End-of-Day report
Timeframe: Montag 19-07-2021 18:00 - Dienstag 20-07-2021 18:00
Handler: Robert Waldner
Co-Handler: Thomas Pribitzer
News
New MosaicLoader malware targets software pirates via online ads
An ongoing worldwide campaign is pushing new malware dubbed MosaicLoader advertising camouflaged as cracked software via search engine results to infect wannabe software pirates systems.
https://www.bleepingcomputer.com/news/security/new-mosaicloader-malware-targets-software-pirates-via-online-ads/
Summer of SAM - incorrect permissions on Windows 10/11 hives, (Tue, Jul 20th)
If you opened Twitter today you were probably flooded with news about the latest security issue with Windows.
https://isc.sans.edu/diary/rss/27652
6 typische Phishing-Attacken
Phishing, Smishing, Vishing - kennen Sie den Unterschied?
https://sec-consult.com/de/blog/detail/6-common-types-of-phishing-attacks/
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771).
https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/
Don-t Wanna Pay Ransom Gangs? Test Your Backups.
Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only theyd had proper data backups.
https://krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-backups/
Vorsicht vor gefälschtem -Voicemail- SMS
-Sie haben eine neue Voicemail-: Dieses lästige Fake-SMS mit einem Link zu einer angeblichen Sprachnachricht erhalten momentan unzählige HandynutzerInnen. Klicken Sie keinesfalls auf den Link.
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschtem-voicemail-sms/
AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China-s MSS Hainan State Security Department
This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40.
https://us-cert.cisa.gov/ncas/alerts/aa21-200a
Significant Historical Cyber-Intrusion Campaigns Targeting ICS
CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS.
https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/significant-historical-cyber-intrusion-campaigns-targeting-ics
Vulnerabilities
TYPO3 Security Advisories for 2021-07-20
TYPO3-CORE-SA-2021-009 - TYPO3-CORE-SA-2021-012
https://typo3.org/help/security-advisories
Forensischer Bericht: iMessage-Lücke für Pegasus Spyware wird weiterhin genutzt
Amnesty International geht davon aus, dass eine iMessage-Lücke zur Installation von Spyware der Überwachungsfirma NSO Group bis heute ausgenutzt wird.
https://heise.de/-6141467
Security updates for Tuesday
Security updates have been issued by Debian (kernel, libjdom1-java, rabbitmq-server, and systemd), Fedora (glibc), Gentoo (libpano13, libslirp, mpv, pjproject, pycharm-community, and rpm), Mageia (glibc, libuv, mbedtls, rvxt-unicode, mxrvt, eterm, tomcat, and zziplib), openSUSE (dbus-1, firefox, go1.15, lasso, nodejs10, nodejs12, nodejs14, and sqlite3), SUSE (go1.15), and Ubuntu (containerd).
https://lwn.net/Articles/863617/
Oracle Releases July 2021 Critical Patch Update
Oracle has released its Critical Patch Update for July 2021 to address 327 vulnerabilities across multiple products.
https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/oracle-releases-july-2021-critical-patch-update
Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug
Security experts have found a severe vulnerability in a common printer driver used by HP, Xerox, and Samsung.
https://therecord.media/hundreds-of-millions-of-hp-xerox-and-samsung-printers-vulnerable-to-new-bug/
New Sequoia bug gives you root access on most Linux systems
Security auditing firm Qualys said today it discovered a new vulnerability in the Linux operating system that can grant attackers root access on most distros, such as Ubuntu, Debian, and Fedora.
https://therecord.media/new-sequoia-bug-gives-you-root-access-on-most-linux-systems/
Sicherheitsupdates: Root-Lücke bedroht FortiManager und FortiAnalyzer
https://heise.de/-6142498
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect OS Images for Red Hat Linux Systems used by IBM Cloud Pak System (Jan2021 updates)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-os-images-for-red-hat-linux-systems-used-by-ibm-cloud-pak-system-jan2021-updates/
Security Bulletin: IBM App Connect Enterprise v11 is affected by vulnerabilities in Node.js (CVE-2021-23358)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-v11-is-affected-by-vulnerabilities-in-node-js-cve-2021-23358-2/
Security Bulletin: Vulnerability in self-service console affects IBM Cloud Pak System (CVE-2021-20478)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-self-service-console-affects-ibm-cloud-pak-system-cve-2021-20478/
Security Bulletin: A vulnerability in IBM Spectrum Scale could allow an authenticated user to gain elevated privileges (CVE-2020-9492)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spectrum-scale-could-allow-an-authenticated-user-to-gain-elevated-privileges-cve-2020-9492/
Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Pak System (CVE-2020-1971)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-cloud-pak-system-cve-2020-1971/
Security Bulletin: Vulnerabilities in Docker affect IBM Cloud Pak System
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-docker-affect-ibm-cloud-pak-system/
Security Bulletin: Vulnerabilities in Python affect OS Image for RedHat bundled with Cloud Pak System
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-python-affect-os-image-for-redhat-bundled-with-cloud-pak-system/
Security Bulletin: Watson Explorer is affected by Apache PDFBox vulnerabilities (CVE-2021-27807, CVE-2021-27906, CVE-2021-31811, CVE-2021-31812)
https://www.ibm.com/blogs/psirt/security-bulletin-watson-explorer-is-affected-by-apache-pdfbox-vulnerabilities-cve-2021-27807-cve-2021-27906-cve-2021-31811-cve-2021-31812/
Security Bulletin: Vulnerability in jackson-databind affects Cloud Pak System (CVE-2020-25649)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-databind-affects-cloud-pak-system-cve-2020-25649/
Security Bulletin: IBM API Connect is impacted by vulnerabilities in node.js and OpenSSL (CVE-2021-23840, CVE-2021-22884, CVE-2021-22883)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-node-js-and-openssl-cve-2021-23840-cve-2021-22884-cve-2021-22883/
Vulnerabilities in CODESYS V2 runtime systems
https://psirt.bosch.com/security-advisories/bosch-sa-670099.html