Tageszusammenfassung - 04.06.2021

End-of-Day report

Timeframe: Mittwoch 02-06-2021 18:00 - Freitag 04-06-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

Vorsicht: Phishing-Mail von World4You im Umlauf!

Kriminelle versenden derzeit eine gefälschte World4You-Phishingmail an Webseiten-BetreiberInnnen. Darin heißt es, dass die registrierte Domain der EmpfängerInnen abläuft und daher verlängert werden muss. Gehen Sie nicht auf die Zahlungsforderung ein. Denn das Geld und Ihre Kreditkartendaten landen direkt in den Händen von Kriminellen.

https://www.watchlist-internet.at/news/vorsicht-phishing-mail-von-world4you-im-umlauf/

Schlupflöcher für Schadcode in Videokonferenz-Software Cisco Webex geschlossen

Cisco hat Sicherheitsupdates für mehrere Produkte wie Router und Webex veröffentlicht.

https://heise.de/-6062229

Email spoofing: how attackers impersonate legitimate senders

This article analyzes different ways of the spoofing email addresses through changing the From header, which provides information about the senders name and address.

https://securelist.com/email-spoofing-types/102703/

Exchange Servers Targeted by -Epsilon Red- Malware

REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests.

https://threatpost.com/exchange-servers-epsilon-red-ransomware/166640/

How to hack into 5500 accounts- just using -credential stuffing-

Passwords - dont just pay them lip service.

https://nakedsecurity.sophos.com/2021/06/04/how-to-hack-into-5500-accounts-just-using-credential-stuffing/

Russian Dolls VBS Obfuscation, (Fri, Jun 4th)

We received an interesting sample from one of our readers (thanks Henry!) and we like this. If you find something interesting, we are always looking for fresh meat! Henry's sample was delivered in a password-protected ZIP archive and the file was a VBS script called "presentation_37142.vbs"

https://isc.sans.edu/diary/rss/27494

Build, Hack, and Defend Azure Identity

An Introduction to PurpleCloud Hybrid + Identity Cyber Range

https://www.sans.org/blog/build-hack-defend-azure-identity?msc=rss

Necro Python bot adds new exploits and Tezos mining to its bag of tricks

Some malware families stay static in terms of their functionality. But a newly discovered malware campaign utilizing the Necro Python bot shows this actor is adding new functionality and improving its chances of [...]

https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html

Organizations Warned: STUN Servers Increasingly Abused for DDoS Attacks

Application and network performance management company NETSCOUT warned organizations this week that STUN servers have been increasingly abused for distributed denial-of-service (DDoS) attacks, and there are tens of thousands of servers that could be abused for such attacks by malicious actors.

https://www.securityweek.com/organizations-warned-stun-servers-increasingly-abused-ddos-attacks

ESET Threat Report T1 2021

A view of the T1 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts The post ESET Threat Report T1 2021 appeared first on WeLiveSecurity

https://www.welivesecurity.com/2021/06/03/eset-threat-report-t12021/

WebLogic RCE Leads to XMRig

This report will review an intrusion where, the threat actor took advantage of a WebLogic remote code execution vulnerability (CVE-2020-14882) to gain initial access to the system before installing [...]

https://thedfirreport.com/2021/06/03/weblogic-rce-leads-to-xmrig/

CISA Releases Best Practices for Mapping to MITRE ATT&CK®

As part of an effort to encourage a common language in threat actor analysis, CISA has released Best Practices for MITRE ATT&CK® Mapping. The guide shows analysts-through instructions and examples-how to map adversary behavior to the MITRE ATT&CK framework. CISA created this guide in partnership with the Homeland Security Systems Engineering and Development Institute- (HSSEDI), a DHS-owned R&D center operated by MITRE, which [...]

https://us-cert.cisa.gov/ncas/current-activity/2021/06/02/cisa-releases-best-practices-mapping-mitre-attckr

FontPack: A dangerous update

Attribution secrets: Who is behind stealing credentials and bank card data by asking to install fake Flash Player, browser or font updates?

https://blog.group-ib.com/fontpack

Vulnerabilities

Cisco Security Advisories

Cisco hat Advisories zu 13 Schwachstellen veröffentlicht. Keine davon wird als "Critical" eingestuft, fünf als "High".

https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F06%2F02&firstPublishedEndDate=2021%2F06%2F04

Security updates for Thursday

Security updates have been issued by Arch Linux (chromium, curl, dhclient, dhcp, firefox, keycloak, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, opera, packagekit, pam-u2f, postgresql, rabbitmq, redis, ruby-bundler, and zint), Debian (caribou, firefox-esr, imagemagick, and isc-dhcp), Fedora (mapserver, mingw-python-pillow, and python-pillow), openSUSE (chromium), Red Hat (firefox, glib2, pki-core:10.6, polkit, rh-ruby26-ruby, and rh-ruby27-ruby), SUSE [...]

https://lwn.net/Articles/858144/

Security updates for Friday

Security updates have been issued by Debian (lasso), Fedora (mingw-djvulibre, mingw-exiv2, python-lxml, and singularity), openSUSE (ceph, dhcp, inn, nginx, opera, polkit, upx, and xstream), Oracle (firefox, perl, and polkit), Scientific Linux (firefox), SUSE (avahi, csync2, djvulibre, libwebp, polkit, python-py, slurm, slurm_18_08, thunderbird, and umoci), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, [...]

https://lwn.net/Articles/858331/

Advantech iView

This advisory contains mitigations for Missing Authentication for Critical Function, and SQL Injection vulnerabilities in Advantech iView IoT device management application.

https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01