End-of-Day report
Timeframe: Montag 26-07-2021 18:00 - Dienstag 27-07-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Failed Malspam: Recovering The Password, (Mon, Jul 26th)
Jan's diary entry "One way to fail at malspam - give recipients the wrong password for an encrypted attachment" got my attention: it's an opportunity for me to do some password cracking.
https://isc.sans.edu/diary/rss/27674
Hiding Malware in ML Models
-EvilModel: Hiding Malware Inside of Neural Network Models-.
https://www.schneier.com/blog/archives/2021/07/hiding-malware-in-ml-models.html
OSX.XLoader hides little except its main purpose: What we learned in the installation process
We dig into OSX.XLoader, also known as X Loader, which is the latest threat to macOS that bears some similarities to novice malware.
https://blog.malwarebytes.com/mac/2021/07/osx-xloader-hides-little-except-its-main-purpose-what-we-learned-in-the-installation-process/
Malware developers turn to exotic programming languages to thwart researchers
They are focused on exploiting pain points in code analysis and reverse-engineering.
https://www.zdnet.com/article/malware-developers-turn-to-exotic-programming-languages-to-thwart-researchers/
Wie MSPs am besten mit der Ransomware-Krise umgehen können
Managed Service Provider (MSPs) spielen eine kritische Rolle im Kampf gegen Schadsoftware. Allerdings traf die Ransomware-Attacke auf Kaseya dutzende von MSPs mit voller Wucht und dadurch mittelbar auch deren Kunden.
https://www.zdnet.de/88395971/wie-msps-am-besten-mit-der-ransomware-krise-umgehen-koennen/
Praying Mantis APT targets IIS servers with ASP.NET exploits
A new advanced persistent threat (APT) group has been seen carrying out attacks against Microsoft IIS web servers using old exploits in ASP.NET applications in order to plant a backdoor and then pivot to companys internal networks.
https://therecord.media/praying-mantis-apt-targets-iis-servers-with-asp-net-exploits/
Vulnerabilities
Apple fixes zero-day affecting iPhones and Macs, exploited in the wild
Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs.
https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-day-affecting-iphones-and-macs-exploited-in-the-wild/
Researchers warn of unpatched Kaseya Unitrends backup vulnerabilities
Security researchers warn of new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet.
https://www.bleepingcomputer.com/news/security/researchers-warn-of-unpatched-kaseya-unitrends-backup-vulnerabilities/
Moodle: Neue Versionen beseitigen Remote-Angriffsmöglichkeit via Shibboleth
Mehrere Versionen der Lernplattform sind, allerdings nur bei aktivierter Shibboleth-Authentifizierung, aus der Ferne angreifbar. Updates stehen bereit.
https://heise.de/-6148879
Security updates for Tuesday
Security updates have been issued by Debian (drupal7), Fedora (linux-firmware), openSUSE (qemu), Oracle (kernel and thunderbird), Red Hat (thunderbird), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird), SUSE (dbus-1, libvirt, linuxptp, qemu, and slurm), and Ubuntu (aspell and mysql-5.7, mysql-8.0).
https://lwn.net/Articles/864439/
Vulnerabilities Allow Hacking of Zimbra Webmail Servers With Single Email
Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization-s sent and received email messages, software security firm SonarSource reveals.
https://www.securityweek.com/vulnerabilities-allow-hacking-zimbra-webmail-servers-single-email
Security Bulletin: A security vulnerability in Golang Go affects IBM Cloud Pak for Multicloud Management Managed services
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-golang-go-affects-ibm-cloud-pak-for-multicloud-management-managed-services/
Security Bulletin: XSS Security Vulnerabilty Affects Mailbox UI of IBM Sterling B2B Integrator (CVE-2021-20562)
https://www.ibm.com/blogs/psirt/security-bulletin-xss-security-vulnerabilty-affects-mailbox-ui-of-ibm-sterling-b2b-integrator-cve-2021-20562/
Security Bulletin: A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-ruby-on-rails-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management/
Security Bulletin: GRUB2 as used by IBM QRadar SIEM is vulnerable to arbitrary code execution
https://www.ibm.com/blogs/psirt/security-bulletin-grub2-as-used-by-ibm-qradar-siem-is-vulnerable-to-arbitrary-code-execution/
Security Bulletin: IBM QRadar SIEM is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2021-20399)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-an-xml-external-entity-injection-xxe-attack-cve-2021-20399/
MIT Kerberos: Schwachstelle ermöglicht Offenlegung von Informationen
http://www.cert-bund.de/advisoryshort/CB-K21-0809
VLC: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0807
Foxit Reader: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K21-0812