End-of-Day report
Timeframe: Mittwoch 30-06-2021 18:00 - Donnerstag 01-07-2021 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
"Drucker-Albtraum": Offene Sicherheitslücke erlaubt die Übernahme gesamter Windows-Netzwerke
Sicherheitsforscher veröffentlichen versehentlich passenden Schadcode, nun herrscht akuter Handlungsbedarf für Windows-Administratoren
https://www.derstandard.at/story/2000127868579/drucker-albtraum-offene-sicherheitsluecke-erlaubt-die-uebernahme-gesamter-windows-netzwerke
Vorschussbetrug mit Krediten auf befinax.com
Auf der Suche nach Krediten, Hypotheken oder Versicherungen stoßen Sie womöglich auf befinax.com. Die Seite ist schön aufgebaut, verspricht schnelle Kreditvergaben und wirbt mit den Logos und Namen großer und bekannter Banken. Doch Vorsicht: Hier werden Sie betrogen! Vorab zu bezahlende Gebühren landen direkt in den Händen Krimineller und Kredit gibt es keinen.
https://www.watchlist-internet.at/news/vorschussbetrug-mit-krediten-auf-befinaxcom/
The Most Prolific Ransomware Families: A Defenders Guide
In this article, DomainTools researchers provide a look at the three most prolific ransomware families and their toolsets.
https://www.domaintools.com/resources/blog/the-most-prolific-ransomware-families-a-defenders-guide
Linux: RPM prüft Signaturen nicht richtig
Eigentlich werden RPM-Pakte unter Linux signiert. Viele wichtige Teile der Signaturprüfung sind bisher aber gar nicht implementiert.
https://www.golem.de/news/linux-rpm-prueft-signaturen-nicht-richtig-2107-157800-rss.html
Another Exploit Hits WD My Book Live Owners
While it will come as no comfort to those who had their Western Digital My Book Live NAS drives wiped last week, it seems they were attacked by a combination of two exploits, and possibly caught in the fallout of a rivalry between two different teams of hackers. Toms Hardware reports: Initially, after the news broke on Friday, it was thought a known exploit from 2018 was to blame, allowing attackers to gain root access to the devices. However, it now seems that a previously unknown exploit was [...]
https://hardware.slashdot.org/story/21/06/30/2319243/another-exploit-hits-wd-my-book-live-owners
We Infiltrated a Counterfeit Check Ring! Now What?
Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and youve shared this information in advance with the authorities each day for a year with no outward indication that they are doing anything about it. How frustrated would you be? Such is the curse of the fraud fighter known online by the handles -Brianna Ware- and [...]
https://krebsonsecurity.com/2021/06/we-infiltrated-a-counterfeit-check-ring-now-what/
Becoming Elon Musk - the Danger of Artificial Intelligence
A Tel Aviv, Israel-based artificial intelligence (AI) firm, with a mission to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents, has developed the opposite: an attack against facial recognition systems that can fool the algorithm into misinterpreting the image.
https://www.securityweek.com/becoming-elon-musk-%E2%80%93-danger-artificial-intelligence
CISA-s CSET Tool Sets Sights on Ransomware Threat
CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET-applicable to both information technology (IT) and industrial control system (ICS) networks-enables users to perform a comprehensive evaluation of their cybersecurity [...]
https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/cisas-cset-tool-sets-sights-ransomware-threat
Two years later, the NSABuffMiner botnet is still alive and kicking
A crypto-mining botnet named NSABuffMiner (or Indexsinas) is still active and infecting Windows systems using three leaked NSA exploits, security firm Guardicore said today.
https://therecord.media/two-years-later-the-nsabuffminer-botnet-is-still-alive-and-kicking/
Vulnerabilities
VU#383432: Microsoft Windows Print Spooler RpcAddPrinterDriverEx() function allows for RCE
The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.
https://kb.cert.org/vuls/id/383432
Sicherheitsupdate: Microsoft entdeckt kritische Lücke in Netgear-Router
Es gibt ein wichtiges Sicherheitsupdate für den WLAN Router DGN2200v1 von Netgear.
https://heise.de/-6126662
Security updates for Thursday
Security updates have been issued by Debian (htmldoc, ipmitool, and node-bl), Fedora (libgcrypt and libtpms), Mageia (dhcp, glibc, p7zip, sqlite3, systemd, and thunar), openSUSE (arpwatch, go1.15, and kernel), SUSE (curl, dbus-1, go1.15, and qemu), and Ubuntu (xorg-server).
https://lwn.net/Articles/861521/
EC-CUBE fails to restrict access permissions
https://jvn.jp/en/jp/JVN57942445/
Block Content Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-022
https://www.drupal.org/sa-contrib-2021-022
Linky Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-021
https://www.drupal.org/sa-contrib-2021-021
Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2021-020
https://www.drupal.org/sa-contrib-2021-020
Security Advisory - Path Traversal Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210630-01-pathtraversal-en
Security Notice - Statement About the Media Report on the Use of GEA-1 Weak Algorithm in Certain Phones
http://www.huawei.com/en/psirt/security-notices/2021/huawei-sn-20210618-01-gea1-en
Security Bulletin: Security Vulnerabilities in IBM® Java SDK April 2021 CPU plus affect multiple IBM Continuous Engineering products based on IBM Jazz Technology
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2021-cpu-plus-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology/
Security Bulletin: Using XSS attack, an attacker may inject Javascript code by modifying input fields in Datacap Navigator
https://www.ibm.com/blogs/psirt/security-bulletin-using-xss-attack-an-attacker-may-inject-javascript-code-by-modifying-input-fields-in-datacap-navigator/
Security Bulletin: IBM MQ Appliance vulnerability in TLS (CVE-2020-4831)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-vulnerability-in-tls-cve-2020-4831/
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-go-4/
Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability (CVE-2021-3449)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-openssl-vulnerability-cve-2021-3449/
Security Bulletin: SQL injection from various input fields may affect Datacap Navigator
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-from-various-input-fields-may-affect-datacap-navigator/