Tageszusammenfassung - 23.09.2021

End-of-Day report

Timeframe: Mittwoch 22-09-2021 18:00 - Donnerstag 23-09-2021 18:00 Handler: Dimitri Robl Co-Handler: n/a

News

Hackers are scanning for VMware CVE-2021-22005 targets, patch now!

Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution.

https://www.bleepingcomputer.com/news/security/hackers-are-scanning-for-vmware-cve-2021-22005-targets-patch-now/


How REvil May Have Ripped Off Its Own Affiliates

A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates- cuts of ransom payments.

https://threatpost.com/how-revil-may-have-ripped-off-its-own-affiliates/174887/


Excel Recipe: Some VBA Code with a Touch of Excel4 Macro, (Thu, Sep 23rd)

Microsoft Excel supports two types of macros. The legacy format is known as -Excel4 macro- and the new (but already used for a while) is based on VBA. We already cover both formats in many diaries. Yesterday, I spotted an interesting sample that implements- both!

https://isc.sans.edu/diary/rss/27864


iOS 15 und macOS 12: Alte TLS-Versionen haben ausgedient

Apple will TLS 1.0 und 1.1 bald nicht mehr unterstützen. In iOS 15 & Co gelten die alten Versionen des Verschlüsselungsprotokolls bereits als abgekündigt.

https://heise.de/-6199902


BulletProofLink: Wo der ganze Phishing-Spam herkommt

Microsoft beschreibt im Detail, wie auch absolute Neulinge ohne Vorkenntnisse spielend leicht ins Geschäft mit geklauten Zugangsdaten einsteigen können.

https://heise.de/-6199720


Cyber Threats to Global Electric Sector on the Rise

The number of cyber intrusions and attacks targeting the Electric sector is increasing and in 2020 Dragos identified three new Activity Groups (AGs) targeting the Electric Sector: [...]

https://www.dragos.com/blog/industry-news/cyber-threats-to-global-electric-sector-on-the-rise/


Plugging the holes: How to prevent corporate data leaks in the cloud

Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here-s what you can do to prevent cloud configuration conundrums.

https://www.welivesecurity.com/2021/09/22/plugging-holes-how-prevent-corporate-data-leaks-cloud/


Rückblick auf das zweite Drittel 2021

Das zweite Drittel 2021 ist vorbei und wie auch das erste gab es viel zu tun. Microsofts Exchange Server war diesmal nicht die einzige Mailserver-Software, in der kritische Lücken gefunden wurden; exim reihte sich mit gleich 21 Schwachsstellen in die Liste ein. Außerdem ging ab Juni wieder eine DDoS-Erpressungswelle um.

https://cert.at/de/blog/2021/9/ruckblick-auf-das-zweite-drittel-2021


CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks.

https://us-cert.cisa.gov/ncas/current-activity/2021/09/22/cisa-fbi-and-nsa-release-joint-cybersecurity-advisory-conti


CISA Releases Guidance: IPv6 Considerations for TIC 3.0

The federal government has prioritized the transition of federal networks to Internet Protocol version 6 (IPv6) since the release of Office of Management and Budget (OMB) Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07. That memorandum specifically entrusts CISA with enhancing the Trusted Internet Connections (TIC) program to fully support the implementation of IPv6 in federal IT systems.

https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/cisa-releases-guidance-ipv6-considerations-tic-30


Securing Microservices

Do you remember how it felt to get your first email account? Not only were you able to communicate with multiple people in a fast and efficient manner, it also gave you an online identity you could use to access a wide range of services. As time progressed, though, you became increasingly aware of email-s [-]

https://www.intezer.com/blog/cloud-security/securing-microservices/

Vulnerabilities

Drupal Security Advisories

Drupal hat 12 Security Advisories zu "Contributed projects", d.h. Software, die nicht vom Drupal-Team selbst entwickelt wird, veröffentlicht. Vier davon werden als "Critical" eingestuft.

https://www.drupal.org/security/contrib


IBM Security Bulletins

IBMs PSIRT hat 26 Security Bulletins veröffentlicht.

https://www.ibm.com/blogs/psirt/


Cisco Security Advisories

Cisco hat 31 Security Advisories veröffentlicht. Drei davon werden als "Critical" eingestuft, 13 als "High".

https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F09%2F22&firstPublishedEndDate=2021%2F09%2F23


Security updates for Thursday

Security updates have been issued by Debian (ruby-kaminari and tomcat8), Mageia (389-ds-base, ansible, apache, apr, cpio, curl, firefox, ghostscript, gifsicle, gpac, libarchive, libgd, libssh, lynx, nextcloud-client, openssl, postgresql, proftpd, python3, thunderbird, tor, and vim), openSUSE (chromium, ffmpeg, grilo, hivex, linuxptp, and samba), Oracle (go-toolset:ol8, kernel, kernel-container, krb5, mysql:8.0, and nodejs:12), SUSE (ffmpeg, firefox, grilo, hivex, kernel, linuxptp, nodejs14, and

https://lwn.net/Articles/870190/


Trane Symbio

This advisory contains mitigations for a Code Injection vulnerability in Trane Symbio 700 and Symbio 800 controllers.

https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01


Trane Tracer

This advisory contains mitigations for a Code Injection vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge building automation products.

https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02