End-of-Day report
Timeframe: Freitag 03-09-2021 18:00 - Montag 06-09-2021 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Exchange-Server-Attacken reißen nicht ab - Angreifer installieren 7 Hintertüren
Wenn nicht längst geschehen, sollten Admins die ProxyShell-Lücken in Exchange Server durch die Installation von Sicherheitsupdates schließen.
https://heise.de/-6182364
Patch me if you can: Ransomware 3.0 - der Widerstand wächst
ITler jonglieren gern mit Zahlen, vor allem beim Reifegrad von Software. Bei Ransomware hat ein Versionssprung aber nichts Gutes zu bedeuten - oder doch?
https://heise.de/-6071696
Sourcecode von Erpressungstrojaner "Babuk Locker" geleakt
In einem russischen Hacker-Forum sind alle Bauteile für die Ransomware "Babuk Locker" aufgetaucht. Darunter könnten auch für Opfer interessante Schlüssel sein.
https://heise.de/-6182385
Ransomware gangs target companies using these criteria
Ransomware gangs increasingly purchase access to a victims network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks.
https://www.bleepingcomputer.com/news/security/ransomware-gangs-target-companies-using-these-criteria/
The State of Incident Response: Measuring Risk and Evaluating Your Preparedness
Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster.
https://threatpost.com/incident-response-risk-preparedness/169211/
Traffic Exchange Networks Distributing Malware Disguised as Cracked Software
An ongoing campaign has been found to leverage a network of websites acting as a "dropper as a service" to deliver a bundle of malware payloads to victims looking for "cracked" versions of popular business and consumer applications. "These malware included an assortment of click fraud bots, other information stealers, and even ransomware," researchers from cybersecurity firm Sophos said [...]
https://thehackernews.com/2021/09/traffic-exchange-networks-distributing.html
Vulnerabilities
Proxies are complicated: RCE vulnerability in a 3 million downloads/week NPM package
Pac-Resolver, a widely used NPM dependency, had a high-severity RCE (Remote Code Execution) vulnerability that could allow network administrators or other malicious actors on your local network to remotely run arbitrary code inside your Node.js process whenever you tried to send an HTTP request.
https://httptoolkit.tech/blog/npm-pac-proxy-agent-vulnerability/
-Demon-s Cries- authentication bypass patched in Netgear switches
Networking equipment vendor Netgear has patched three vulnerabilities in several of its smart switches that can allow threat actors to bypass authentication and take over devices.
https://therecord.media/demons-cries-authentication-bypass-patched-in-netgear-switches/
Security updates for Monday
Security updates have been issued by Debian (btrbk, pywps, and squashfs-tools), Fedora (libguestfs, libss7, ntfs-3g, ntfs-3g-system-compression, partclone, testdisk, wimlib, and xen), Mageia (exiv2, golang, libspf2, and ruby-addressable), openSUSE (apache2, dovecot23, gstreamer-plugins-good, java-11-openjdk, libesmtp, mariadb, nodejs10, opera, python39, sssd, and xerces-c), and SUSE (apache2, java-11-openjdk, libesmtp, mariadb, nodejs10, python39, sssd, xen, and xerces-c).
https://lwn.net/Articles/868464/
Security Bulletin: IBM Cloud Private is vulnerable to Helm vulnerabilities ( CVE-2021-21303)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-helm-vulnerabilities-cve-2021-21303/
Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2020-1971 )
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-openssl-vulnerabilities-cve-2020-1971/
Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL and Node.js vulnerabilities (CVE-2020-1971, CVE-2020-8287, CVE-2020-8265)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-openssl-and-node-js-vulnerabilities-cve-2020-1971-cve-2020-8287-cve-2020-8265/
Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8554)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-kubernetes-vulnerabilities-cve-2020-8554/
Security Bulletin: IBM Cloud Private is vulnerable to Java vulnerabilities (CVE-2020-14781)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-java-vulnerabilities-cve-2020-14781/
Security Bulletin: IBM Cloud Private is vulnerable to Docker vulnerabilities (CVE-2021-21285, CVE-2021-21284)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-docker-vulnerabilities-cve-2021-21285-cve-2021-21284/
Security Bulletin: Multiple vulnerabilities in VMware affect IBM Cloud Pak System
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-affect-ibm-cloud-pak-system-2/
Security Bulletin: IBM Cloud Private is vulnerable to Node.js lodash vulnerabilities (CVE-2021-23337)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-node-js-lodash-vulnerabilities-cve-2021-23337/
Security Bulletin: A Privilege Escalation vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool and its Agent
https://www.ibm.com/blogs/psirt/security-bulletin-a-privilege-escalation-vulnerability-in-pivotal-spring-framework-affects-ibm-lks-administration-reporting-tool-and-its-agent/
Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2020-1968 )
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-openssl-vulnerabilities-cve-2020-1968/
Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-3121)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-go-vulnerability-cve-2021-3121/
Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8569)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-kubernetes-vulnerabilities-cve-2020-8569/
Security Bulletin: IBM Cloud Private is vulnerable to FasterXML jackson-databind vulnerabilities (CVE-2020-25649)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-fasterxml-jackson-databind-vulnerabilities-cve-2020-25649/
Security Bulletin: A security vulnerability has been identified in Oracle Oct 2020 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14781)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-oracle-oct-2020-cpu-for-java-8-shipped-with-ibm-intelligent-operations-center-cve-2020-14781/
Security Bulletin: IBM Cloud Private is vulnerable to Elastic vulnerabilities (CVE-2020-7020 )
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-elastic-vulnerabilities-cve-2020-7020/
Security Bulletin: IBM Cloud Private is vulnerable to Java vulnerabilities (CVE-2020-2773)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-java-vulnerabilities-cve-2020-2773/