Tageszusammenfassung - 15.06.2021

End-of-Day report

Timeframe: Montag 14-06-2021 18:00 - Dienstag 15-06-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer

News

Paradise Ransomware source code released on a hacking forum

The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation.

https://www.bleepingcomputer.com/news/security/paradise-ransomware-source-code-released-on-a-hacking-forum/


Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload.

https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/


Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more, (Tue, Jun 15th)

Vulnerable perimeter devices remain a popular target, and we do see consistent exploit attempts against them.

https://isc.sans.edu/diary/rss/27528


Experts Shed Light On Distinctive Tactics Used by Hades Ransomware

Cybersecurity researchers on Tuesday disclosed "distinctive" tactics, techniques, and procedures (TTPs) adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER.

https://thehackernews.com/2021/06/experts-shed-light-on-distinctive.html


What-s past is prologue - A new world of critical infrastructure security

Attackers have targeted American critical infrastructure several times over the past few years, putting at risk U.S. electrical grids, oil pipelines and water supply systems.

https://blog.talosintelligence.com/2021/06/new-world-after-pipeline-ransomware-ONG.html


Tracking Amazon delivery staff

The Amazon delivery tracking API allows ultra-precise tracking of drivers. Amazon claim that customers can only track the driver for the 10 stops prior to theirs.

https://www.pentestpartners.com/security-blog/tracking-amazon-delivery-staff/


Beantragen Sie Kredite nicht auf ulacglobalfinanzen.com

Sie sind auf der Suche nach einem Kredit und recherchieren im Internet günstige Konditionen? Möglicherweise kommt Ihnen dann ulacglobalfinanzen.com unter - eine unseriöse Kreditgesellschaft mit großartigen Konditionen und unkomplizierter Abwicklung. Wer dort um einen Kredit ansucht, verliert jedoch Geld und übermittelt Kriminellen persönliche Daten!

https://www.watchlist-internet.at/news/beantragen-sie-kredite-nicht-auf-ulacglobalfinanzencom/


Vishing: What is it and how do I avoid getting scammed?

How do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself, your family and your business?

https://www.welivesecurity.com/2021/06/14/vishing-what-is-it-how-avoid-getting-scammed/


Ransomware attacks continue to Surge, hitting a 93% increase year over year

Number of organizations impacted by ransomware has risen to 1210 in June 2021. Check Point Research sees a 41% increase in attacks since the beginning of 2021 and a 93% increase year over year.

https://blog.checkpoint.com/2021/06/14/ransomware-attacks-continue-to-surge-hitting-a-93-increase-year-over-year/

Vulnerabilities

SonicWall schließt Denial-of-Service-Lücke in Firewall-Betriebssystem SonicOS

Das webbasierte Management-Interface einiger SonicOS-Versionen hätte mittels spezieller POST-Requests lahmgelegt werden können. Updates ändern das.

https://heise.de/-6071069


Security updates for Tuesday

Security updates have been issued by CentOS (389-ds-base, dhcp, firefox, glib2, hivex, kernel, postgresql, qemu-kvm, qt5-qtimageformats, samba, and xorg-x11-server), Fedora (kernel and kernel-tools), Oracle (kernel and postgresql), Red Hat (dhcp and gupnp), Scientific Linux (gupnp and postgresql), SUSE (postgresql10 and xterm), and Ubuntu (imagemagick).

https://lwn.net/Articles/859842/


iOS 12.5.4

https://support.apple.com/kb/HT212548


Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential Cross Site Scripting (XSS) CVE-2020-5000

https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-corporate-payment-services-is-affected-by-a-potential-cross-site-scripting-xss-cve-2020-5000/


Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841-2/


Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2020-27221, CVE-2020-14782)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments-3/


Security Bulletin: IBM Event Streams is potentially affected by multiple node vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-potentially-affected-by-multiple-node-vulnerabilities/


Security Bulletin: Genivia gSOAP vulnerabilities affect IBM Spectrum Protect for Virtual Environments:Data Protection for VMware and Spectrum Protect Client (CVE-2020-13575, CVE-2020-13578, CVE-2020-13574, CVE-2020-13577, CVE-2020-13576,

https://www.ibm.com/blogs/psirt/security-bulletin-genivia-gsoap-vulnerabilities-affect-ibm-spectrum-protect-for-virtual-environmentsdata-protection-for-vmware-and-spectrum-protect-client-cve-2020-13575-cve-2020-13578-cve-2020-1/


Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/


Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-10531)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-10531/


Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-13947)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-activemq-affects-ibm-operations-analytics-predictive-insights-cve-2020-13947-2/


Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2021-27290)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-27290/


Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/