Tageszusammenfassung - 20.09.2021

End-of-Day report

Timeframe: Freitag 17-09-2021 18:00 - Montag 20-09-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter


Jetzt patchen! Krypto-Miner schlüpft durch OMIGOD-Lücken auf Azure-Server

Angreifer attackieren derzeit Azure-Kunden mit virtuellen Linux-PCs. Admins sollten jetzt handeln und die verfügbaren Sicherheitsupdates installieren.


Epik data breach impacts 15 million users, including non-customers

Scraped WHOIS data of NON-Epik customers also exposed in the 180 GB leak.


Bring Your APIs Out of the Shadows to Protect Your Business

APIs are immensely more complex to secure. Shadow APIs - those unknown or forgotten API endpoints that escape the attention and protection of IT - present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do.


Video: Simple Analysis Of A CVE-2021-40444 .docx Document, (Sun, Sep 19th)

I created a video for the analysis I described in my last diary entry "Simple Analysis Of A CVE-2021-40444 .docx Document".


EventBuilder Exposed Information of Over 100,000 Event Registrants

Event management company EventBuilder exposed files containing the personal information of at least 100,000 users who registered for events on its platform.


Network Security Trends: May-July 2021

Network security trends, May-July 2021: We analyze how vulnerabilities are being exploited in the wild and rank the most common types of attacks.


Threat landscape for industrial automation systems. Statistics for H1 2021

In H1 2021, the percentage of ICS computers on which malicious objects were blocked was 33.8%, which was 0.4 p.p. more than in H2 2020.


-Yes, we are breaking the law:- An interview with the operator of a marketplace for stolen data

A website called Marketo emerged earlier this year, billing itself as a marketplace where people can buy leaked data. Although Marketo isn-t a ransomware group, it appears to borrow key strategies from those types of threat actors.



#OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports., (Mon, Sep 20th)

After the "OMIGOD" vulnerability details were made public, and it became obvious that exploiting vulnerable hosts would be trivial, researchers and attackers started pretty much immediately to scan for vulnerable hosts. We saw a quick rise of scans, particularly against port:1270.


Security updates for Monday

Security updates have been issued by Debian (gnutls28, nettle, nextcloud-desktop, and openssl1.0), Fedora (dovecot-fts-xapian, drupal7, ghostscript, haproxy, libtpms, lynx, wordpress, and xen), openSUSE (xen), Red Hat (rh-ruby27-ruby), and SUSE (openssl, openssl1, and xen).


Researchers put together a list of vulnerabilities abused by Ransomware - Look for these immediately

LINK To make it easy, I pulled it and created a simple txt list you can use. These are the some of the initial access methods.


McAfee Endpoint Security: Mehrere Schwachstellen


Security Bulletin: IBM Aspera Webapps are vulnerable to cross-site scripting (CVE-2020-11022, CVE-2020-11023).


Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU - Apr 2021 + Oracle Apr 2021; Jul 2021 + Oracle 2021 CPU


Security Bulletin: Aspera Web Applications (Shares, Console) are affected by OpenSSL Vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)


Security Bulletin: IBM Data Replication Java SDK Update


Security Bulletin: IBM Data Replication Java SDK Update


Security Bulletin: ISC DHCP for IBM i is affected by CVE-2021-25217


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional


Security Bulletin: IBM Data Replication Java SDK Update


Security Bulletin: IBM Cloud Pak for Data could allow a local user with special privileges to obtain highly sensitive information


Security Bulletin: IBM Aspera Webapps products (Shares, Console) are affected by OpenSSL Vulnerability (CVE-2021-3712)


Security Bulletin: IBM Aspera Webapps (Shares, Console) are vulnerable to an OpenSSL Vunerability (CVE-2020-7656).


Security Bulletin: IBM SDK, Java Tech Edition Quarterly CPU Apr 2021 + Oracle APR 2021; Jul 2021 + Oracle Jul 2021


Security Bulletin: Aspera Web Applications (Shares, Console) are affected by an OpenSSL Vulnerability (CVE-2020-1971)


Security Bulletin: Multiple vulnerabilities in Apache Commons* affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090)


Security Bulletin: Multiple vulnerabilities is affecting Tivoli Netcool/OMNIbus WebGUI