Tageszusammenfassung - 05.08.2021

End-of-Day report

Timeframe: Mittwoch 04-08-2021 18:00 - Donnerstag 05-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Ransomware: Unternehmen beklagen immense Schäden durch Cyberangriffe

Die Angriffe mit Ransomware nehmen massiv zu, zeigt nun auch der Bitkom-Verband. Auch das Homeoffice wird sicherheitskritisch.

https://www.golem.de/news/ransomware-unternehmen-beklagen-immense-schaeden-durch-cyberangriffe-2108-158684-rss.html

Cisco beseitigt kritische Schwachstellen aus Small Business-Routern der RV-Serie

Jetzt updaten: Remote Code Execution und Denial-of-Service wären mögliche Angriffskonsequenzen. Auch für weitere Cisco-Produkte sind wichtige Updates verfügbar.

https://heise.de/-6155856

Sicherheitsforscher entdecken Schwachstellen in Industriekontrollsystemen von Mitsubishi

Die Patches sind bereits in Arbeit, aber noch nicht erhältlich. Grund dafür ist ein aufwändiges Zertifizierungsverfahren. Möglicherweise sind auch Produkte anderer Hersteller betroffen.

https://www.zdnet.de/88396132/sicherheitsforscher-entdecken-schwachstellen-in-industriekontrollsystemen-von-mitsubishi/

Black Hat USA 2021: Security Advisories - mehr Durchblick dank Automatisierung

Uneinheitliche Advisory-Formate kosten wertvolle Zeit. Und wie beschreibt man eigentlich eine "Nicht-Verwundbarkeit"? CSAF und VEX sollen Abhilfe schaffen.

https://heise.de/-6155594

Microsoft Teams korrekt absichern

Microsoft Teams ist beliebt, gerät aber immer stärker ins Visier von Hackern. Wie Sie den Schutz der Kollaborations-Software am besten bewerkstelligen, schildert Bert Skorupski, Senior Manager Sales Engineering bei Quest Software, im ersten Teil eines zweiteiligen Gastbeitrages.

https://www.zdnet.de/88396112/microsoft-teams-korrekt-absichern/

Vorsicht vor mykundenservice.com: Hohe Telefonrechnung droht!

Während die meisten Unternehmen Kontakttelefonnummern offen kommunizieren, tun dies andere nicht. Da wäre eine Sammlung von Kontaktnummern durchaus hilfreich. Auf mykundenservice.com verspricht man zwar eine solche Sammlung, doch eigentlich lockt man zum Anruf einer 0900-Nummer. Achtung: Hier entstehen hohe Kosten!

https://www.watchlist-internet.at/news/vorsicht-vor-mykundenservicecom-hohe-telefonrechnung-droht/

How to Protect against EMOTET - "The World-s Most Dangerous Malware"

-In the summer of 2020, malware infections were on a clear rise. Many new variants were appearing, and enterprises, government agencies, business leaders, and public officials were all voicing concern. Yet, seven years after it was first discovered, the spread of the EMOTET malware was arguably most concerning of all.

https://www.beyondtrust.com/blog/entry/how-to-protect-against-emotet-the-worlds-most-dangerous-malware

Windows admins now can block external devices via layered Group Policy

Microsoft has added support for layered Group Policies, which allow IT admins to control what internal or external devices users can be installed on corporate endpoints across their organizations network.

https://www.bleepingcomputer.com/news/microsoft/windows-admins-now-can-block-external-devices-via-layered-group-policy/

MacOS Flaw in Telegram Retrieves Deleted Messages

Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead.

https://threatpost.com/macos-flaw-in-telegram-retrieves-deleted-messages/168412/

Examining Unique Magento Backdoors

During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by the attackers in these backdoors illustrates the ever-changing landscape of website security and highlights some of the tactics used to avoid traditional backdoor detection.

https://blog.sucuri.net/2021/08/examining-unique-magento-backdoors.html

Microsoft Patched the Issue With Windows Containers That Enabled Siloscape

Microsoft recently added additional security checks that address the Windows container escape that enabled Siloscape.

https://unit42.paloaltonetworks.com/windows-container-escape-patch/

Meet Prometheus, the secret TDS behind some of today-s malware campaigns

A recently discovered cybercrime service is helping malware gangs distribute their malicious payloads to unsuspecting users using a network of hacked websites.

https://therecord.media/meet-prometheus-the-secret-tds-behind-some-of-todays-malware-campaigns/

Pegasus Spyware: How It Works and What It Collects

An NSO document leaked to the internet reveals how the Pegasus spyware - sold to intelligence and law enforcement agencies around the world - can be used to spy on targeted mobile phones.

https://zetter.substack.com/p/pegasus-spyware-how-it-works-and

From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrator

Knock knock, who-s there? Your new DA! Several vulnerabilities that have been recently disclosed, namely: MS-EFSRPC - AKA PetitPotam Credential Relaying abusing the AD CS role Any attacker with internal network access, such as a phished client or a malicious planted device in the network, can take over the entire Active Directory domain without any [...]

https://blog.truesec.com/2021/08/05/from-stranger-to-da-using-petitpotam-to-ntlm-relay-to-active-directory/

Vulnerabilities

Cisco Security Advisories 2021-08-04

1 critical, 4 high, 2 medium severity

https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F08%2F04&firstPublishedEndDate=2021%2F08%2F04

SA44858 - 9.1R12 Security Fixes

[...] Fixes for all the CVEs listed above have been included in the latest version of PCS, 9.1R12, which was released on 2 August 2021. We strongly encourage you to upgrade to ensure your organization is protected.

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858

VMSA-2021-0016

VMware Workspace One Access, Identity Manager and vRealize Automation address multiple vulnerabilities (CVE-2021-22002, CVE-2021-22003)

https://www.vmware.com/security/advisories/VMSA-2021-0016.html

Security updates for Thursday

Security updates have been issued by Debian (jetty9 and openexr), openSUSE (mariadb and virtualbox), Red Hat (go-toolset-1.15 and go-toolset-1.15-golang), SUSE (djvulibre and mariadb), and Ubuntu (opencryptoki).

https://lwn.net/Articles/865306/

Amazon and Google patch major bug in their DNS-as-a-Service platforms

At the Black Hat security conference today, two security researchers have disclosed a security issue impacting hosted DNS service providers that can be abused to hijack the platforms nodes, intercept some of the incoming DNS traffic, and then map customers internal networks.

https://therecord.media/amazon-and-google-patch-major-bug-in-their-dns-as-a-service-platforms/