End-of-Day report
Timeframe: Montag 14-06-2021 18:00 - Dienstag 15-06-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
Paradise Ransomware source code released on a hacking forum
The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation.
https://www.bleepingcomputer.com/news/security/paradise-ransomware-source-code-released-on-a-hacking-forum/
Andariel evolves to target South Korea with ransomware
In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload.
https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/
Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more, (Tue, Jun 15th)
Vulnerable perimeter devices remain a popular target, and we do see consistent exploit attempts against them.
https://isc.sans.edu/diary/rss/27528
Experts Shed Light On Distinctive Tactics Used by Hades Ransomware
Cybersecurity researchers on Tuesday disclosed "distinctive" tactics, techniques, and procedures (TTPs) adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER.
https://thehackernews.com/2021/06/experts-shed-light-on-distinctive.html
What-s past is prologue - A new world of critical infrastructure security
Attackers have targeted American critical infrastructure several times over the past few years, putting at risk U.S. electrical grids, oil pipelines and water supply systems.
https://blog.talosintelligence.com/2021/06/new-world-after-pipeline-ransomware-ONG.html
Tracking Amazon delivery staff
The Amazon delivery tracking API allows ultra-precise tracking of drivers. Amazon claim that customers can only track the driver for the 10 stops prior to theirs.
https://www.pentestpartners.com/security-blog/tracking-amazon-delivery-staff/
Beantragen Sie Kredite nicht auf ulacglobalfinanzen.com
Sie sind auf der Suche nach einem Kredit und recherchieren im Internet günstige Konditionen? Möglicherweise kommt Ihnen dann ulacglobalfinanzen.com unter - eine unseriöse Kreditgesellschaft mit großartigen Konditionen und unkomplizierter Abwicklung. Wer dort um einen Kredit ansucht, verliert jedoch Geld und übermittelt Kriminellen persönliche Daten!
https://www.watchlist-internet.at/news/beantragen-sie-kredite-nicht-auf-ulacglobalfinanzencom/
Vishing: What is it and how do I avoid getting scammed?
How do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself, your family and your business?
https://www.welivesecurity.com/2021/06/14/vishing-what-is-it-how-avoid-getting-scammed/
Ransomware attacks continue to Surge, hitting a 93% increase year over year
Number of organizations impacted by ransomware has risen to 1210 in June 2021. Check Point Research sees a 41% increase in attacks since the beginning of 2021 and a 93% increase year over year.
https://blog.checkpoint.com/2021/06/14/ransomware-attacks-continue-to-surge-hitting-a-93-increase-year-over-year/
Vulnerabilities
SonicWall schließt Denial-of-Service-Lücke in Firewall-Betriebssystem SonicOS
Das webbasierte Management-Interface einiger SonicOS-Versionen hätte mittels spezieller POST-Requests lahmgelegt werden können. Updates ändern das.
https://heise.de/-6071069
Security updates for Tuesday
Security updates have been issued by CentOS (389-ds-base, dhcp, firefox, glib2, hivex, kernel, postgresql, qemu-kvm, qt5-qtimageformats, samba, and xorg-x11-server), Fedora (kernel and kernel-tools), Oracle (kernel and postgresql), Red Hat (dhcp and gupnp), Scientific Linux (gupnp and postgresql), SUSE (postgresql10 and xterm), and Ubuntu (imagemagick).
https://lwn.net/Articles/859842/
iOS 12.5.4
https://support.apple.com/kb/HT212548
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential Cross Site Scripting (XSS) CVE-2020-5000
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-corporate-payment-services-is-affected-by-a-potential-cross-site-scripting-xss-cve-2020-5000/
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841-2/
Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2020-27221, CVE-2020-14782)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments-3/
Security Bulletin: IBM Event Streams is potentially affected by multiple node vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-potentially-affected-by-multiple-node-vulnerabilities/
Security Bulletin: Genivia gSOAP vulnerabilities affect IBM Spectrum Protect for Virtual Environments:Data Protection for VMware and Spectrum Protect Client (CVE-2020-13575, CVE-2020-13578, CVE-2020-13574, CVE-2020-13577, CVE-2020-13576,
https://www.ibm.com/blogs/psirt/security-bulletin-genivia-gsoap-vulnerabilities-affect-ibm-spectrum-protect-for-virtual-environmentsdata-protection-for-vmware-and-spectrum-protect-client-cve-2020-13575-cve-2020-13578-cve-2020-1/
Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-10531)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-10531/
Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-13947)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-activemq-affects-ibm-operations-analytics-predictive-insights-cve-2020-13947-2/
Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2021-27290)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-27290/
Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/