End-of-Day report
Timeframe: Montag 30-08-2021 18:00 - Dienstag 31-08-2021 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs
Cybercriminals are making strides towards attacks with malware that executes code from the graphics processing unit (GPU) of a compromised system.
https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/
LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection
Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.
https://threatpost.com/lockfile-ransomware-avoid-detection/169042/
Top 3 APIs Vulnerabilities: Why Apps are Owned by Cyberattackers
Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them.
https://threatpost.com/top-3-api-vulnerabilities-cyberattackers/169048/
BrakTooth: Impacts, Implications and Next Steps, (Tue, Aug 31st)
Today, the Automated Systems SEcuriTy (ASSET) Research Group from the Singapore University of Technology and Design (SUTD) revealed the BrakTooth family of vulnerabilities in commercial Bluetooth (BT) Classic stacks for various System-on-Chips (SoC).
https://isc.sans.edu/diary/rss/27802
Code Generated by GitHub Copilot Can Introduce Vulnerabilities: Researchers
A group of researchers has discovered that roughly 40% of the code produced by the GitHub Copilot language model is vulnerable.
https://www.securityweek.com/code-generated-github-copilot-can-introduce-vulnerabilities-researchers
SWR-Verbrauchermagazin -Marktcheck- warnt vor Fake-Shops auf Instagram
Betrügerische Online-Shops schalten im großen Stil auf Social-Media-Plattformen wie Instagram Werbeanzeigen.
https://www.watchlist-internet.at/news/swr-verbrauchermagazin-marktcheck-warnt-vor-fake-shops-auf-instagram/
DNS Rebinding Attack: How Malicious Websites Exploit Private Networks
DNS rebinding allows attackers to take advantage of web-based consoles to exploit internal networks by abusing the domain name system.
https://unit42.paloaltonetworks.com/dns-rebinding/
Cyberattackers are now quietly selling off their victims internet bandwidth
Proxyware is yet another way for criminals to generate revenue from their victims.
https://www.zdnet.com/article/cyberattackers-are-now-quietly-selling-off-their-victims-internet-bandwidth/
Vulnerabilities
NAS und Sicherheit: Qnap und Synology von OpenSSL-Lücke betroffen
Produkte beider NAS-Hersteller sind von einer bereits geschlossenen OpenSSL-Lücke betroffen. Sie arbeiten an einem Fix.
https://www.golem.de/news/nas-und-sicherheit-qnap-und-synology-von-openssl-luecke-betroffen-2108-159225-rss.html
HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform
HPE joins Apple in warning customers of a high-severity Sudo vulnerability.
https://threatpost.com/hpe-sudo-bug-aruba-platform/169038/
Kritische Rechte-Lücke in PostgreSQL-Modul geschlossen
Es gibt ein wichtiges Sicherheitsupdate für das set_user-Extension-Modul der Open-Source-Datenbank PostgreSQL.
https://heise.de/-6177973
CPU-Sicherheitslücke: AMD Ryzen und Epyc per Seitenkanal verwundbar
Sicherheitsforscher der TU Dresden beweisen, dass komplizierte Angriffe der Meltdown-Klasse grundsätzlich auch bei AMDs Ryzen-Prozessoren funktionieren.
https://heise.de/-6178386
Security updates for Tuesday
Security updates have been issued by CentOS (libsndfile and libX11), Debian (ledgersmb, libssh, and postgresql-9.6), Fedora (squashfs-tools), openSUSE (389-ds, nodejs12, php7, spectre-meltdown-checker, and thunderbird), Oracle (kernel, libsndfile, and libX11), Red Hat (bind, cloud-init, edk2, glibc, hivex, kernel, kernel-rt, kpatch-patch, microcode_ctl, python3, and sssd), SUSE (bind, mysql-connector-java, nodejs12, sssd, and thunderbird), and Ubuntu (apr, squashfs-tools, thunderbird, [...]
https://lwn.net/Articles/867917/
Companies Release Security Advisories in Response to New OpenSSL Vulnerabilities
Updates announced by the OpenSSL Project on August 24 patched CVE-2021-3711, a high-severity buffer overflow related to SM2 decryption, and CVE-2021-3712, a medium-severity flaw that can be exploited for denial-of-service (DoS) attacks, and possibly for the disclosure of private memory contents.
https://www.securityweek.com/companies-release-security-advisories-response-new-openssl-vulnerabilities
Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems
Researchers at cybersecurity firm Rapid7 have identified a couple of vulnerabilities that they claim can be exploited by hackers to remotely disarm one of the home security systems offered by Fortress Security Store.
https://www.securityweek.com/vulnerabilities-can-allow-hackers-disarm-fortress-home-security-systems
Crashing SIP Clients with a Single Slash
Claroty-s Team82 has disclosed a vulnerability in Belledonne Communications- Linphone SIP Protocol Stack.
https://claroty.com/2021/08/31/blog-research-crashing-sip-clients-with-a-single-slash/
Synology-SA-21:25 DSM
https://www.synology.com/en-global/support/security/Synology_SA_21_25