===================== = End-of-Day report = =====================
Timeframe: Freitag 02-12-2022 18:00 − Montag 05-12-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ BlackProxies proxy service increasingly popular among hackers ∗∗∗ --------------------------------------------- A new residential proxy market is becoming popular among hackers, cybercriminals, phishers, scalpers, and scammers, selling access to a million claimed proxy IP addresses worldwide. --------------------------------------------- https://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-in...
∗∗∗ Hackers use new, fake crypto app to breach networks, steal cryptocurrency ∗∗∗ --------------------------------------------- The North Korean Lazarus hacking group is linked to a new attack spreading fake cryptocurrency apps under the made-up brand, "BloxHolder," to install the AppleJeus malware for initial access to networks and steal crypto assets. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-a...
∗∗∗ If one sheep leaps over the ditch… ∗∗∗ --------------------------------------------- In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend. --------------------------------------------- https://securelist.com/crimeware-report-ransomware-tactics-vulnerable-driver...
∗∗∗ OWASP Top 10 CI/CD Security Risks ∗∗∗ --------------------------------------------- This document helps defenders identify focus areas for securing their CI/CD ecosystem. It is the result of extensive research into attack vectors associated with CI/CD, and the analysis of high profile breaches and security flaws. --------------------------------------------- https://owasp.org/www-project-top-10-ci-cd-security-risks/
∗∗∗ #StopRansomware: Cuba Ransomware Alert (AA22-335A) ∗∗∗ --------------------------------------------- This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. --------------------------------------------- https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
∗∗∗ CryWiper: Fake-Ransomware zerstört Daten insbesondere in Russland ∗∗∗ --------------------------------------------- Die Virenanalysten von Kaspersky haben den Schädling CryWiper entdeckt, der sich als Ransomware ausgibt, Daten aber unwiderbringlich zerstört. --------------------------------------------- https://heise.de/-7366160
===================== = Vulnerabilities = =====================
∗∗∗ Severe AMI MegaRAC flaws impact servers from AMD, ARM, HPE, Dell, others ∗∗∗ --------------------------------------------- Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/severe-ami-megarac-flaws-impa...
∗∗∗ Sicherheitsupdate: Schadcode könnte durch Sophos-Firewalls schlüpfen ∗∗∗ --------------------------------------------- Die Entwickler des Sicherheitssoftware-Anbieters Sophos haben in hauseigenen Firewalls sieben Sicherheitslücken geschlossen. Eine gilt als kritisch. --------------------------------------------- https://heise.de/-7366076
∗∗∗ Sicherheitslücke: Codeschmuggel mit Ping in FreeBSD ∗∗∗ --------------------------------------------- Angreifer könnten FreeBSD mit manipulierten Ping-Anfragen zum Ausführen untergejubelten Schadcodes bringen. Aktualisierungen stehen bereit. --------------------------------------------- https://heise.de/-7366590
∗∗∗ Notfall-Update: Zero-Day-Sicherheitslücke in Google Chrome unter Beschuss ∗∗∗ --------------------------------------------- Google hat ein ungeplantes Update für Chrome herausgegeben. Damit schließt der Hersteller eine Sicherheitslücke im Webbrowser, die derzeit angegriffen wird. --------------------------------------------- https://heise.de/-7365415
∗∗∗ Veritas NetBackup: Update schließt teils kritische Scherheitslücken ∗∗∗ --------------------------------------------- In Veritas NetBackup Flex Scale und Access Appliance könnten Angreifer aus dem Netz ohne Anmeldung Befehle einschleusen. Hotfixes beheben die Fehler. --------------------------------------------- https://heise.de/-7365984
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (awstats, chromium, clamav, g810-led, giflib, http-parser, jhead, libpgjava, node-cached-path-relative, node-fetch, and vlc), Fedora (fastnetmon, kernel, librime, qpress, rr, thunderbird, and wireshark), Red Hat (kernel, kernel-rt, and kpatch-patch), Slackware (mozilla), SUSE (cherrytree and chromium), and Ubuntu (libbpf, libxml2, linux-gcp-5.15, linux-gke, linux-gke-5.15, and linux-gke). --------------------------------------------- https://lwn.net/Articles/916979/