[CERT-daily] Tageszusammenfassung - 30.01.2024

Tue Jan 30 18:14:23 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 29-01-2024 18:00 − Dienstag 30-01-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Ransomwareattacke: Hacker greifen interne Daten von Schneider Electric ab ∗∗∗
---------------------------------------------
Angeblich steckt die Ransomwaregruppe Cactus hinter dem Angriff. Sie hat offenbar mehrere TByte an Daten exfiltriert und fordert ein Lösegeld.
---------------------------------------------
https://www.golem.de/news/ransomwareattacke-hacker-greifen-interne-daten-von-schneider-electric-ab-2401-181695.html


∗∗∗ What did I say to make you stop talking to me?, (Tue, Jan 30th) ∗∗∗
---------------------------------------------
We use Cowrie to emulate an SSH and Telnet server for our honeypots. Cowrie is great software maintained by Michel Oosterhof.
---------------------------------------------
https://isc.sans.edu/diary/rss/30604


∗∗∗ New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility ∗∗∗
---------------------------------------------
Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnets infrastructure was dismantled in April 2022.
---------------------------------------------
https://thehackernews.com/2024/01/new-zloader-malware-variant-surfaces.html


∗∗∗ Is Your SAP Cloud Connector Safe? The Risk You Can’t Ignore ∗∗∗
---------------------------------------------
In this article, we will discuss security issues and provide recommendations to mitigate the risks associated with using SAP CC on the Windows platform.
---------------------------------------------
https://redrays.io/blog/sap-cloud-connector-security/


∗∗∗ Ransomware-Bericht: Immer weniger Opfer zahlen Lösegeld ∗∗∗
---------------------------------------------
Sicherheitsforscher zeigen aktuelle Trends bei Verschlüsselungstrojanern auf. Unter anderem schrumpfen die Summen von Lösegeldern.
---------------------------------------------
https://www.heise.de/news/Ransomware-Bericht-Immer-weniger-Opfer-zahlen-Loesegeld-9613134.html


∗∗∗ Lieber nicht: Abnehm-Pillen von Keto Base ∗∗∗
---------------------------------------------
In einem gefälschten Online-Artikel werden Abnehm-Pillen von Keto Base beworben. Angeblich wurde dieses „Wundermittel“ zum schnellen Abnehmen in der TV-Show „Höhle des Löwen“ vorgestellt und finanziert. Dabei handelt es sich aber um Fake News. Dieses Angebot ist unseriös und schädigt im schlimmsten Fall Ihrer Gesundheit.
---------------------------------------------
https://www.watchlist-internet.at/news/lieber-nicht-abnehm-pillen-von-keto-base/


∗∗∗ Trigona Ransomware Threat Actor Uses Mimic Ransomware ∗∗∗
---------------------------------------------
AhnLab SEcurity intelligence Center (ASEC) has recently identified a new activity of the Trigona ransomware threat actor installing Mimic ransomware.
---------------------------------------------
https://asec.ahnlab.com/en/61000/


∗∗∗ DarkGate malware delivered via Microsoft Teams - detection and response ∗∗∗
---------------------------------------------
While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/darkgate-malware-delivered-via-microsoft-teams-detection-and-response


=====================
=  Vulnerabilities  =
=====================

∗∗∗ DLL Proxying: Trend Micro liefert Updates, weitere Hersteller angreifbar ∗∗∗
---------------------------------------------
Bei Antivirenprogrammen mehrerer Hersteller haben IT-Forscher DLL-Proxying-Schwachstellen gefunden. Trend Micro hat schon Updates.
---------------------------------------------
https://www.heise.de/news/DLL-Proxying-Trend-Micro-liefert-Updates-weitere-Hersteller-angreifbar-9612567.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (pillow, postfix, and redis), Fedora (python-templated-dictionary and selinux-policy), Red Hat (gnutls, kpatch-patch, libssh, and tomcat), and Ubuntu (amanda, ceph, linux-azure, linux-azure-4.15, linux-kvm, and tinyxml).
---------------------------------------------
https://lwn.net/Articles/960008/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ XSA-450 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-450.html


∗∗∗ XSA-449 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-449.html


∗∗∗ Festo: Multiple products contain CoDe16 vulnerability ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-063/


∗∗∗ Pilz: Vulnerabiiity in PASvisu and PMI v8xx ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-050/


∗∗∗ Emerson Rosemount GC370XA, GC700XA, GC1500XA ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01


∗∗∗ Mitsubishi Electric FA Engineering Software Products ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02


∗∗∗ Mitsubishi Electric MELSEC WS Series Ethernet Interface Module ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-03


∗∗∗ Zyxel security advisory for post-authentication command injection vulnerability in NAS products ∗∗∗
---------------------------------------------
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products-01-30-2024

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily