Tageszusammenfassung - 27.08.2021

End-of-Day report

Timeframe: Donnerstag 26-08-2021 18:00 - Freitag 27-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter

News

Cosmos DB: Tausende Azure-Nutzer von Sicherheitslücke betroffen

Angreifer hätten an die Schlüssel zu Cosmos-Datenbanken gelangen können. Viele große Firmen wie Coca-Cola setzen auf den Azure-Datenbankdienst.

https://www.golem.de/news/cosmos-db-tausende-azure-nutzer-von-sicherheitsluecke-betroffen-2108-159178-rss.html

Ragnarok Master-Decryptor-Schlüssel veröffentlicht

Opfer der Ragnarok-Ransomware, deren Daten bei einem Angriff verschlüsselt wurden, können wieder hoffen. Nachdem die Cyber-Kriminellen gerade ihren Betrieb eingestellt hat, wurde der Master-Decryptor-Schlüssel veröffentlicht. Damit sollten sich die verschlüsselten Dateien wiederherstellen lassen.

https://www.borncity.com/blog/2021/08/27/ragnarok-master-decryptor-schlssel-verffentlicht/

Widespread credential phishing campaign abuses open redirector links

Microsoft has been actively tracking a widespread credential phishing campaign using open redirector links, which allow attackers to use a URL in a trusted domain and embed the eventual final malicious URL as a parameter.

https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/

Big bad decryption bug in OpenSSL - but no cause for alarm

The buggy codes in there, alright. Fortunately, its hard to get OpenSSL to use it even if you want to, which mitigates the risk.

https://nakedsecurity.sophos.com/2021/08/27/big-bad-decryption-bug-in-openssl-but-no-cause-for-alarm/

How Passwords Get Hacked

Can you think of an online service that doesn-t require a password? Everything on the internet requires a password. However, constantly creating and remembering new and ever more complex passwords is no small task. In fact, 66% of people polled admitted to using the same password more than once because of how hard it is to remember passwords that are considered strong. Taking steps to make passwords easier to remember can also make them easier for hackers to guess.

https://blog.sucuri.net/2021/08/how-passwords-get-hacked-2.html

AWS ReadOnlyAccess: Not Even Once

You need to give your AWS role a set of permissions, but you still want to feel warm and safe on the inside. "Why not ReadOnlyAccess?" you ask. "I can just deny the permissions I don-t like" you proclaim. Let me show you how your faith in ReadOnly access will betray you and leave you with trust issues.

https://posts.specterops.io/aws-readonlyaccess-not-even-once-ffbceb9fc908

FBI Releases Indicators of Compromise Associated with Hive Ransomware

The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with ransomware attacks by Hive, a likely Ransomware-as-a-Service organization consisting of a number of actors using multiple mechanisms to compromise business networks, exfiltrate data and encrypt data on the networks, and attempt to collect a ransom in exchange for access to the [...]

https://us-cert.cisa.gov/ncas/current-activity/2021/08/27/fbi-releases-indicators-compromise-associated-hive-ransomware

Academics bypass PINs for Mastercard and Maestro contactless payments

A team of scientists from a Swiss university has discovered a way to bypass PIN codes on contactless cards from Mastercard and Maestro.

https://therecord.media/academics-bypass-pins-for-mastercard-and-maestro-contactless-payments/

Vulnerabilities

Sicherheitsupdates: Root-Kernel-Lücke bedroht IBMs Betriebssystem AIX

Angreifer könnten Systeme mit IBM AIX attackieren und sich Root-Rechte verschaffen. Sicherheitsupdates schaffen Abhilfe.

https://heise.de/-6176064

Security updates for Friday

Security updates have been issued by Fedora (haproxy and libopenmpt), openSUSE (aws-cli, python-boto3, python-botocore,, dbus-1, and qemu), Oracle (rh-postgresql10-postgresql), Red Hat (compat-exiv2-023, compat-exiv2-026, exiv2, libsndfile, microcode_ctl, python27, rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon, rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon, and rh-python38), Scientific Linux (compat-exiv2-023 and compat-exiv2-026), SUSE (compat-openssl098), and Ubuntu (libssh, openssl, [...]

https://lwn.net/Articles/867636/

Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000

This advisory contains mitigation for an Improper Authorization vulnerability in Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000, an enterprise access control and integrated security management system.***-

https://us-cert.cisa.gov/ics/advisories/icsa-21-238-01

Annke Network Video Recorder

This advisory contains mitigation for a Stack-based Buffer Overflow vulnerability in the Annke N48PBB Network Video Recorder.

https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02

Delta Electronics DIAEnergie

This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Incorrect Authorization, Unrestricted Upload of File with Dangerous Type, SQL Injection, and Cross-site Request Forgery vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.

https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03

Delta Electronics DOPSoft

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in Delta Electronics DOPSoft HMI editing software

https://us-cert.cisa.gov/ics/advisories/icsa-21-238-04

SYSS-2021-035, SySS-2021-036, SySS-2021-037, SySS-2021-038, SySS-2021-039: Mehrere Schwachstellen im MIK.starlight-Server

Mehrere Funktionen im MIK.starlight-Server deserialisieren Daten auf unsichere Weise und erlauben einem Angreifer dadurch die Übernahme des Systems.

https://www.syss.de/pentest-blog/syss-2021-035-syss-2021-036-syss-2021-037-syss-2021-038-syss-2021-039-mehrere-schwachstellen-in-mikstarlight-server