End-of-Day report
Timeframe: Freitag 20-08-2021 18:00 - Montag 23-08-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
ProxyShell: Massive Angriffswelle auf ungepatchte Exchange-Server
Die Lücken sind bekannt, Patches da - trotzdem sind tausende Exchange-Server angreifbar. Nun rollt eine massive Angriffswelle, die die Schwachstellen ausnutzt.
https://heise.de/-6171597
SynAck ransomware decryptor lets victims recover files for free
Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free.
https://www.bleepingcomputer.com/news/security/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Kubernetes hardening: Drilling down on the NSA/CISA guidance
Kubernetes has become the de facto choice for container orchestration. Some studies report that up to 88% of organizations are using Kubernetes for their container orchestration needs and 74% of that occurring in production environments. That said, security remains a critical concern with as many as 94% of organizations reporting at least one security incident in their Kubernetes environments in the last 12 months.
https://www.csoonline.com/article/3629049/kubernetes-hardening-drilling-down-on-the-nsa-cisa-guidance.html
Gaming-related cyberthreats in 2020 and 2021
In this report, you will find statistics and other information about gaming-related malware, phishing schemes and other threats in 2020 and the first half of 2021.
https://securelist.com/game-related-cyberthreats/103675/
Web Censorship Systems Can Facilitate Massive DDoS Attacks
Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks.
https://threatpost.com/censorship-systems-ddos-attacks/168853/
Out of Band Phishing. Using SMS messages to Evade Network Detection, (Thu, Aug 19th)
Many companies have extensive security tools to monitor employee computers. But these precautions often fail for "out of band" access that uses cellular networks instead of Ethernet/WiFi networks. Our reader Isabella sent us this phishing email that they received: [...]
https://isc.sans.edu/diary/rss/27768
Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group
ShinyHunters, a notorious cybercriminal underground group thats been on a data breach spree since last year, has been observed searching companies GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers modus operandi has revealed.
https://thehackernews.com/2021/08/researchers-detail-modus-operandi-of.html
Details Disclosed for Critical Vulnerability in Sophos Appliances
Organizations using security appliances from Sophos have been advised to make sure their devices are up to date after a researcher disclosed the details of a critical vulnerability patched last year.
https://www.securityweek.com/details-disclosed-critical-vulnerability-sophos-appliances
LockFile: Ransomware Uses PetitPotam Exploit to Compromise Windows Domain Controllers
Previously unseen ransomware hit at least 10 organizations in ongoing campaign.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockfile-ransomware-new-petitpotam-windows
Vulnerabilities
Das Anstecken einer Razer-Maus macht Angreifer zu Windows-10-Admins
Eine Schwachstelle in der Konfigurationssoftware Synapse von Razer gefährdet Windows-PCs. Ein Sicherheitspatch steht noch aus.
https://heise.de/-6171968
Attackers Actively Exploiting Realtek SDK Flaws
Multiple vulnerabilities in software used by 65 vendors under active attack.
https://threatpost.com/attackers-exploiting-realtek/168856/
Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems
Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. Thats according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top [...]
https://thehackernews.com/2021/08/top-15-vulnerabilities-attackers.html
Micropatching MSHTML Remote Code Execution Issue (CVE-2021-33742)
June 2021 Windows Updates brought a fix for CVE-2021-33742, a remote code execution in the MSHTML component, exploitable via Microsoft browsers and potentially other applications using this component, e.g. via a malicious Microsoft Word document. Discovery of this issue was attributed to Clément Lecigne of Google-s Threat Analysis Group, while Googles security researcher Maddie Stone wrote a detailed analysis.
https://blog.0patch.com/2021/08/micropatching-mshtml-remote-code.html
Security updates for Monday
Security updates have been issued by Debian (ffmpeg, ircii, and scrollz), Fedora (kernel, krb5, libX11, and rust-actix-http), Mageia (kernel and kernel-linus), openSUSE (aspell, chromium, dbus-1, isync, java-1_8_0-openjdk, krb5, libass, libhts, libvirt, prosody, systemd, and tor), SUSE (cpio, dbus-1, libvirt, php7, qemu, and systemd), and Ubuntu (inetutils).
https://lwn.net/Articles/867149/
Planned Vembu Full Disclosure
If you are using Vembu BDR version 3.7.0, 3.9.1 Update 1, 4.2.0 or 4.2.0.1 and have your instances exposed to public internet, you are strongly advices to upgrade to Vembu BDR v4.2.0.2. On the 25th of August we plan to release the full details of the following CVEs: CVE-2021-26471, CVE-2021-26472, and CVE-2021-26473 All of these vulnerabilities are unauthenticated remote code execution vulnerabilities.
https://csirt.divd.nl/2021/08/20/Planned-Vembu-Full-Disclosure/
Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-27221)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-v12-cve-2020-27221-4/
F-Secure Produkte: Schwachstelle ermöglicht Denial of Service
https://www.cert-bund.de/advisoryshort/CB-K21-0898