[CERT-daily] Tageszusammenfassung - 05.01.2022

Wed Jan 5 18:05:36 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 04-01-2022 18:00 − Mittwoch 05-01-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ iOS malware can fake iPhone shut downs to snoop on camera, microphone ∗∗∗
---------------------------------------------
Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ios-malware-can-fake-iphone-shut-downs-to-snoop-on-camera-microphone/


∗∗∗ Code Reuse In the Malware Landscape, (Wed, Jan 5th) ∗∗∗
---------------------------------------------
Code re-use is classic behavior for many developers and this looks legit: Why reinvent the wheel if you can find some pieces of code that do what you are trying to achieve?
---------------------------------------------
https://isc.sans.edu/diary/rss/28216


∗∗∗ New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification ∗∗∗
---------------------------------------------
An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and Microsofts digital signature verification to siphon user credentials and sensitive information.
---------------------------------------------
https://thehackernews.com/2022/01/new-zloader-banking-malware-campaign.html


∗∗∗ Elephant Beetle: Uncovering an organized financial-theft operation ∗∗∗
---------------------------------------------
Using an arsenal of over 80 unique tools & scripts, the group executes its attacks patiently over long periods of time, blending in with the target’s environment and going completely undetected while it quietly liberates organizations of large amounts of money.
---------------------------------------------
https://blog.sygnia.co/elephant-beetle-an-organized-financial-theft-operation


∗∗∗ „Media Markt Exclusive Giveaway“ Aktion ist Fake! ∗∗∗
---------------------------------------------
Auf Facebook werden derzeit Links zu einer nachgeahmten Media Markt Seite verbreitet. Dort heißt es, dass Media Markt landesweit Filialen schließt und daher eine „Online-Aktion“ durchführt. KonsumentInnen hätten so die Chance, Produkte wie iPhones, Macbooks, Playstations und mehr günstig zu kaufen. Wer bei dieser Aktion mitmacht, verliert jedoch Geld und erhält keine der versprochenen Produkte.
---------------------------------------------
https://www.watchlist-internet.at/news/media-markt-exclusive-giveaway-aktion-ist-fake/


∗∗∗ Malware Reverse Engineering for Beginners – Part 1: From 0x0 ∗∗∗
---------------------------------------------
Malware researchers require a diverse skill set usually gained over time through experience and self-training. Reverse engineering (RE) is an integral part of malware analysis and research but it is also one of the most advanced skills a researcher can have.
---------------------------------------------
https://www.intezer.com/blog/malware-analysis/malware-reverse-engineering-beginners/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins 2022-01-05 ∗∗∗
---------------------------------------------
IBM hat 26 Security Bulletins veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ VMware-Sicherheitsupdates: Virtuelles CD-ROM-Laufwerk als Angreifer-Schlupfloch ∗∗∗
---------------------------------------------
VMware warnt vor einer Lücke in seinen Anwendungen für virtuelle Maschinen Cloud Foundation, ESXi, Fusion und Workstation. Einige Patches fehlen noch.
---------------------------------------------
https://heise.de/-6318269


∗∗∗ Sicherheitspatches: Angreifer könnten Datenbanken in IBM Db2 manipulieren ∗∗∗
---------------------------------------------
IBM hat Sicherheitslücken in mehreren Anwendungen wie Cloud Private, Db2 und Elastic Search geschlossen. Außerdem gibt es Neuigkeiten zu Log4j-Anfälligkeiten.
---------------------------------------------
https://heise.de/-6318740


∗∗∗ Entwickler schließen 37 Sicherheitslücken in Chrome 97 ∗∗∗
---------------------------------------------
Die Vorgängerversion von Chrome 97 enthielt mindestens eine kritische Sicherheitslücke. Angreifer hätten vermutlich eingeschleusten Code ausführen können.
---------------------------------------------
https://heise.de/-6318885


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (xorg-x11-server), Debian (apache2), openSUSE (libvirt), Oracle (grafana, qemu, and xorg-x11-server), Red Hat (idm:DL1, samba, and telnet), SUSE (libvirt), and Ubuntu (python-django).
---------------------------------------------
https://lwn.net/Articles/880454/


∗∗∗ Google Patches 48 Vulnerabilities With First Set of 2022 Android Updates ∗∗∗
---------------------------------------------
Google this week published information on the first set of 2022 security updates for Android, describing a total of 48 vulnerabilities that were addressed across Android OS, Pixel devices, and Android Automotive OS.
---------------------------------------------
https://www.securityweek.com/google-patches-48-vulnerabilities-first-set-2022-android-updates


∗∗∗ K10396196: Linux RPM vulnerability CVE-2021-20271 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K10396196


∗∗∗ WAGO: Smart Script affected by Log4Shell Vulnerability ∗∗∗
---------------------------------------------
http://cert.vde.com/de/advisories/VDE-2021-060/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily