, CVE-2021-29688)
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-cve-2021-29687-cve-2021-29688/
WAGO: Multiple Vulnerabilities in CODESYS Runtime 2.3
https://cert.vde.com/de-de/advisories/vde-2021-014