[CERT-daily] Tageszusammenfassung - 05.10.2020
Daily end-of-shift report
team at cert.at
Mon Oct 5 18:13:53 CEST 2020
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 02-10-2020 18:00 − Montag 05-10-2020 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ MosaicRegressor: Lurking in the Shadows of UEFI ∗∗∗
---------------------------------------------
We found a compromised UEFI firmware image that contained a malicious implant. To the best of our knowledge, this is the second known public case where malicious UEFI firmware in use by a threat actor was found in the wild.
---------------------------------------------
https://securelist.com/mosaicregressor/98849/
∗∗∗ Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data ∗∗∗
---------------------------------------------
The newly discovered ransomware is hitting companies worldwide, including the GEFCO global logistics company.
---------------------------------------------
https://threatpost.com/egregor-ransomware-mass-media-corporate-data/159816/
∗∗∗ Scanning for SOHO Routers, (Sat, Oct 3rd) ∗∗∗
---------------------------------------------
In the past 30 days lots of scanning activity looking for small office and home office (SOHO) routers targeting Netgear.
---------------------------------------------
https://isc.sans.edu/diary/rss/26638
∗∗∗ Raccine-Tool soll Schattenkopien von Windows vor Ransomware schützen ∗∗∗
---------------------------------------------
Erpressungstrojaner verschlüsseln Dateien und löschen Daten, die Opfer zur Wiederherstellung nutzen könnten. Das Gratis-Tool Raccine will Hilfe anbieten.
---------------------------------------------
https://heise.de/-4920206
∗∗∗ Attacks Aimed at Disrupting the Trickbot Botnet ∗∗∗
---------------------------------------------
Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.
---------------------------------------------
https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet/
∗∗∗ Black-T: New Cryptojacking Variant from TeamTnT ∗∗∗
---------------------------------------------
Code within the Black-T malware sample gives evidence of a shift in tactics, techniques and procedures for TeamTnT operations.
---------------------------------------------
https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/
∗∗∗ Shodan Verified Vulns 2020-10-05 ∗∗∗
---------------------------------------------
Wie in unserem Blogpost vom September angekündigt, wollen wir monatlich einen Überblick zu Shodans "Verified Vulnerablilities" in Österreich bieten.
---------------------------------------------
https://cert.at/de/aktuelles/2020/10/shodan-verified-vulns-2020-10-05
=====================
= Vulnerabilities =
=====================
∗∗∗ Tenda Router Zero-Days Emerge in Spyware Botnet Campaign ∗∗∗
---------------------------------------------
A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its denial-of-service functions.
---------------------------------------------
https://threatpost.com/tenda-router-zero-days-spyware-botnet/159834/
∗∗∗ Dringend patchen: Rund eine viertel Million Exchange-Server angreifbar ∗∗∗
---------------------------------------------
Kriminelle nutzen eine Lücke in Microsoft Exchange, um Server zu übernehmen. Dabei gibt es seit Februar einen Patch.
---------------------------------------------
https://heise.de/-4920095
∗∗∗ Security Bulletin: IBM Cloud Pak for Integration Operators affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
Operators for BM Cloud Pak for Integration (CP4I) version 2020.2 are affected by vulnerabilities in Go prior to Go version 1.14.7.
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-operators-affected-by-multiple-vulnerabilities/
∗∗∗ Multiple critical vulnerabilities in RocketLinx Series ∗∗∗
---------------------------------------------
https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-rocketlinx-series/
∗∗∗ WAGO: XSS vulnerability in Web-UI in WAGO 750-88X and WAGO 750-89X ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2020-029
∗∗∗ WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07 ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2020-027
∗∗∗ WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03 ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2020-028
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list