End-of-Day report
Timeframe: Mittwoch 01-09-2021 18:00 - Donnerstag 02-09-2021 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
How to block Windows Plug-and-Play auto-installing insecure apps
A trick has been discovered that prevents your device from being taken over by vulnerable Windows applications when devices are plugged into your computer.
https://www.bleepingcomputer.com/news/microsoft/how-to-block-windows-plug-and-play-auto-installing-insecure-apps/
Team Cymru-s Threat Hunting Maturity Model Explained
In this four-part series, we-ll be looking at Team Cymru-s Threat Hunting Maturity Model.
https://team-cymru.com/blog/2021/09/02/team-cymrus-threat-hunting-maturity-model-explained-2/
QakBot technical analysis
This report contains technical analysis of the Trojan-Banker named QakBot (aka QBot, QuackBot or Pinkslipbot) and its information stealing, web injection and other modules.
https://securelist.com/qakbot-technical-analysis/103931/
Analysis of a Phishing Kit (that targets Chase Bank)
Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by attackers.
https://blog.sucuri.net/2021/09/analysis-of-a-phishing-kit-that-targets-chase-bank.html
Too Log; Didnt Read - Unknown Actor Using CLFS Log Files for Stealth
The Mandiant Advanced Practices team recently discovered a new malware family we have named PRIVATELOG and its installer, STASHLOG.
http://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
Google Play sign-ins can be abused to track another person-s movements
We tried to help somebody install an app on an Android phone and stumbled on a way to track them instead.
https://blog.malwarebytes.com/awareness/2021/09/google-play-sign-ins-can-be-abused-to-track-another-persons-movements/
Translated: Talos insights from the recently leaked Conti ransomware playbook
Cisco Talos recently became aware of a leaked playbook that has been attributed to the ransomware-as-a-service (RaaS) group Conti.
https://blog.talosintelligence.com/2021/09/Conti-leak-translation.html
Vorsicht vor fit4fun-arena.de - zu günstig um wahr zu sein
Der Fake-Shop fit4fun-arena.de bietet unglaublich günstige Fahrräder und weitere Fitnessartikel an.
https://www.watchlist-internet.at/news/vorsicht-vor-fit4fun-arenade-zu-guenstig-um-wahr-zu-sein/
Vulnerabilities
Dateimanager Midnight Commander seit neun Jahren angreifbar
Es gibt ein wichtiges Sicherheitsupdate für Midnight Commander.
https://heise.de/-6180301
Braktooth: Neue Bluetooth-Lücken bedrohen unzählige Geräte
Sicherheitsforscher haben mehrere Bluetooth-Schwachstellen entdeckt. Nicht alle Hersteller planen, Patches zu veröffentlichen.
https://heise.de/-6180540
Cisco beseitigt kritische Lücke aus Enterprise NFV Infrastructure Software
Jetzt updaten: Die Enterprise NFV Infrastructure Software (NFVIS) kann je nach Konfiguration aus der Ferne angreifbar sein. Aktualisierungen stehen bereit.
https://heise.de/-6180655
Security updates for Thursday
Security updates have been issued by openSUSE (ffmpeg and gstreamer-plugins-good), SUSE (apache2, apache2-mod_auth_mellon, ffmpeg, gstreamer-plugins-good, libesmtp, openexr, rubygem-puma, xen, and xerces-c), and Ubuntu (openssl).
https://lwn.net/Articles/868155/
Recently Patched Confluence Vulnerability Exploited in the Wild
Hackers started exploiting a vulnerability in Atlassian-s Confluence enterprise collaboration product just one week after the availability of a patch was announced.
https://www.securityweek.com/recently-patched-confluence-vulnerability-exploited-wild
Cisco Nexus Insights Authenticated Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-insight-infodis-2By2ZpBB
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2
Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-collab-xss-fQMDE5GO
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-4HnZFewr
Johnson Controls Sensormatic Electronics Illustra
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-01
JTEKT TOYOPUC TCC-6353 PC10G-CPU
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-02
Advantech WebAccess
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03