[CERT-daily] Tageszusammenfassung - 07.01.2022

Fri Jan 7 18:14:04 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 05-01-2022 18:00 − Freitag 07-01-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Google Docs commenting feature exploited for spear-phishing ∗∗∗
---------------------------------------------
A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/google-docs-commenting-feature-exploited-for-spear-phishing/


∗∗∗ Night Sky is the latest ransomware targeting corporate networks ∗∗∗
---------------------------------------------
Its a new year, and with it comes a new ransomware to keep an eye on called Night Sky that targets corporate networks and steals data in double-extortion attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/night-sky-is-the-latest-ransomware-targeting-corporate-networks/


∗∗∗ New Mac Malware Samples Underscore Growing Threat ∗∗∗
---------------------------------------------
A handful of malicious tools that emerged last year showed threat actors may be getting more serious about attacking Apple macOS and iOS environments.
---------------------------------------------
https://www.darkreading.com/vulnerabilities-threats/new-mac-malware-samples-underscore-growing-threat


∗∗∗ Custom Python RAT Builder, (Fri, Jan 7th) ∗∗∗
---------------------------------------------
This week I already wrote a diary about "code reuse" in the malware landscape but attackers also have plenty of tools to generate new samples on the fly.
---------------------------------------------
https://isc.sans.edu/diary/rss/28224


∗∗∗ NIST Cybersecurity Framework: A Quick Guide for SaaS Security Compliance ∗∗∗
---------------------------------------------
When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology (NIST). From the latest password requirements (NIST 800-63) to IoT security for manufacturers (NISTIR 8259), NIST is always the starting point.
---------------------------------------------
https://thehackernews.com/2022/01/nist-cybersecurity-framework-quick.html


∗∗∗ iPhone-Angriff: Hacker könnten Reboot verunmöglichen ∗∗∗
---------------------------------------------
Malware wie die iOS-Version der Spyware Pegasus gehen nach einem Neustart verloren. Dieser lässt sich allerdings unterbinden, wie eine Sicherheitsfirma zeigt.
---------------------------------------------
https://heise.de/-6319430


∗∗∗ Patchday Android: Angreifer könnten sich weitreichende Berechtigungen aneignen ∗∗∗
---------------------------------------------
Google und weitere Smartphone-Hersteller haben wichtige Sicherheitsupdates für Android 9, 10, 11 und 12 veröffentlicht.
---------------------------------------------
https://heise.de/-6320248


∗∗∗ Vermeintlicher Amazon-Kundendienst verschickt betrügerische Mails zu Kundenprämienprogramm ∗∗∗
---------------------------------------------
LeserInnen melden uns derzeit eine E-Mail, die angeblich vom Amazon-Kundendienst stammt. Tatsächlich stecken Kriminelle dahinter.
---------------------------------------------
https://www.watchlist-internet.at/news/vermeintlicher-amazon-kundendienst-verschickt-betruegerische-mails-zu-kundenpraemienprogramm/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ QNAP warns of ransomware targeting Internet-exposed NAS devices ∗∗∗
---------------------------------------------
QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qnap-warns-of-ransomware-targeting-internet-exposed-nas-devices/


∗∗∗ NHS warns of hackers exploiting Log4Shell in VMware Horizon ∗∗∗
---------------------------------------------
UKs National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/nhs-warns-of-hackers-exploiting-log4shell-in-vmware-horizon/


∗∗∗ Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console ∗∗∗
---------------------------------------------
Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month.
---------------------------------------------
https://thehackernews.com/2022/01/log4shell-like-critical-rce-flaw.html


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM hat 36 Security Bulletins veröffentlicht
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Sicherheitsupdate: Angreifer könnten sich auf WordPress-Websites einnisten ∗∗∗
---------------------------------------------
In der aktuellen Version des Content Management System WordPress haben die Entwickler vier Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-6320363


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (log4j and quaternion), Mageia (gnome-shell and singularity), SUSE (libsndfile, libvirt, net-snmp, and python-Babel), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oracle, linux-oracle-5.11, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, [...]
---------------------------------------------
https://lwn.net/Articles/880564/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (sphinxsearch), Fedora (chromium and vim), Red Hat (rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon), and Ubuntu (apache2 and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/880672/


∗∗∗ January 5, 2022   TNS-2022-01   [R1] Tenable.sc 5.20.0 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2022-01


∗∗∗ January 5, 2022   TNS-2022-02   [R1] Nessus Network Monitor 6.0.0 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2022-02


∗∗∗ VMware Tanzu Spring Framework: Schwachstelle ermöglicht Manipulation von Log-Dateien ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0006


∗∗∗ Drupal Plugins: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0014


∗∗∗ Omron CX-One ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-006-01


∗∗∗ Fernhill SCADA ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-006-02


∗∗∗ IDEC PLCs ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-006-03


∗∗∗ Philips Engage Software ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-22-006-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily