End-of-Day report
Timeframe: Dienstag 06-07-2021 18:00 - Mittwoch 07-07-2021 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
WildPressure targets the macOS platform
We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.
https://securelist.com/wildpressure-targets-macos/103072/
Why I Love (Breaking Into) Your Security Appliances
David "moose" Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to "pick one lock" to invade an enterprise through them.
https://threatpost.com/breaking-into-security-appliances/167584/
Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform
An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process.
https://thehackernews.com/2021/07/dozens-of-vulnerable-nuget-packages.html
Fake-Shops für Fahrräder und E-Bikes haben Saison!
Auf bike-heller.de und mister24bike.de wird ein riesiges Sortiment an Fahrrädern und E-Bikes lagernd und sofort lieferbar angeboten. Allein das sollte stutzig machen, da viele seriöse Händler mitten in der Saison schon ausverkauft sind.
https://www.watchlist-internet.at/news/fake-shops-fuer-fahrraeder-und-e-bikes-haben-saison/
Understanding REvil: The Ransomware Gang Behind the Kaseya Attack
Ransomware cases worked by Unit 42 consultants in the first six months of 2021 reveal insights into the preferred tactics of REvil threat actors.
https://unit42.paloaltonetworks.com/revil-threat-actors/
Update - Kaseya VSA Ransomwarevorfall: Sicht auf Österreich
In Folge dieses Vorfalls ist nun auch eine Spam-Kampagne, welche Schadsoftware (Cobalt Strike) im Anhang ausliefert und vorgibt, ein legitimes Update für Kaseya VSA zu sein, in Erscheinung getreten.
https://cert.at/de/aktuelles/2021/7/kaseya-vsa-ransomwarevorfall
How to Tighten IoT Security for Healthcare Organization
This post will first explore some of the ways IoT is revolutionizing medical care, then identify some of the potential problems posed by connected devices in a medical setting.
https://blog.checkpoint.com/2021/06/21/how-to-tighten-iot-security-for-healthcare-organization/
Vulnerabilities
Printnightmare: Erste Patches für Windows-Sicherheitslücke
Durch ein Problem mit dem Windows-Druck-Spooler können Angreifer Code aus der Ferne ausführen. Erste Patches stehen bereit, aber noch nicht für alles. (Windows, Drucker)
https://www.golem.de/news/printnightmare-erste-patches-fuer-windows-sicherheitsluecke-2107-157931-rss.html
Kasperskys Passwort-Manager gefährdete Benutzer mit ratbaren Passwörtern
Wegen einer gründlich verpatzten Umsetzung ließen sich die vom Kaspersky Passwort-Manager vorgeschlagenen, scheinbar zufälligen Passwörter einfach erraten.
https://heise.de/-6130796
Security updates for Wednesday
Security updates have been issued by Fedora (glibc), Gentoo (doas, firefox, glib, schismtracker, and tpm2-tss), Mageia (httpcomponents-client), openSUSE (virtualbox), Red Hat (linuxptp), Scientific Linux (linuxptp), and Ubuntu (libuv1 and php7.2, php7.4).
https://lwn.net/Articles/862044/
This serious Wi-Fi bug can break your iPhone, but heres how to protect yourself
Walking past a Wi-Fi hotspot with a specific name can cause big problems for your iPhone. And the scary thing is that its easy to do.
https://www.zdnet.com/article/serious-wi-fi-bug-can-break-your-iphone-but-heres-how-to-protect-yourself/
Security Advisory - Bluetooth Function Denial of Service Vulnerability in Some Huawei Smartphone Products
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210707-03-dos-en
Security Bulletin: Netty Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-21409)
https://www.ibm.com/blogs/psirt/security-bulletin-netty-vulnerability-affects-ibm-watson-machine-learning-on-cp4d-cve-2021-21409/
Security Bulletin: Multiple vulnerabilities in Apache JSON Small and Fast Parser (json-smart) and Underscore affect IBM Spectrum Symphony
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-json-small-and-fast-parser-json-smart-and-underscore-affect-ibm-spectrum-symphony/
Security Bulletin: IBM App Connect Enterprise Certified Container could allow a privileged user to obtain sensitive information from internal log files (CVE-2021-29759)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-could-allow-a-privileged-user-to-obtain-sensitive-information-from-internal-log-files-cve-2021-29759/
Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by a ReDoS flaw when processing URLs (CVE-2021-33502)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-affected-by-a-redos-flaw-when-processing-urls-cve-2021-33502/
Security Bulletin: Castor Vulnerability Affects IBM Control Center (CVE-2014-3004)
https://www.ibm.com/blogs/psirt/security-bulletin-castor-vulnerability-affects-ibm-control-center-cve-2014-3004/
Security Bulletin: Golang Go Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2020-29652)
https://www.ibm.com/blogs/psirt/security-bulletin-golang-go-vulnerability-affects-ibm-watson-machine-learning-on-cp4d-cve-2020-29652/
Security Bulletin: Vulnerabilities in the Python, Python cryptography , and Urllib3 affect IBM Spectrum Discover.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-python-python-cryptography-and-urllib3-affect-ibm-spectrum-discover/
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to underscore vulnerability (CVE-2021-23358)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-underscore-vulnerability-cve-2021-23358/
Security Bulletin: Apache Log4j Vulnerability Affects IBM Control Center (CVE-2020-9488)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-control-center-cve-2020-9488/
Philips Vue PACS
https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01
Moxa NPort IAW5000A-I/O Series Serial Device Server
https://us-cert.cisa.gov/ics/advisories/icsa-21-187-01