===================== = End-of-Day report = =====================
Timeframe: Freitag 02-10-2020 18:00 − Montag 05-10-2020 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer
===================== = News = =====================
∗∗∗ MosaicRegressor: Lurking in the Shadows of UEFI ∗∗∗ --------------------------------------------- We found a compromised UEFI firmware image that contained a malicious implant. To the best of our knowledge, this is the second known public case where malicious UEFI firmware in use by a threat actor was found in the wild. --------------------------------------------- https://securelist.com/mosaicregressor/98849/
∗∗∗ Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data ∗∗∗ --------------------------------------------- The newly discovered ransomware is hitting companies worldwide, including the GEFCO global logistics company. --------------------------------------------- https://threatpost.com/egregor-ransomware-mass-media-corporate-data/159816/
∗∗∗ Scanning for SOHO Routers, (Sat, Oct 3rd) ∗∗∗ --------------------------------------------- In the past 30 days lots of scanning activity looking for small office and home office (SOHO) routers targeting Netgear. --------------------------------------------- https://isc.sans.edu/diary/rss/26638
∗∗∗ Raccine-Tool soll Schattenkopien von Windows vor Ransomware schützen ∗∗∗ --------------------------------------------- Erpressungstrojaner verschlüsseln Dateien und löschen Daten, die Opfer zur Wiederherstellung nutzen könnten. Das Gratis-Tool Raccine will Hilfe anbieten. --------------------------------------------- https://heise.de/-4920206
∗∗∗ Attacks Aimed at Disrupting the Trickbot Botnet ∗∗∗ --------------------------------------------- Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations. --------------------------------------------- https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot...
∗∗∗ Black-T: New Cryptojacking Variant from TeamTnT ∗∗∗ --------------------------------------------- Code within the Black-T malware sample gives evidence of a shift in tactics, techniques and procedures for TeamTnT operations. --------------------------------------------- https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/
∗∗∗ Shodan Verified Vulns 2020-10-05 ∗∗∗ --------------------------------------------- Wie in unserem Blogpost vom September angekündigt, wollen wir monatlich einen Überblick zu Shodans "Verified Vulnerablilities" in Österreich bieten. --------------------------------------------- https://cert.at/de/aktuelles/2020/10/shodan-verified-vulns-2020-10-05
===================== = Vulnerabilities = =====================
∗∗∗ Tenda Router Zero-Days Emerge in Spyware Botnet Campaign ∗∗∗ --------------------------------------------- A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its denial-of-service functions. --------------------------------------------- https://threatpost.com/tenda-router-zero-days-spyware-botnet/159834/
∗∗∗ Dringend patchen: Rund eine viertel Million Exchange-Server angreifbar ∗∗∗ --------------------------------------------- Kriminelle nutzen eine Lücke in Microsoft Exchange, um Server zu übernehmen. Dabei gibt es seit Februar einen Patch. --------------------------------------------- https://heise.de/-4920095
∗∗∗ Security Bulletin: IBM Cloud Pak for Integration Operators affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- Operators for BM Cloud Pak for Integration (CP4I) version 2020.2 are affected by vulnerabilities in Go prior to Go version 1.14.7. --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integrat...
∗∗∗ Multiple critical vulnerabilities in RocketLinx Series ∗∗∗ --------------------------------------------- https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities...
∗∗∗ WAGO: XSS vulnerability in Web-UI in WAGO 750-88X and WAGO 750-89X ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-029
∗∗∗ WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-027
∗∗∗ WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2020-028