[CERT-daily] Tageszusammenfassung - 21.11.2022

Mon Nov 21 18:11:22 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 18-11-2022 18:00 − Montag 21-11-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ New AxLocker ransomware encrypts files, then steals your Discord account ∗∗∗
---------------------------------------------
The new AXLocker ransomware family is not only encrypting victims files and demanding a ransom payment but also stealing the Discord accounts of infected users.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-axlocker-ransomware-encrypts-files-then-steals-your-discord-account/


∗∗∗ Apps with over 3 million installs leak Admin search API keys ∗∗∗
---------------------------------------------
Researchers discovered 1,550 mobile apps leaking Algolia API keys, risking the exposure of sensitive internal services and stored user information.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/apps-with-over-3-million-installs-leak-admin-search-api-keys/


∗∗∗ Google releases 165 YARA rules to detect Cobalt Strike attacks ∗∗∗
---------------------------------------------
The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise (IOCs) to help defenders detect Cobalt Strike components in their networks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/google-releases-165-yara-rules-to-detect-cobalt-strike-attacks/


∗∗∗ McAfee Fake Antivirus Phishing Campaign is Back!, (Sat, Nov 19th) ∗∗∗
---------------------------------------------
Yesterday I received this email that my McAfee antivirus subscription is expired and that my computer is already infected with 5 viruses (how do they know?).
---------------------------------------------
https://isc.sans.edu/diary/rss/29264


∗∗∗ Vulnerable Code Snippets ∗∗∗
---------------------------------------------
YesWeHack present code snippets containing several different vulnerabilities to practice your code analysis. The code snippets are beginner friendly but suitable for all levels!
---------------------------------------------
https://github.com/yeswehack/vulnerable-code-snippets


∗∗∗ A Confused Deputy Vulnerability in AWS AppSync ∗∗∗
---------------------------------------------
We have identified a cross-tenant vulnerability in Amazon Web Services (AWS) that exploits AWS AppSync. This attack abuses the AppSync service to assume IAM roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts.
---------------------------------------------
https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure/


∗∗∗ 5 free resources from the Cybersecurity and Infrastructure Security Agency (CISA) ∗∗∗
---------------------------------------------
To assist businesses in enhancing their security capabilities, CISA offers free cybersecurity products and services.
---------------------------------------------
https://www.helpnetsecurity.com/2022/11/21/5-free-resources-cybersecurity-and-infrastructure-security-agency-cisa/


∗∗∗ Gefälschtes SMS von Netflix droht mit Kontosperrung ∗∗∗
---------------------------------------------
Aktuell macht ein Netflix-SMS die Runde. Darin steht, dass Sie eine Rechnung nicht bezahlt haben. Daher droht man Ihnen mit einer Kontosperrung. Im SMS befindet sich auch ein Link. Klicken Sie nicht auf den Link, Kriminelle stehlen Ihre Netflix-Zugangsdaten.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschtes-sms-von-netflix-droht-mit-kontosperrung/


∗∗∗ An AI Based Solution to Detecting the DoubleZero .NET Wiper ∗∗∗
---------------------------------------------
Unit 42 presents a machine learning model to predict maliciousness of .NET samples based on file structures, by analyzing the DoubleZero .NET wiper.
---------------------------------------------
https://unit42.paloaltonetworks.com/doublezero-net-wiper/


∗∗∗ Reputationsverlust durch Cyberangriffe ∗∗∗
---------------------------------------------
Die am meisten befürchteten Schäden durch Cyberangriffe sind finanzielle Schäden sowie Verlust von Reputation und Kundenvertrauen. Bei der Umsetzung von Cybersicherheitsmaßnahmen stehen jedoch Schutz von Geschäftskontinuität, Daten und Kunden im Vordergrund.
---------------------------------------------
https://www.zdnet.de/88405082/reputationsverlust-durch-cyberangriffe/


∗∗∗ Luna Moth: Erfolg mit Callback-Phishing ∗∗∗
---------------------------------------------
Die Luna Moth/Silent Ransom Kriminellen erbeuteten durch Callback-Phishing Hunderttausende von Euro, wie eine Analyse von Palo Alto Networks aufdeckt.
---------------------------------------------
https://www.zdnet.de/88405109/luna-moth-erfolg-mit-callback-phishing/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Exploit released for actively abused ProxyNotShell Exchange bug ∗∗∗
---------------------------------------------
Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/exploit-released-for-actively-abused-proxynotshell-exchange-bug/


∗∗∗ New attacks use Windows security bypass zero-day to drop malware ∗∗∗
---------------------------------------------
New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-attacks-use-windows-security-bypass-zero-day-to-drop-malware/


∗∗∗ IBM Security Bulletins 2022-11-18 ∗∗∗
---------------------------------------------
Power HMC, InfoSphere Information Server, IBM Operations Analytics, IBM i Access Client Solutions, IBM DataPower Gateway, IBM Tivoli, IBM Spectrum Protect Plus
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (graphicsmagick and krb5), Fedora (dotnet6.0, js-jquery-ui, kubernetes, and xterm), Gentoo (php and postgresql), Mageia (php-pear-CAS, sysstat, varnish, vim, and x11-server), Red Hat (thunderbird), SUSE (389-ds, binutils, dpkg, firefox, frr, grub2, java-11-openjdk, java-17-openjdk, kernel, kubevirt stack, libpano, nodejs16, openjpeg, php7, php74, pixman, python-Twisted, python39, rubygem-loofah, sccache, sudo, thunderbird, tor, and tumbler), [...]
---------------------------------------------
https://lwn.net/Articles/915623/


∗∗∗ PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability ∗∗∗
---------------------------------------------
A security researcher has published details and proof-of-concept (PoC) code for a macOS vulnerability that could be exploited to escape a sandbox and execute code within Terminal.
---------------------------------------------
https://www.securityweek.com/poc-code-published-high-severity-macos-sandbox-escape-vulnerability


∗∗∗ Typora fails to properly neutralize JavaScript code ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN26044739/


∗∗∗ MISP 2.4.165 released with many improvements, bugs fixed and security fixes. ∗∗∗
---------------------------------------------
https://www.misp-project.org/2022/11/21/MISP.2.4.165.released.html/


∗∗∗ Miele: Vulnerability in ease2pay cloud service used by appWash ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2022-052/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily