===================== = End-of-Day report = =====================
Timeframe: Montag 29-01-2024 18:00 − Dienstag 30-01-2024 18:00 Handler: Thomas Pribitzer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Ransomwareattacke: Hacker greifen interne Daten von Schneider Electric ab ∗∗∗ --------------------------------------------- Angeblich steckt die Ransomwaregruppe Cactus hinter dem Angriff. Sie hat offenbar mehrere TByte an Daten exfiltriert und fordert ein Lösegeld. --------------------------------------------- https://www.golem.de/news/ransomwareattacke-hacker-greifen-interne-daten-von...
∗∗∗ What did I say to make you stop talking to me?, (Tue, Jan 30th) ∗∗∗ --------------------------------------------- We use Cowrie to emulate an SSH and Telnet server for our honeypots. Cowrie is great software maintained by Michel Oosterhof. --------------------------------------------- https://isc.sans.edu/diary/rss/30604
∗∗∗ New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility ∗∗∗ --------------------------------------------- Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnets infrastructure was dismantled in April 2022. --------------------------------------------- https://thehackernews.com/2024/01/new-zloader-malware-variant-surfaces.html
∗∗∗ Is Your SAP Cloud Connector Safe? The Risk You Can’t Ignore ∗∗∗ --------------------------------------------- In this article, we will discuss security issues and provide recommendations to mitigate the risks associated with using SAP CC on the Windows platform. --------------------------------------------- https://redrays.io/blog/sap-cloud-connector-security/
∗∗∗ Ransomware-Bericht: Immer weniger Opfer zahlen Lösegeld ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen aktuelle Trends bei Verschlüsselungstrojanern auf. Unter anderem schrumpfen die Summen von Lösegeldern. --------------------------------------------- https://www.heise.de/news/Ransomware-Bericht-Immer-weniger-Opfer-zahlen-Loes...
∗∗∗ Lieber nicht: Abnehm-Pillen von Keto Base ∗∗∗ --------------------------------------------- In einem gefälschten Online-Artikel werden Abnehm-Pillen von Keto Base beworben. Angeblich wurde dieses „Wundermittel“ zum schnellen Abnehmen in der TV-Show „Höhle des Löwen“ vorgestellt und finanziert. Dabei handelt es sich aber um Fake News. Dieses Angebot ist unseriös und schädigt im schlimmsten Fall Ihrer Gesundheit. --------------------------------------------- https://www.watchlist-internet.at/news/lieber-nicht-abnehm-pillen-von-keto-b...
∗∗∗ Trigona Ransomware Threat Actor Uses Mimic Ransomware ∗∗∗ --------------------------------------------- AhnLab SEcurity intelligence Center (ASEC) has recently identified a new activity of the Trigona ransomware threat actor installing Mimic ransomware. --------------------------------------------- https://asec.ahnlab.com/en/61000/
∗∗∗ DarkGate malware delivered via Microsoft Teams - detection and response ∗∗∗ --------------------------------------------- While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. --------------------------------------------- https://cybersecurity.att.com/blogs/security-essentials/darkgate-malware-del...
===================== = Vulnerabilities = =====================
∗∗∗ DLL Proxying: Trend Micro liefert Updates, weitere Hersteller angreifbar ∗∗∗ --------------------------------------------- Bei Antivirenprogrammen mehrerer Hersteller haben IT-Forscher DLL-Proxying-Schwachstellen gefunden. Trend Micro hat schon Updates. --------------------------------------------- https://www.heise.de/news/DLL-Proxying-Trend-Micro-liefert-Updates-weitere-H...
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pillow, postfix, and redis), Fedora (python-templated-dictionary and selinux-policy), Red Hat (gnutls, kpatch-patch, libssh, and tomcat), and Ubuntu (amanda, ceph, linux-azure, linux-azure-4.15, linux-kvm, and tinyxml). --------------------------------------------- https://lwn.net/Articles/960008/
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/support/pages/bulletin/
∗∗∗ XSA-450 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-450.html
∗∗∗ XSA-449 ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-449.html
∗∗∗ Festo: Multiple products contain CoDe16 vulnerability ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-063/
∗∗∗ Pilz: Vulnerabiiity in PASvisu and PMI v8xx ∗∗∗ --------------------------------------------- https://cert.vde.com/de/advisories/VDE-2023-050/
∗∗∗ Emerson Rosemount GC370XA, GC700XA, GC1500XA ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01
∗∗∗ Mitsubishi Electric FA Engineering Software Products ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02
∗∗∗ Mitsubishi Electric MELSEC WS Series Ethernet Interface Module ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-03
∗∗∗ Zyxel security advisory for post-authentication command injection vulnerability in NAS products ∗∗∗ --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-a...