End-of-Day report
Timeframe: Donnerstag 05-08-2021 18:00 - Freitag 06-08-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Linux version of BlackMatter ransomware targets VMware ESXi servers
-The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMwares ESXi virtual machine platform.
https://www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets-vmware-esxi-servers/
Lockbit 2.0: Ransomware will Firmen-Insider rekrutieren
Die Ransomware-Gruppe Lockbit sucht auf ungewöhnliche Weise nach Insidern, die ihr Zugangsdaten übermitteln sollen.
https://www.golem.de/news/lockbit-2-0-ransomware-will-firmen-insider-rekrutieren-2108-158701-rss.html
Malicious Microsoft Word Remains A Key Infection Vector, (Fri, Aug 6th)
Despite Microsoft's attempts to make its Office suite more secure and disable many automatic features, despite the fact that users are warned that suspicious documents should not be opened, malicious Word documents remain a key infection vector today.
https://isc.sans.edu/diary/rss/27716
Using -Master Faces- to Bypass Face-Recognition Authenticating Systems
A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high probability of success, any user, without having access to any user-information.
https://www.schneier.com/blog/archives/2021/08/using-master-faces-to-bypass-face-recognition-authenticating-systems.html
EU officials investigating breach of Cybersecurity Atlas project
The European Commission is investigating a breach of its Cybersecurity Atlas project after a copy of the site-s backend database was put up for sale on an underground cybercrime forum on Monday.
https://therecord.media/eu-officials-investigating-breach-of-cybersecurity-atlas-project/
Security-Oscars: And the Pwnie goes to -
Der Pandemie zum Trotz hat die Pwnie-Jury auch in diesem Jahr die Security-Oscars verliehen - und natürlich auch "Goldene Himbeeren".
https://heise.de/-6157581
What is Tor?
We give a brief overview of Tor, the secure communications tool. We explain what it is, how you can use it, and some of the potential drawbacks.
https://blog.malwarebytes.com/privacy-2/2021/08/what-is-tor/
Black Hat: How cybersecurity incidents can become a legal minefield
Facing a cyberattack? Pick up the phone and talk to legal help as well as incident response.
https://www.zdnet.com/article/black-hat-how-cybersecurity-can-be-a-legal-minefield-for-lawyers/
Disgruntled ransomware affiliate leaks the Conti gang-s technical manuals
A disgruntled member of the Conti ransomware program has leaked today the manuals and technical guides used by the Conti gang to train affiliate members on how to access, move laterally, and escalate access inside a hacked company and then exfiltrate its data before encrypting files.
https://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/
Vulnerabilities
VU#357312: HTTP Request Smuggling in Web Proxies
HTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver are vulnerable to HTTP Request Smuggling.
https://kb.cert.org/vuls/id/357312
Kindle: Mit Schadcode infizierte E-Books konnten Amazon-Account kapern
Mit infizierten E-Books konnten Sicherheitsforscher Kindle-Reader und sogar Amazon-Konten übernehmen. Amazon hat die Lücke mittlerweile geschlossen.
https://heise.de/-6157512
Security updates for Friday
Security updates have been issued by Debian (tomcat8), Mageia (bluez, exiv2, fetchmail, libsndfile, nodejs, php-pear, python-pillow, and rabbitmq-server), openSUSE (apache-commons-compress, balsa, djvulibre, mariadb, mysql-connector-java, nodejs8, opera, and spice-vdagent), Red Hat (ruby:2.7), SUSE (apache-commons-compress, djvulibre, java-11-openjdk, libsndfile, mariadb, nodejs8, and spice-vdagent), and Ubuntu (docker.io).
https://lwn.net/Articles/865465/
Black Hat: BadAlloc bugs expose millions of IoT devices to hijack
BadAlloc vulnerabilities impact millions of devices worldwide.
https://www.zdnet.com/article/black-hat-badalloc-bugs-expose-millions-of-iot-devices-to-hijack/
Security Bulletin: Vulnerability in IBM® SDK Java- Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler-2/
Security Bulletin: Vulnerability in IBM® SDK Java- Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler/
Free Micropatches for "PetitPotam"
https://blog.0patch.com/2021/08/free-micropatches-for-petitpotam.html
HCC Embedded InterNiche TCP/IP stack, NicheLite
https://us-cert.cisa.gov/ics/advisories/icsa-21-217-01
FATEK Automation FvDesigner
https://us-cert.cisa.gov/ics/advisories/icsa-21-217-02
mySCADA myPRO
https://us-cert.cisa.gov/ics/advisories/icsa-21-217-03
Advantech WebAccess SCADA
https://us-cert.cisa.gov/ics/advisories/icsa-21-217-04
CISA Releases Security Advisory for InterNiche Products
https://us-cert.cisa.gov/ncas/current-activity/2021/08/05/cisa-releases-security-advisory-interniche-products