===================== = End-of-Day report = =====================
Timeframe: Freitag 02-04-2021 18:00 − Dienstag 06-04-2021 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Malicious cheats for Call of Duty: Warzone are circulating online ∗∗∗ --------------------------------------------- The cheat is fake, but the malware it installs is the real thing. --------------------------------------------- https://arstechnica.com/?p=1754269
∗∗∗ Telefonnummer, E-Mail: Bin ich im Facebook-Leak? ∗∗∗ --------------------------------------------- Auf verschiedenen Webseiten können Nutzer prüfen, ob sie zu den 533 Millionen Betroffenen des Facebook-Datenlecks gehören. --------------------------------------------- https://www.golem.de/news/telefonnummer-e-mail-bin-ich-im-facebook-leak-2104...
∗∗∗ Kryptomining: Coinhive-Skripte warnen vor sich selbst ∗∗∗ --------------------------------------------- Der Sicherheitsforscher Troy Hunt hat die Domains des Kryptominers Coinhive bekommen. Mit ihnen macht er auf Sicherheitsprobleme aufmerksam. --------------------------------------------- https://www.golem.de/news/kryptomining-coinhive-skripte-warnen-vor-sich-selb...
∗∗∗ The leap of a Cycldek-related threat actor ∗∗∗ --------------------------------------------- The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector. --------------------------------------------- https://securelist.com/the-leap-of-a-cycldek-related-threat-actor/101243/
∗∗∗ From PowerShell to Payload: An Analysis of Weaponized Malware ∗∗∗ --------------------------------------------- John Hammond, security researcher with Huntress, takes a deep-dive into a stagers technical and coding aspects. --------------------------------------------- https://threatpost.com/powershell-payload-analysis-malware/165188/
∗∗∗ YARA and CyberChef: ZIP, (Sun, Apr 4th) ∗∗∗ --------------------------------------------- When processing the result of "unzip" in CyberChef, for example with YARA rules, all files contained inside the ZIP file, are concatenated together. --------------------------------------------- https://isc.sans.edu/diary/rss/27276
∗∗∗ Gigaset: Malware-Befall von Android-Geräten des Herstellers gibt Rätsel auf ∗∗∗ --------------------------------------------- Besitzer von Android-Smartphones von Gigaset kämpfen seit einigen Tagen mit Malware. Einiges deutet auf einen kompromittierten Update-Server als Quelle hin. --------------------------------------------- https://heise.de/-6006464
∗∗∗ Man in the Terminal ∗∗∗ --------------------------------------------- By using path hijacking and modification on Unix-like machines, we can achieve pseudo-keylogging functionality by prioritizing malicious middleware binaries to record and transfer standard input/output streams. --------------------------------------------- https://posts.specterops.io/man-in-the-terminal-65476e6165b9
∗∗∗ 2020 Phishing Trends With PDF Files ∗∗∗ --------------------------------------------- We analyzed recent phishing trends with PDF files and noted a dramatic increase in the practice, as well as five approaches popular with attackers. --------------------------------------------- https://unit42.paloaltonetworks.com/phishing-trends-with-pdf-files/
∗∗∗ SAP issues advisory on the exploit of old vulnerabilities to target enterprise applications ∗∗∗ --------------------------------------------- New research also reveals that SAP vulnerabilities, on average, are weaponized in less than 72 hours. --------------------------------------------- https://www.zdnet.com/article/sap-issues-advisory-on-vulnerable-applications...
===================== = Vulnerabilities = =====================
∗∗∗ Vulnerability Spotlight: Out-of-bounds write vulnerabilities in Accusoft ImageGear ∗∗∗ --------------------------------------------- Cisco Talos recently discovered multiple out-of-bounds write vulnerabilities in Accusoft ImageGear that an adversary could exploit to corrupt memory on the targeted machine. The ImageGear library is a [...] --------------------------------------------- https://blog.talosintelligence.com/2021/03/vuln-spotlight-accusoft-image-gea...
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libxstream-java, php-nette, and smarty3), Fedora (curl, openssl, spamassassin, and webkit2gtk3), Mageia (ant, batik, kernel, kernel-linus, nodejs-chownr, nodejs-yargs-parser, python-bottle, and ruby-em-http-request), openSUSE (curl and OpenIPMI), and Red Hat (openssl). --------------------------------------------- https://lwn.net/Articles/851640/
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium, netty, python-bleach, and python3.5), Fedora (libmediainfo, libzen, and mediainfo), Mageia (openssl), openSUSE (chromium), Red Hat (389-ds:1.4, flatpak, kernel, kernel-rt, kpatch-patch, libldb, and virt:rhel and virt-devel:rhel), and Ubuntu (python-django and ruby-rack). --------------------------------------------- https://lwn.net/Articles/851772/
∗∗∗ Android Patchday April ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erhöhen oder Informationen offenzulegen. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K21-0344
∗∗∗ QTS 4.3.6.1620 Build 20210322 ∗∗∗ --------------------------------------------- Security Updates Fixed a command injection vulnerability (CVE-2020-2509). Fixed a vulnerability in Apache HTTP server (CVE-2020-9490). --------------------------------------------- https://www.qnap.com/en/release-notes/qts/4.3.6.1620/20210322
∗∗∗ Shodan Verified Vulns 2021-04-01 ∗∗∗ --------------------------------------------- Der März verging Dank (?) den Exchange-Schachstellen wie im Flug und wir werfen entsprechend wieder einen Blick auf jene Schwachstellen, die Shodan in Österreich sieht. Mit Stand 2021-04-01 ergab sich Folgendes: Es ist also passiert! Mit einem Schlag sind die TLS-Schwachstellen (fast) vom Thron gestoßen – die Microsoft Exchange Lücken greifen nach der Spitze. --------------------------------------------- https://cert.at/de/aktuelles/2021/4/shodan-verified-vulns-2021-04-01
∗∗∗ April 5, 2021 TNS-2021-07 [R1] Nessus 8.14.0 Fixes One Vulnerability ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2021-07
∗∗∗ Grafana vulnerability CVE-2019-15043 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K00843201