Tageszusammenfassung - 31.08.2021

End-of-Day report

Timeframe: Montag 30-08-2021 18:00 - Dienstag 31-08-2021 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer


Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs

Cybercriminals are making strides towards attacks with malware that executes code from the graphics processing unit (GPU) of a compromised system.


LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection

Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.


Top 3 APIs Vulnerabilities: Why Apps are Owned by Cyberattackers

Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them.


BrakTooth: Impacts, Implications and Next Steps, (Tue, Aug 31st)

Today, the Automated Systems SEcuriTy (ASSET) Research Group from the Singapore University of Technology and Design (SUTD) revealed the BrakTooth family of vulnerabilities in commercial Bluetooth (BT) Classic stacks for various System-on-Chips (SoC).


Code Generated by GitHub Copilot Can Introduce Vulnerabilities: Researchers

A group of researchers has discovered that roughly 40% of the code produced by the GitHub Copilot language model is vulnerable.


SWR-Verbrauchermagazin -Marktcheck- warnt vor Fake-Shops auf Instagram

Betrügerische Online-Shops schalten im großen Stil auf Social-Media-Plattformen wie Instagram Werbeanzeigen.


DNS Rebinding Attack: How Malicious Websites Exploit Private Networks

DNS rebinding allows attackers to take advantage of web-based consoles to exploit internal networks by abusing the domain name system.


Cyberattackers are now quietly selling off their victims internet bandwidth

Proxyware is yet another way for criminals to generate revenue from their victims.



NAS und Sicherheit: Qnap und Synology von OpenSSL-Lücke betroffen

Produkte beider NAS-Hersteller sind von einer bereits geschlossenen OpenSSL-Lücke betroffen. Sie arbeiten an einem Fix.


HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform

HPE joins Apple in warning customers of a high-severity Sudo vulnerability.


Kritische Rechte-Lücke in PostgreSQL-Modul geschlossen

Es gibt ein wichtiges Sicherheitsupdate für das set_user-Extension-Modul der Open-Source-Datenbank PostgreSQL.


CPU-Sicherheitslücke: AMD Ryzen und Epyc per Seitenkanal verwundbar

Sicherheitsforscher der TU Dresden beweisen, dass komplizierte Angriffe der Meltdown-Klasse grundsätzlich auch bei AMDs Ryzen-Prozessoren funktionieren.


Security updates for Tuesday

Security updates have been issued by CentOS (libsndfile and libX11), Debian (ledgersmb, libssh, and postgresql-9.6), Fedora (squashfs-tools), openSUSE (389-ds, nodejs12, php7, spectre-meltdown-checker, and thunderbird), Oracle (kernel, libsndfile, and libX11), Red Hat (bind, cloud-init, edk2, glibc, hivex, kernel, kernel-rt, kpatch-patch, microcode_ctl, python3, and sssd), SUSE (bind, mysql-connector-java, nodejs12, sssd, and thunderbird), and Ubuntu (apr, squashfs-tools, thunderbird, [...]


Companies Release Security Advisories in Response to New OpenSSL Vulnerabilities

Updates announced by the OpenSSL Project on August 24 patched CVE-2021-3711, a high-severity buffer overflow related to SM2 decryption, and CVE-2021-3712, a medium-severity flaw that can be exploited for denial-of-service (DoS) attacks, and possibly for the disclosure of private memory contents.


Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems

Researchers at cybersecurity firm Rapid7 have identified a couple of vulnerabilities that they claim can be exploited by hackers to remotely disarm one of the home security systems offered by Fortress Security Store.


Crashing SIP Clients with a Single Slash

Claroty-s Team82 has disclosed a vulnerability in Belledonne Communications- Linphone SIP Protocol Stack.


Synology-SA-21:25 DSM