End-of-Day report
Timeframe: Dienstag 10-08-2021 18:00 - Mittwoch 11-08-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
Kaseyas universal REvil decryption key leaked on a hacking forum
The universal decryption key for REvils attack on Kaseyas customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key.
https://www.bleepingcomputer.com/news/security/kaseyas-universal-revil-decryption-key-leaked-on-a-hacking-forum/
New AdLoad malware variant slips through Apples XProtect defenses
A new AdLoad malware variant is slipping through Apples YARA signature-based XProtect built-in antivirus tech to infect Macs.
https://www.bleepingcomputer.com/news/apple/new-adload-malware-variant-slips-through-apples-xprotect-defenses/
TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike, (Wed, Aug 11th)
TA551 (also known as Shathak) represents a threat actor behind malspam that has pushed different families of malware over the past few years.
https://isc.sans.edu/diary/rss/27738
Das Conti-Leak: Bedienungsanleitung für Ransomware-
In den Handbüchern für Affiliates beschreiben die Kriminellen minutiös, wie man ein Netz auskundschaftet, Zugang ausweitet und schließlich Daten verschlüsselt.
https://heise.de/-6160551
Anonym im Internet: Sicherheitsupdates für Tor Browser und Tails OS erschienen
Die Entwickler haben Komponenten von Tor Browser und Tails aktualisiert, um die Sicherheit aufrechtzuerhalten.
https://heise.de/-6161195
5 Costly Mistakes in Cyber Incident Response Preparation
Even with the best preparation and retainers, incident response is rarely an inexpensive endeavor in terms of money, people, operational disruption, or time.
https://www.dragos.com/blog/industry-news/5-costly-mistakes-in-cyber-incident-response-preparation/
Conducting Architecture Reviews in Light of the New TSA Directives
TSA, the sector-specific agency for pipelines, released its first directive to the pipeline industry on May 27th and followed up with a second directive on July 20th.
https://www.dragos.com/blog/industry-news/conducting-architecture-reviews-in-light-of-the-new-tsa-directives/
Why Are Ransomware Attacks Against OT Increasing?
Most discussions around cybersecurity understandably focus on information technology (IT). Assets like cloud services and data centers are typically what companies spend the most time and effort securing. Recently, though, operational technology (OT) has come under increasing scrutiny from leading security experts in both the private and public sectors.
https://www.tripwire.com/state-of-security/ics-security/why-are-ransomware-attacks-against-ot-increasing/
Hacker kapern Instagram-Profil und erpressen Opfer
BetrügerInnen haben es auf Instagram-Accounts mit vielen FollowerInnen abgesehen: Sie hacken deren Konten und verlangen anschließend Lösegeld. Wird nicht bezahlt, drohen die Hacker, das Profil zu löschen.
https://www.watchlist-internet.at/news/hacker-kapern-instagram-profil-und-erpressen-opfer/
Vulnerabilities
VU#608209: NicheStack embedded TCP/IP has vulnerabilities
HCC Embeddeds software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities.
https://kb.cert.org/vuls/id/608209
Patchday: Microsoft meldet abermals Attacken auf Windows
Es gibt wichtige Sicherheitsupdates für unter anderem kritische Lücken in Azure, Edge und verschiedenen Windows-Versionen.
https://heise.de/-6160526
Free Micropatches for "PetitPotam" (CVE-2021-36942)
Update 8/11/2021-B: Neither Microsofts August fix nor our micropatch seem to have covered all PetitPotam affected code. Both fixed the anonymous attack vector but we're investigating additional authenticated paths now and looking for the best way to patch that too.
https://blog.0patch.com/2021/08/free-micropatches-for-petitpotam.html
Security updates for Wednesday
Security updates have been issued by Debian (ceph), Fedora (buildah, containernetworking-plugins, and podman), openSUSE (chromium, kernel, php7, python-CairoSVG, python-Pillow, seamonkey, and transfig), Red Hat (microcode_ctl), SUSE (kernel and libcares2), and Ubuntu (c-ares).
https://lwn.net/Articles/865978/
Intel Releases Multiple Security Updates
Intel has released security updates to address vulnerabilities multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/intel-releases-multiple-security-updates
iTunes 12.11.4 for Windows
https://support.apple.com/kb/HT212609
Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2021-20427)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-restriction-of-excessive-authentication-attempts-vulnerability-cve-2021-20427/
Security Bulletin: IBM Security Guardium is affected by an OpenLDAP vulnerability (CVE-2020-25692)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openldap-vulnerability-cve-2020-25692/
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-disconnected-log-collector-is-vulnerable-to-using-components-with-known-vulnerabilities/
Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager DR
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affects-ibm-vm-recovery-manager-dr-2/
Security Bulletin: IBM Security Guardium is affected by a Reliance on Untrusted Inputs in Security Descision
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-reliance-on-untrusted-inputs-in-security-descision/
Security Bulletin: IBM Security Guardium is affected by a Weak Password Policy vulnerability (CVE-2021-20418)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-weak-password-policy-vulnerability-cve-2021-20418/
Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/
VMSA-2021-0016
https://www.vmware.com/security/advisories/VMSA-2021-0016.html
AMD Prozessoren: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
http://www.cert-bund.de/advisoryshort/CB-K21-0852