[CERT-daily] Tageszusammenfassung - 03.09.2019
Daily end-of-shift report
team at cert.at
Tue Sep 3 18:25:05 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Montag 02-09-2019 18:00 − Dienstag 03-09-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Nemty Ransomware Gets Distribution from RIG Exploit Kit ∗∗∗
---------------------------------------------
The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/nemty-ransomware-gets-distribution-from-rig-exploit-kit/
∗∗∗ Fake BleachBit Website Built to Distribute AZORult Info Stealer ∗∗∗
---------------------------------------------
Cybercriminals are taking advantage of the popularity of the BleachBit disk cleaning tool to spread Azorult information stealer. For this purpose, they created a static web page that purports to be the official website for the utility.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-bleachbit-website-built-to-distribute-azorult-info-stealer/
∗∗∗ Credential Management and Enforcement for ICS/SCADA environments ∗∗∗
---------------------------------------------
In the world of Operational Technology (OT), Industrial Control Systems (ICS) comprise the majority of the segment. Where ICS assets are dispersed and require centralized data acquisition and control, Supervisory Control and Data Acquisition (SCADA) systems are used.
---------------------------------------------
https://resources.infosecinstitute.com/credential-management-and-enforcement-for-ics-scada-environments/
∗∗∗ Ratgeber vom Hersteller: So erkennt man gehackte Cisco-Geräte ∗∗∗
---------------------------------------------
Der Netzwerkausrüster Cisco hat vier Guides für verschiedene Software veröffentlicht, die helfen sollen, Hinweise auf mögliche Kompromittierungen zu finden.
---------------------------------------------
https://heise.de/-4512704
∗∗∗ Meet Domen, a New and Sophisticated Social Engineering Toolkit ∗∗∗
---------------------------------------------
A new social engineering toolkit has been discovered. The operational premise has been used many times, but the execution of that premise is new and described by security researchers "a beautiful piece of work".
---------------------------------------------
https://www.securityweek.com/meet-domen-new-and-sophisticated-social-engineering-toolkit
https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2019/09/new-social-engineering-toolkit-draws-inspiration-from-previous-web-campaigns/
∗∗∗ Diese Kleinanzeigen-Betrugsmasche sollten Sie kennen ∗∗∗
---------------------------------------------
BetrügerInnen versuchen auf Online-Marktplätzen wie willhaben, shpock und Co, ohne Bezahlung an Ihre Ware zu kommen. Sie geben sich als vermeintliche Zahlungsdienstleister und Zwischenvermittler aus und senden Ihnen eine gefälschte Zahlungsbestätigung. Das Geld wird angeblich erst für Sie freigegeben, wenn Sie den zu viel überwiesenen Betrag für das Speditionsunternehmen oder eine Versandbestätigung des Paketes übermitteln.
---------------------------------------------
https://www.watchlist-internet.at/news/diese-kleinanzeigen-betrugsmasche-sollten-sie-kennen/
=====================
= Vulnerabilities =
=====================
∗∗∗ 'USBAnywhere' Bugs Open Supermicro Servers to Remote Attackers ∗∗∗
---------------------------------------------
Trivial-to-exploit authentication flaws can give an unsophisticated remote attacker omnipotent control over a server and its contents.
---------------------------------------------
https://threatpost.com/usbanywhere-bugs-supermicro-remote-attack/147899/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (qemu), Fedora (ansible and wavpack), openSUSE (apache-commons-beanutils, apache2, go1.12, httpie, libreoffice, qemu, and slurm), Oracle (ghostscript), Scientific Linux (ghostscript), SUSE (ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, [...]
---------------------------------------------
https://lwn.net/Articles/798225/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list