Tageszusammenfassung - 19.08.2021

End-of-Day report

Timeframe: Mittwoch 18-08-2021 18:00 - Donnerstag 19-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter


Cisco meldet gefährliche Remote-Angriffsmöglichkeiten auf Small Business-Router

Ein aktuelles Advisory von Cisco beschreibt eine kritische Sicherheitslücke, die mehrere Small Business-Router betrifft. Updates wird es nicht geben.


Ransomware-Attacken nehmen dramatisch zu

Mehr Ransomware-Angriffe, höhere Lösegeldforderungen und eine effizientere Verteilung - die Entwicklung der Datenerpressungsbranche ist besorgniserregend.


A Short History of Essay Spam (How We Got from Pills to Plagiarism)

>From answering beginner questions like 'What is SEO spam?' to breaking down the spammers' code and exactly how they hide their injections in compromised websites, we have written regularly about spam at Sucuri. If you-ve ever operated a WordPress website you will have certainly seen, at the very least, a litany of spam comments posted on your comments section.


Oh, Behave! Figuring Out User Behavior

I decided to embark on a journey to understand user behavior without knowing exactly how I would gather details about user activity as a research topic. A major component of this research is finding a way to gather data on user behavior without making too much noise or triggering detections in a live environment.


How to spot a DocuSign phish and what to do about it

Phishing scammers love well known brand names, particularly if youre expecting to hear from them.


Health authorities in 40 countries targeted by COVID-19 vaccine scammers

Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns


CISA Provides Recommendations for Protecting Information from Ransomware-Caused Data Breaches

CISA has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. These data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust.


Cisco: Security devices are vulnerable to SNIcat data exfiltration technique

Networking equipment vendor Cisco said today that some of its security products fail to detect and stop traffic to malicious servers that abuse a technique called SNIcat to covertly steal data from inside corporate networks.



Cisco Security Advisories 2021-08-18

2 critical, 5 medium severity


SSA-816035: Code Execution Vulnerability in SINEMA Remote Connect Client

The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances.



VMware Workspace ONE UEM console patches address a denial of service vulnerability (CVE-2021-22029)


Security updates for Thursday

Security updates have been issued by CentOS (exiv2, firefox, and thunderbird), Fedora (libsndfile, python-docx, and xscreensaver), openSUSE (haproxy), and SUSE (haproxy).


Positive Technologies helps to fix dangerous vulnerability in CODESYS ICS software

[...] This high-severity vulnerability (CVE-2021-36764) was discovered in the CODESYS V3 Runtime System software package (version By exploiting it, an attacker can disable the PLC and disrupt the technological process. The vulnerability (NULL Pointer Dereference) was found in the CmpGateway component. An attacker with network access to the industrial controller can send a specially formed TCP packet and interrupt the operation of the PLC. Also, it has been found that this software contains another vulnerability (Local Privilege Escalation), which is currently being reviewed by the vendor.


Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht Denial of Service


Internet Systems Consortium BIND: Schwachstelle ermöglicht Denial of Service


Kritische Schwachstellen in Altus Sistemas de Automacao Produkten


Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Golang Go


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2021 CPU that is bundled with IBM WebSphere Application Server Patterns


Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2021 CPU


Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Apache HttpClient


Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java- Technology Edition


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server


Linux kernel eBPF vulnerability CVE-2021-3490