===================== = End-of-Day report = =====================
Timeframe: Mittwoch 05-01-2022 18:00 − Freitag 07-01-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Google Docs commenting feature exploited for spear-phishing ∗∗∗ --------------------------------------------- A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy. --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-docs-commenting-featur...
∗∗∗ Night Sky is the latest ransomware targeting corporate networks ∗∗∗ --------------------------------------------- Its a new year, and with it comes a new ransomware to keep an eye on called Night Sky that targets corporate networks and steals data in double-extortion attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/night-sky-is-the-latest-ranso...
∗∗∗ New Mac Malware Samples Underscore Growing Threat ∗∗∗ --------------------------------------------- A handful of malicious tools that emerged last year showed threat actors may be getting more serious about attacking Apple macOS and iOS environments. --------------------------------------------- https://www.darkreading.com/vulnerabilities-threats/new-mac-malware-samples-...
∗∗∗ Custom Python RAT Builder, (Fri, Jan 7th) ∗∗∗ --------------------------------------------- This week I already wrote a diary about "code reuse" in the malware landscape but attackers also have plenty of tools to generate new samples on the fly. --------------------------------------------- https://isc.sans.edu/diary/rss/28224
∗∗∗ NIST Cybersecurity Framework: A Quick Guide for SaaS Security Compliance ∗∗∗ --------------------------------------------- When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology (NIST). From the latest password requirements (NIST 800-63) to IoT security for manufacturers (NISTIR 8259), NIST is always the starting point. --------------------------------------------- https://thehackernews.com/2022/01/nist-cybersecurity-framework-quick.html
∗∗∗ iPhone-Angriff: Hacker könnten Reboot verunmöglichen ∗∗∗ --------------------------------------------- Malware wie die iOS-Version der Spyware Pegasus gehen nach einem Neustart verloren. Dieser lässt sich allerdings unterbinden, wie eine Sicherheitsfirma zeigt. --------------------------------------------- https://heise.de/-6319430
∗∗∗ Patchday Android: Angreifer könnten sich weitreichende Berechtigungen aneignen ∗∗∗ --------------------------------------------- Google und weitere Smartphone-Hersteller haben wichtige Sicherheitsupdates für Android 9, 10, 11 und 12 veröffentlicht. --------------------------------------------- https://heise.de/-6320248
∗∗∗ Vermeintlicher Amazon-Kundendienst verschickt betrügerische Mails zu Kundenprämienprogramm ∗∗∗ --------------------------------------------- LeserInnen melden uns derzeit eine E-Mail, die angeblich vom Amazon-Kundendienst stammt. Tatsächlich stecken Kriminelle dahinter. --------------------------------------------- https://www.watchlist-internet.at/news/vermeintlicher-amazon-kundendienst-ve...
===================== = Vulnerabilities = =====================
∗∗∗ QNAP warns of ransomware targeting Internet-exposed NAS devices ∗∗∗ --------------------------------------------- QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qnap-warns-of-ransomware-targ...
∗∗∗ NHS warns of hackers exploiting Log4Shell in VMware Horizon ∗∗∗ --------------------------------------------- UKs National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nhs-warns-of-hackers-exploiti...
∗∗∗ Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console ∗∗∗ --------------------------------------------- Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. --------------------------------------------- https://thehackernews.com/2022/01/log4shell-like-critical-rce-flaw.html
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- IBM hat 36 Security Bulletins veröffentlicht --------------------------------------------- https://www.ibm.com/blogs/psirt/
∗∗∗ Sicherheitsupdate: Angreifer könnten sich auf WordPress-Websites einnisten ∗∗∗ --------------------------------------------- In der aktuellen Version des Content Management System WordPress haben die Entwickler vier Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-6320363
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (log4j and quaternion), Mageia (gnome-shell and singularity), SUSE (libsndfile, libvirt, net-snmp, and python-Babel), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oracle, linux-oracle-5.11, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, [...] --------------------------------------------- https://lwn.net/Articles/880564/
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sphinxsearch), Fedora (chromium and vim), Red Hat (rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon), and Ubuntu (apache2 and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/880672/
∗∗∗ January 5, 2022 TNS-2022-01 [R1] Tenable.sc 5.20.0 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2022-01
∗∗∗ January 5, 2022 TNS-2022-02 [R1] Nessus Network Monitor 6.0.0 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2022-02
∗∗∗ VMware Tanzu Spring Framework: Schwachstelle ermöglicht Manipulation von Log-Dateien ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0006
∗∗∗ Drupal Plugins: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K22-0014
∗∗∗ Omron CX-One ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-006-01
∗∗∗ Fernhill SCADA ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-006-02
∗∗∗ IDEC PLCs ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsa-22-006-03
∗∗∗ Philips Engage Software ∗∗∗ --------------------------------------------- https://us-cert.cisa.gov/ics/advisories/icsma-22-006-01