End-of-Day report
Timeframe: Donnerstag 24-06-2021 18:00 - Freitag 25-06-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Dimitri Robl
News
Binance exchange helped track down Clop ransomware money launderers
Cryptocurrency exchange service Binance played an important part in the recent arrests of Clop ransomware group members, helping law enforcement in their effort to identify, and ultimately detain the suspects.
https://www.bleepingcomputer.com/news/security/binance-exchange-helped-track-down-clop-ransomware-money-launderers/
Microsoft signed a malicious Netfilter rootkit
What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?
https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
SKS: Das Ende der alten PGP-Keyserver
Der Serverpool für die PGP-Keyserver mit der Software SKS wurde abgeschaltet. Grund sind Beschwerden wegen der Datenschutz-Grundverordnung.
https://www.golem.de/news/sks-das-ende-der-alten-pgp-keyserver-2106-157613.html
-What are the odds someone will find and exploit this?- Nice one - you just released an insecure app
Who-s to blame: devs or management? And how do we cure application vulnerability epidemic Feature According to a recently published Osterman Research white paper, 81 per cent of developers admit to knowingly releasing vulnerable apps
https://www.theregister.com/2021/06/25/application_vulnerability_epidemic/
We explored the dangers of pirated sport streams so you don-t have to
The COVID pandemic has led to a surge in content consumption as people stayed home and turned to Netflix, Youtube and other streaming services for entertainment. Not everyone agrees with paying for the latest episode or album, however, and this rise has ran parallel with a rise in digital piracy.
https://www.webroot.com/blog/2021/05/12/we-explored-the-dangers-of-pirated-sport-streams-so-you-dont-have-to/
Western Digital My Book Live: Trennen Sie Ihre Festplatten vom Internet
Daten auf Festplatten der WD-Baureihe My Book Live werden von extern gelöscht und durch fremde Passwörter unzugänglich gemacht.
https://heise.de/-6119250
Crackonosh malware abuses Windows Safe mode to quietly mine for cryptocurrency
The malware is thought to have generated millions of dollars in just a few short years.
https://www.zdnet.com/article/crackonosh-malware-abuses-windows-safe-mode-to-quietly-mine-for-cryptocurrency/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Arch Linux (chromium, dovecot, exiv2, helm, keycloak, libslirp, matrix-appservice-irc, nginx-mainline, opera, pigeonhole, tor, tpm2-tools, and vivaldi), Debian (libgcrypt20), Fedora (pdfbox), Mageia (graphicsmagick, matio, and samba and ldb), openSUSE (dovecot23, gupnp, libgcrypt, live555, and ovmf), SUSE (gupnp, libgcrypt, openexr, and ovmf), and Ubuntu (ceph and rabbitmq-server).
https://lwn.net/Articles/860981/
Philips Interoperability Solution XDS
This advisory contains mitigations for a Clear Text Transmission of Sensitive Information vulnerability in the Philips Interoperability Solution XDS document sharing system.
https://us-cert.cisa.gov/ics/advisories/icsma-21-175-01
FATEK WinProladder
This advisory contains mitigations for Out-of-bounds Read, Out-of-bounds Write, and Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerabilities in FATEK WinProladder programmable logic controllers.
https://us-cert.cisa.gov/ics/advisories/icsa-21-175-01
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-4/
Security Bulletin: Operations Dashboard is vulnerable to Go vulnerabilities (CVE-2021-27918 and CVE-2021-27919)
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-go-vulnerabilities-cve-2021-27918-and-cve-2021-27919/
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tika
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-tika-2/
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty-2/
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python urllib3
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-python-urllib3/
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache PDFBox
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-pdfbox/
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerability (CVE-2020-1971)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerability-cve-2020-1971/