[CERT-daily] Tageszusammenfassung - 05.12.2022

Mon Dec 5 18:07:57 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 02-12-2022 18:00 − Montag 05-12-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ BlackProxies proxy service increasingly popular among hackers ∗∗∗
---------------------------------------------
A new residential proxy market is becoming popular among hackers, cybercriminals, phishers, scalpers, and scammers, selling access to a million claimed proxy IP addresses worldwide.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/


∗∗∗ Hackers use new, fake crypto app to breach networks, steal cryptocurrency ∗∗∗
---------------------------------------------
The North Korean Lazarus hacking group is linked to a new attack spreading fake cryptocurrency apps under the made-up brand, "BloxHolder," to install the AppleJeus malware for initial access to networks and steal crypto assets.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/


∗∗∗ If one sheep leaps over the ditch… ∗∗∗
---------------------------------------------
In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend.
---------------------------------------------
https://securelist.com/crimeware-report-ransomware-tactics-vulnerable-drivers/108197/


∗∗∗ OWASP Top 10 CI/CD Security Risks ∗∗∗
---------------------------------------------
This document helps defenders identify focus areas for securing their CI/CD ecosystem. It is the result of extensive research into attack vectors associated with CI/CD, and the analysis of high profile breaches and security flaws.
---------------------------------------------
https://owasp.org/www-project-top-10-ci-cd-security-risks/


∗∗∗ #StopRansomware: Cuba Ransomware Alert (AA22-335A) ∗∗∗
---------------------------------------------
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. 
---------------------------------------------
https://www.cisa.gov/uscert/ncas/alerts/aa22-335a


∗∗∗ CryWiper: Fake-Ransomware zerstört Daten insbesondere in Russland ∗∗∗
---------------------------------------------
Die Virenanalysten von Kaspersky haben den Schädling CryWiper entdeckt, der sich als Ransomware ausgibt, Daten aber unwiderbringlich zerstört.
---------------------------------------------
https://heise.de/-7366160


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Severe AMI MegaRAC flaws impact servers from AMD, ARM, HPE, Dell, others ∗∗∗
---------------------------------------------
Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/severe-ami-megarac-flaws-impact-servers-from-amd-arm-hpe-dell-others/


∗∗∗ Sicherheitsupdate: Schadcode könnte durch Sophos-Firewalls schlüpfen ∗∗∗
---------------------------------------------
Die Entwickler des Sicherheitssoftware-Anbieters Sophos haben in hauseigenen Firewalls sieben Sicherheitslücken geschlossen. Eine gilt als kritisch.
---------------------------------------------
https://heise.de/-7366076


∗∗∗ Sicherheitslücke: Codeschmuggel mit Ping in FreeBSD ∗∗∗
---------------------------------------------
Angreifer könnten FreeBSD mit manipulierten Ping-Anfragen zum Ausführen untergejubelten Schadcodes bringen. Aktualisierungen stehen bereit.
---------------------------------------------
https://heise.de/-7366590


∗∗∗ Notfall-Update: Zero-Day-Sicherheitslücke in Google Chrome unter Beschuss ∗∗∗
---------------------------------------------
Google hat ein ungeplantes Update für Chrome herausgegeben. Damit schließt der Hersteller eine Sicherheitslücke im Webbrowser, die derzeit angegriffen wird.
---------------------------------------------
https://heise.de/-7365415


∗∗∗ Veritas NetBackup: Update schließt teils kritische Scherheitslücken ∗∗∗
---------------------------------------------
In Veritas NetBackup Flex Scale und Access Appliance könnten Angreifer aus dem Netz ohne Anmeldung Befehle einschleusen. Hotfixes beheben die Fehler.
---------------------------------------------
https://heise.de/-7365984


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (awstats, chromium, clamav, g810-led, giflib, http-parser, jhead, libpgjava, node-cached-path-relative, node-fetch, and vlc), Fedora (fastnetmon, kernel, librime, qpress, rr, thunderbird, and wireshark), Red Hat (kernel, kernel-rt, and kpatch-patch), Slackware (mozilla), SUSE (cherrytree and chromium), and Ubuntu (libbpf, libxml2, linux-gcp-5.15, linux-gke, linux-gke-5.15, and linux-gke).
---------------------------------------------
https://lwn.net/Articles/916979/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily