End-of-Day report
Timeframe: Mittwoch 22-09-2021 18:00 - Donnerstag 23-09-2021 18:00
Handler: Dimitri Robl
Co-Handler: n/a
News
Hackers are scanning for VMware CVE-2021-22005 targets, patch now!
Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution.
https://www.bleepingcomputer.com/news/security/hackers-are-scanning-for-vmware-cve-2021-22005-targets-patch-now/
How REvil May Have Ripped Off Its Own Affiliates
A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates- cuts of ransom payments.
https://threatpost.com/how-revil-may-have-ripped-off-its-own-affiliates/174887/
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro, (Thu, Sep 23rd)
Microsoft Excel supports two types of macros. The legacy format is known as -Excel4 macro- and the new (but already used for a while) is based on VBA. We already cover both formats in many diaries. Yesterday, I spotted an interesting sample that implements- both!
https://isc.sans.edu/diary/rss/27864
iOS 15 und macOS 12: Alte TLS-Versionen haben ausgedient
Apple will TLS 1.0 und 1.1 bald nicht mehr unterstützen. In iOS 15 & Co gelten die alten Versionen des Verschlüsselungsprotokolls bereits als abgekündigt.
https://heise.de/-6199902
BulletProofLink: Wo der ganze Phishing-Spam herkommt
Microsoft beschreibt im Detail, wie auch absolute Neulinge ohne Vorkenntnisse spielend leicht ins Geschäft mit geklauten Zugangsdaten einsteigen können.
https://heise.de/-6199720
Cyber Threats to Global Electric Sector on the Rise
The number of cyber intrusions and attacks targeting the Electric sector is increasing and in 2020 Dragos identified three new Activity Groups (AGs) targeting the Electric Sector: [...]
https://www.dragos.com/blog/industry-news/cyber-threats-to-global-electric-sector-on-the-rise/
Plugging the holes: How to prevent corporate data leaks in the cloud
Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here-s what you can do to prevent cloud configuration conundrums.
https://www.welivesecurity.com/2021/09/22/plugging-holes-how-prevent-corporate-data-leaks-cloud/
Rückblick auf das zweite Drittel 2021
Das zweite Drittel 2021 ist vorbei und wie auch das erste gab es viel zu tun. Microsofts Exchange Server war diesmal nicht die einzige Mailserver-Software, in der kritische Lücken gefunden wurden; exim reihte sich mit gleich 21 Schwachsstellen in die Liste ein. Außerdem ging ab Juni wieder eine DDoS-Erpressungswelle um.
https://cert.at/de/blog/2021/9/ruckblick-auf-das-zweite-drittel-2021
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks.
https://us-cert.cisa.gov/ncas/current-activity/2021/09/22/cisa-fbi-and-nsa-release-joint-cybersecurity-advisory-conti
CISA Releases Guidance: IPv6 Considerations for TIC 3.0
The federal government has prioritized the transition of federal networks to Internet Protocol version 6 (IPv6) since the release of Office of Management and Budget (OMB) Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07. That memorandum specifically entrusts CISA with enhancing the Trusted Internet Connections (TIC) program to fully support the implementation of IPv6 in federal IT systems.
https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/cisa-releases-guidance-ipv6-considerations-tic-30
Securing Microservices
Do you remember how it felt to get your first email account? Not only were you able to communicate with multiple people in a fast and efficient manner, it also gave you an online identity you could use to access a wide range of services. As time progressed, though, you became increasingly aware of email-s [-]
https://www.intezer.com/blog/cloud-security/securing-microservices/
Vulnerabilities
Drupal Security Advisories
Drupal hat 12 Security Advisories zu "Contributed projects", d.h. Software, die nicht vom Drupal-Team selbst entwickelt wird, veröffentlicht. Vier davon werden als "Critical" eingestuft.
https://www.drupal.org/security/contrib
IBM Security Bulletins
IBMs PSIRT hat 26 Security Bulletins veröffentlicht.
https://www.ibm.com/blogs/psirt/
Cisco Security Advisories
Cisco hat 31 Security Advisories veröffentlicht. Drei davon werden als "Critical" eingestuft, 13 als "High".
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F09%2F22&firstPublishedEndDate=2021%2F09%2F23
Security updates for Thursday
Security updates have been issued by Debian (ruby-kaminari and tomcat8), Mageia (389-ds-base, ansible, apache, apr, cpio, curl, firefox, ghostscript, gifsicle, gpac, libarchive, libgd, libssh, lynx, nextcloud-client, openssl, postgresql, proftpd, python3, thunderbird, tor, and vim), openSUSE (chromium, ffmpeg, grilo, hivex, linuxptp, and samba), Oracle (go-toolset:ol8, kernel, kernel-container, krb5, mysql:8.0, and nodejs:12), SUSE (ffmpeg, firefox, grilo, hivex, kernel, linuxptp, nodejs14, and
https://lwn.net/Articles/870190/
Trane Symbio
This advisory contains mitigations for a Code Injection vulnerability in Trane Symbio 700 and Symbio 800 controllers.
https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01
Trane Tracer
This advisory contains mitigations for a Code Injection vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge building automation products.
https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02