[CERT-daily] Tageszusammenfassung - 01.10.2021

Daily end-of-shift report team at cert.at
Fri Oct 1 18:07:59 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 30-09-2021 18:00 − Freitag 01-10-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Hydra malware targets customers of Germanys second largest bank ∗∗∗
---------------------------------------------
The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germanys second-largest financial institution.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hydra-malware-targets-customers-of-germanys-second-largest-bank/


∗∗∗ Flubot Android malware now spreads via fake security updates ∗∗∗
---------------------------------------------
The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/flubot-android-malware-now-spreads-via-fake-security-updates/


∗∗∗ Hackers rob thousands of Coinbase customers using MFA flaw ∗∗∗
---------------------------------------------
Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the companys SMS multi-factor authentication security feature.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-rob-thousands-of-coinbase-customers-using-mfa-flaw/


∗∗∗ New Tool to Add to Your LOLBAS List: cvtres.exe , (Fri, Oct 1st) ∗∗∗
---------------------------------------------
LOLBAS (“Living Off the Land Binaries And Scripts”) is a list of tools[1] that are present on any Windows system because they are provided by Microsoft as useful tools to perform system maintenance, updates, etc. This list is maintained and upgraded regularly. This is a good starting point when you need to investigate suspicious processes activity on a system (proactively or in forensics investigation).
---------------------------------------------
https://isc.sans.edu/diary/27892


∗∗∗ Introduction to ICS Security Part 3 ∗∗∗
---------------------------------------------
In part 3 of the Introduction to ICS blog series, Stephan Mathezer discusses Remote Access Connections into ICS, examines why they here to stay, and reviews the best practices for securing them.
---------------------------------------------
https://www.sans.org/blog/introduction-to-ics-security-part-3/


∗∗∗ Android Trojan GriftHorse, the gift horse you definitely should look in the mouth ∗∗∗
---------------------------------------------
The GriftHorse Android Trojan is a widespread campaign with millions of victims in over 70 countries.
---------------------------------------------
https://blog.malwarebytes.com/android/2021/09/android-trojan-grifthorse-the-gift-horse-you-definitely-should-look-in-the-mouth/


∗∗∗ ESET Threat Report T2 2021 ∗∗∗
---------------------------------------------
Unsere Sicherheitsforscher analysieren die Cybersicherheitslage und die ESET-Telemetriedaten im zweiten Drittel des Jahres 2021.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2021/09/30/eset-threat-report-t2-2021/


∗∗∗ Heute startet der Europäische Monat der Cyber-Sicherheit! ∗∗∗
---------------------------------------------
Wie jedes Jahr steht auch heuer der Oktober ganz im Zeichen der Cyber-Sicherheit. Auch Österreich nimmt wieder an der EU-weiten Kampagne „European Cyber Security Month“ (ESCM) teil. Ziel ist es, das Bewusstsein über die Risiken im Netz zu stärken und gezielt Informationen zur IT-Sicherheit zu verbreiten.
---------------------------------------------
https://www.watchlist-internet.at/news/heute-startet-der-europaeische-monat-der-cyber-sicherheit/


∗∗∗ Credential Harvesting at Scale Without Malware ∗∗∗
---------------------------------------------
Email credential harvesting can lead to business email compromise and ransomware. Often, attackers simply ask for victims’ credentials.
---------------------------------------------
https://unit42.paloaltonetworks.com/credential-harvesting/


∗∗∗ Fortinet, Shopify and more report issues after root CA certificate from Lets Encrypt expires ∗∗∗
---------------------------------------------
Experts had been warning for weeks that there would be issues resulting from the expiration of root CA certificates provided by Lets Encrypt.
---------------------------------------------
https://www.zdnet.com/article/fortinet-shopify-others-report-issues-after-root-ca-certificate-from-lets-encrypt-expires/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM hat 11 Security Bulletins veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl, krb5, openssl1.0, and taglib), Fedora (cifs-utils), SUSE (libqt5-qtbase and rubygem-activerecord-4_2), and Ubuntu (linux-raspi, linux-raspi-5.4 and linux-raspi2).
---------------------------------------------
https://lwn.net/Articles/871564/


∗∗∗ Google Patches Two More Exploited Zero-Day Vulnerabilities in Chrome ∗∗∗
---------------------------------------------
Google on Thursday announced the rollout of a Chrome update to address four security vulnerabilities, including two that are already being exploited in the wild.
---------------------------------------------
https://www.securityweek.com/google-patches-two-more-exploited-zero-day-vulnerabilities-chrome


∗∗∗ Command Injection Vulnerability in QVR ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-38


∗∗∗ Stored XSS Vulnerabilities in Photo Station ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-41


∗∗∗ Stored XSS Vulnerability in Photo Station ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-42


∗∗∗ Stored XSS Vulnerability in Image2PDF ∗∗∗
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-43

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list