End-of-Day report
Timeframe: Montag 23-08-2021 18:00 - Dienstag 24-08-2021 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
Triada Trojan in WhatsApp MOD
We discovered that the Trojan Triada snook into one of modified versions of the WhatsApp messenger called FMWhatsapp 16.80.0 together with the advertising software development kit (SDK).
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
Effective Threat-Hunting Queries in a Redacted World
Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers infrastructure.
https://threatpost.com/effective-threat-hunting-queries/168864/
Attackers Hunting For Twilio Credentials, (Tue, Aug 24th)
Twilio is a popular service used to send/receive SMS messages and phone calls.
https://isc.sans.edu/diary/rss/27782
Power-Apps-Portale von Microsoft: 38 Millionen Datensätze lagen offen
Sicherheitsforscher haben in Power-Apps-Portalen 38 Millionen Datensätze mit teils sensiblen Daten entdeckt - laut Microsoft aufgrund von Konfigurationsfehlern.
https://heise.de/-6173306
Vorsicht vor EU Compensation E-Mail!
Aktuell werden betrügerische E-Mails von -EU Compensation- versendet. Eine ominöse europäische Behörde behauptet, Betrugsopfer mit einer hohen Geldsumme zu entschädigen.
https://www.watchlist-internet.at/news/vorsicht-vor-eu-compensation-e-mail/
Ransomware Groups to Watch: Emerging Threats
Emerging ransomware groups to watch, according to Unit 42 researchers: AvosLocker, Hive Ransomware, HelloKitty and LockBit 2.0.
https://unit42.paloaltonetworks.com/emerging-ransomware-groups/
FBI sends its first-ever alert about a -ransomware affiliate-
The US Federal Bureau of Investigations has published today its first-ever public advisory detailing the modus operandi of a "ransomware affiliate."
https://therecord.media/fbi-sends-its-first-ever-alert-about-a-ransomware-affiliate/
Vulnerabilities
New zero-click iPhone exploit used to deploy NSO spyware
Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Groups Pegasus spyware on devices belonging to Bahraini activists.
https://www.bleepingcomputer.com/news/apple/new-zero-click-iphone-exploit-used-to-deploy-nso-spyware/
Security updates for Tuesday
Security updates have been issued by Debian (ledgersmb, tnef, and tor), Fedora (nodejs-underscore and tor), openSUSE (aws-cli, python-boto3, python-botocore,, fetchmail, firefox, and isync), SUSE (aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 and python-PyYAML), and Ubuntu (linux-aws-5.8, linux-azure-5.8, linux-gcp-5.8, linux-oracle-5.8).
https://lwn.net/Articles/867247/
[20210801] - Core - Insufficient access control for com_media deletion endpoint
https://developer.joomla.org/security-centre/861-20210801-core-insufficient-access-control-for-com-media-deletion-endpoint.html
Security Bulletin: CVE-2020-2773 (deferred from Oracle Apr 2020 CPU)
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2773-deferred-from-oracle-apr-2020-cpu/
Security Bulletin: Apache CXF (Publicly disclosed vulnerability)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-publicly-disclosed-vulnerability-2/
Security Bulletin: XStream (Publicly disclosed vulnerability)
https://www.ibm.com/blogs/psirt/security-bulletin-xstream-publicly-disclosed-vulnerability/
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-java-sdk-that-affect-ibm-security-directory-suite-2/
Security Bulletin: Update Secure Gateway Client in IBM DataPower Gateway to address several CVEs
https://www.ibm.com/blogs/psirt/security-bulletin-update-secure-gateway-client-in-ibm-datapower-gateway-to-address-several-cves/
Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-27221)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-v12-cve-2020-27221-5/
Security Bulletin: IBM Resilient Disaster Recovery (DR) system allows connections over TLS 1.0 (CVE-2021-29704)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-disaster-recovery-dr-system-allows-connections-over-tls-1-0-cve-2021-29704/
Security Bulletin: CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8)
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-14781-deferred-from-oracle-oct-2020-cpu-for-java-8/
OpenSSL: SM2 Decryption Buffer Overflow (CVE-2021-3711)
https://openssl.org/news/secadv/20210824.txt
Overview of F5 vulnerabilities (August 2021)
https://support.f5.com/csp/article/K50974556