End-of-Day report
Timeframe: Dienstag 22-06-2021 18:00 - Mittwoch 23-06-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
A week after arrests, Cl0p ransomware group dumps new tranche of stolen data
Leak shows that, like the rest of the ransomware scourge, Cl0p isnt going away.
https://arstechnica.com/?p=1775362
SonicWall bug affecting 800K firewalls was only partially fixed
New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched.
https://www.bleepingcomputer.com/news/security/sonicwall-bug-affecting-800k-firewalls-was-only-partially-fixed/
PYSA ransomware backdoors education orgs using ChaChi malware
The PYSA ransomware gang has been using a remote access Trojan (RAT) dubbed ChaChi to backdoor the systems of healthcare and education organizations and steal data that later gets leveraged in double extortion ransom schemes.
https://www.bleepingcomputer.com/news/security/pysa-ransomware-backdoors-education-orgs-using-chachi-malware/
Sure looks like someones pirating the REvil ransomware, tweaking the binary in a hex editor for their own crimes
Its a crook-eat-crook world out there It appears someone is pirating the infamous REvil ransomware by tweaking its files for their own purposes.
https://www.theregister.com/2021/06/23/revil_ransomware_lv/
Ferienwohnungen nicht auf luxfewo.de buchen
Ferienwohnungen und Unterkünfte werden heute überwiegend im Internet gebucht. Doch Vorsicht: Unter den zahlreichen Plattformen und Buchungswebseiten verstecken sich auch betrügerische Angebote. Wer beispielsweise auf luxfewo.de bucht und eine Anzahlung leistet, verliert viel Geld und hat am Ende keine Unterkunft.
https://www.watchlist-internet.at/news/ferienwohnungen-nicht-auf-luxfewode-buchen/
MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework
The MITRE Corporation, one of the most respected organizations in the cybersecurity field, has released today D3FEND, a complementary framework to its industry-recognized ATT&CK matrix.
https://therecord.media/mitre-releases-d3fend-defensive-measures-complimentary-to-its-attck-framework/
Vulnerabilities
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts -- with no patches in sight.
https://threatpost.com/unpatched-linux-marketplace-bugs-rce/167155/
Security updates for Wednesday
Security updates have been issued by Debian (kernel and linux-4.19), Fedora (tor), Oracle (rh-postgresql10-postgresql), Red Hat (kernel), SUSE (ansible, apache2, dovecot23, OpenEXR, ovmf, and wireshark), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-5.8, linux-azure,[...]
https://lwn.net/Articles/860652/
WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting
https://jvn.jp/en/jp/JVN63066062/
VDE-CERT Advisories 2021-06-23: Multiple Vulnerabilities in Phoenix Contact Products and Weidmueller Industrial WLAN devices
https://cert.vde.com/de-de/advisories
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-infosphere-master-data-management-3/
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-infosphere-master-data-management-2/
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by InfoSphere Master Data Management
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-infosphere-master-data-management/
Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-13/
Security Bulletin: IBM Security Verify Password Synchronization Plug-in for Windows AD affected by multiple vulnerabilities (CVE-2021-20488, CVE-2021-20494, CVE-2021-20572, CVE-2021-20573, CVE-2021-20574)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-password-synchronization-plug-in-for-windows-ad-affected-by-multiple-vulnerabilities-cve-2021-20488-cve-2021-20494-cve-2021-20572-cve-2021-20573-cve-2021-20/
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-infosphere-master-data-management/
Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerability-4/
Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-node-js-vulnerability-5/
Security Bulletin: IBM Security Guardium is affected by an Information Exposure vulnerability (CVE-2020-4189)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-exposure-vulnerability-cve-2020-4189-4/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-21/
VMSA-2021-0013
https://www.vmware.com/security/advisories/VMSA-2021-0013.html
Python Flask vulnerability CVE-2018-1000656
https://support.f5.com/csp/article/K63597327
Palo Alto Networks Patches Critical Vulnerability in Cortex XSOAR
https://www.securityweek.com/palo-alto-networks-patches-critical-vulnerability-cortex-xsoar
Citrix Hypervisor Security Update
https://support.citrix.com/article/CTX316325
Advantech WebAccess HMI Designer
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01
CODESYS V2 web server
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-02
CODESYS Control V2 communication
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-03
CODESYS Control V2 Linux SysFile library
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-04