[CERT-daily] Tageszusammenfassung - 28.10.2021

Thu Oct 28 18:07:15 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 27-10-2021 18:00 − Donnerstag 28-10-2021 18:00
Handler:     Wolfgang Menezes
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ QR Codes Help Attackers Sneak Emails Past Security Controls ∗∗∗
---------------------------------------------
A recently discovered campaign shows how attackers are constantly developing new techniques to deceive phishing victims.
---------------------------------------------
https://www.darkreading.com/attacks-breaches/qr-codes-help-attackers-sneak-emails-past-security-controls


∗∗∗ How we took part in MLSEC and (almost) won ∗∗∗
---------------------------------------------
How we took part in the Machine Learning Security Evasion Competition (MLSEC) — a series of trials testing contestants’ ability to create and attack machine learning models.
---------------------------------------------
https://securelist.com/how-we-took-part-in-mlsec-and-almost-won/104699/


∗∗∗ EU’s Green Pass Vaccination ID Private Key Leaked ∗∗∗
---------------------------------------------
The private key used to sign the vaccine passports was leaked and is being passed around to create fake passes for the likes of Mickey Mouse and Adolf Hitler.
---------------------------------------------
https://threatpost.com/eus-green-pass-vaccination-id-private-key-leaked/175857/


∗∗∗ New Wslink Malware Loader Runs as a Server and Executes Modules in Memory ∗∗∗
---------------------------------------------
Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed "Wslink" by ESET, this previously undocumented malware stands apart from the rest in that it runs as a server and executes received modules in memory.
---------------------------------------------
https://thehackernews.com/2021/10/new-wslink-malware-loader-runs-as.html


∗∗∗ Threat profile: Ranzy Locker ransomware ∗∗∗
---------------------------------------------
What you need to know about Ranzy Locker ransomware.
---------------------------------------------
https://blog.malwarebytes.com/ransomware/2021/10/threat-profile-ranzy-locker-ransomware/


∗∗∗ PSA: Widespread Remote Working Scam Underway ∗∗∗
---------------------------------------------
Attackers are posting jobs pretending to be from existing companies and steal money and/or personal information from jobseekers.
---------------------------------------------
https://www.wordfence.com/blog/2021/10/psa-widespread-remote-working-scam-underway/


∗∗∗ Trends und Entwicklungen bei Fake-Shops ∗∗∗
---------------------------------------------
Fake-Shops gibt es wie Sand am Meer - und auch sie entwickeln sich nach Trends: Von E-Bikes bis zur Playstation5. Diese Trends sind von der Saison, aber auch von Angebot und Nachfrage abhängig. Was die Watchlist Internet im letzten Jahr über Fake-Shop-Trends erfahren hat, lesen Sie hier.
---------------------------------------------
https://www.watchlist-internet.at/news/trends-und-entwicklungen-bei-fake-shops/


∗∗∗ Free decrypters released for AtomSilo, Babuk, and LockFile ransomware strains ∗∗∗
---------------------------------------------
Antivirus maker and cyber-security firm Avast has released today free decryption utilities to recover files that have been encrypted by three ransomware strains—AtomSilo, Babuk, and LockFile.
---------------------------------------------
https://therecord.media/free-decrypters-released-for-atomsilo-babuk-and-lockfile-ransomware-strains/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
Cisco hat 19 Security Advisories veröffentlicht. Keines davon wird als "Critical" eingestuft, neun als "High".
---------------------------------------------
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&lastPublishedStartDate=2021%2F10%2F27&lastPublishedEndDate=2021%2F10%2F28


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by openSUSE (salt), Slackware (bind), SUSE (salt), and Ubuntu (php5, php7.0, php7.2, php7.4, php8.0).
---------------------------------------------
https://lwn.net/Articles/874210/


∗∗∗ 2021 CWE Most Important Hardware Weaknesses ∗∗∗
---------------------------------------------
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List. The 2021 Hardware List is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in hardware.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/10/28/2021-cwe-most-important-hardware-weaknesses

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily