End-of-Day report
Timeframe: Mittwoch 18-08-2021 18:00 - Donnerstag 19-08-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Cisco meldet gefährliche Remote-Angriffsmöglichkeiten auf Small Business-Router
Ein aktuelles Advisory von Cisco beschreibt eine kritische Sicherheitslücke, die mehrere Small Business-Router betrifft. Updates wird es nicht geben.
https://heise.de/-6169343
Ransomware-Attacken nehmen dramatisch zu
Mehr Ransomware-Angriffe, höhere Lösegeldforderungen und eine effizientere Verteilung - die Entwicklung der Datenerpressungsbranche ist besorgniserregend.
https://heise.de/-6169583
A Short History of Essay Spam (How We Got from Pills to Plagiarism)
>From answering beginner questions like 'What is SEO spam?' to breaking down the spammers' code and exactly how they hide their injections in compromised websites, we have written regularly about spam at Sucuri. If you-ve ever operated a WordPress website you will have certainly seen, at the very least, a litany of spam comments posted on your comments section.
https://blog.sucuri.net/2021/08/a-short-history-of-essay-spam-how-we-got-from-pills-to-plagiarism.html
Oh, Behave! Figuring Out User Behavior
I decided to embark on a journey to understand user behavior without knowing exactly how I would gather details about user activity as a research topic. A major component of this research is finding a way to gather data on user behavior without making too much noise or triggering detections in a live environment.
https://www.trustedsec.com/blog/oh-behave-figuring-out-user-behavior/
How to spot a DocuSign phish and what to do about it
Phishing scammers love well known brand names, particularly if youre expecting to hear from them.
https://blog.malwarebytes.com/social-engineering/2021/08/how-to-spot-a-docusign-phish-and-what-to-do-about-it/
Health authorities in 40 countries targeted by COVID-19 vaccine scammers
Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns
https://www.welivesecurity.com/2021/08/18/health-authorities-40-countries-targeted-covid19-vaccine-scammers/
CISA Provides Recommendations for Protecting Information from Ransomware-Caused Data Breaches
CISA has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. These data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust.
https://us-cert.cisa.gov/ncas/current-activity/2021/08/18/cisa-provides-recommendations-protecting-information-ransomware
Cisco: Security devices are vulnerable to SNIcat data exfiltration technique
Networking equipment vendor Cisco said today that some of its security products fail to detect and stop traffic to malicious servers that abuse a technique called SNIcat to covertly steal data from inside corporate networks.
https://therecord.media/cisco-security-devices-are-vulnerable-to-snicat-data-exfiltration-technique/
Vulnerabilities
Cisco Security Advisories 2021-08-18
2 critical, 5 medium severity
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&securityImpactRatings=critical,high,medium&firstPublishedStartDate=2021%2F08%2F18&firstPublishedEndDate=2021%2F08%2F18
SSA-816035: Code Execution Vulnerability in SINEMA Remote Connect Client
The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances.
https://cert-portal.siemens.com/productcert/txt/ssa-816035.txt
VMSA-2021-0017
VMware Workspace ONE UEM console patches address a denial of service vulnerability (CVE-2021-22029)
https://www.vmware.com/security/advisories/VMSA-2021-0017.html
Security updates for Thursday
Security updates have been issued by CentOS (exiv2, firefox, and thunderbird), Fedora (libsndfile, python-docx, and xscreensaver), openSUSE (haproxy), and SUSE (haproxy).
https://lwn.net/Articles/866753/
Positive Technologies helps to fix dangerous vulnerability in CODESYS ICS software
[...] This high-severity vulnerability (CVE-2021-36764) was discovered in the CODESYS V3 Runtime System software package (version 3.15.9.10). By exploiting it, an attacker can disable the PLC and disrupt the technological process. The vulnerability (NULL Pointer Dereference) was found in the CmpGateway component. An attacker with network access to the industrial controller can send a specially formed TCP packet and interrupt the operation of the PLC. Also, it has been found that this software contains another vulnerability (Local Privilege Escalation), which is currently being reviewed by the vendor.
https://www.ptsecurity.com/ww-en/about/news/positive-technologies-helps-to-fix-dangerous-vulnerability-in-codesys-ics-software
Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht Denial of Service
https://www.cert-bund.de/advisoryshort/CB-K21-0892
Internet Systems Consortium BIND: Schwachstelle ermöglicht Denial of Service
https://www.cert-bund.de/advisoryshort/CB-K21-0890
Kritische Schwachstellen in Altus Sistemas de Automacao Produkten
https://sec-consult.com/de/vulnerability-lab/advisory/kritische-schwachstellen-in-altus-sistemas-de-automacao-produkten/
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Golang Go
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-has-applied-security-fixes-for-its-use-of-golang-go/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2021 CPU that is bundled with IBM WebSphere Application Server Patterns
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-july-2021-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2021 CPU
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-july-2021-cpu-2/
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Apache HttpClient
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-has-applied-security-fixes-for-its-use-of-apache-httpclient/
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java- Technology Edition
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-8/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-4/
Linux kernel eBPF vulnerability CVE-2021-3490
https://support.f5.com/csp/article/K43346111