[CERT-daily] Tageszusammenfassung - 28.01.2022

Daily end-of-shift report team at cert.at
Fri Jan 28 18:33:49 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 27-01-2022 18:00 − Freitag 28-01-2022 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Lets Encrypt: Was Admins heute tun müssen ∗∗∗
---------------------------------------------
Heute um 17 Uhr werden bei Lets Encrypt Zertifikate zurückgezogen. Wir beschreiben, wie Admins prüfen können, ob sie betroffen sind. Eine Anleitung von Hanno Böck
---------------------------------------------
https://www.golem.de/news/let-s-encrypt-was-admins-heute-tun-muessen-2201-162764-rss.html


∗∗∗ Fake-Gewinnspiel führt in Abo-Falle: BetrügerInnen geben sich als Ö-Ticket aus! ∗∗∗
---------------------------------------------
Auf Facebook geben sich Kriminelle unter der Seite „Oeticket Österreich“ als Ö-Ticket aus und bewerben das „Gewinnspiel des Jahres“. Zu gewinnen gibt es 2 Tickets für ein Ed Sheeran Konzert. Doch Achtung: Mit dieser Masche versuchen die Kriminellen an Ihre Kreditkartendaten zu kommen und Sie in eine Abo-Falle zu locken.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-gewinnspiel-fuehrt-in-abo-falle-betruegerinnen-geben-sich-als-oe-ticket-aus/


∗∗∗ QNAP probt Zwangsupdate nach 3.600 DeadBolt-Ransomware-Infektionen ∗∗∗
---------------------------------------------
QNAP-Nutzer werden aktuell wohl Opfer der DeadBolt-Ransomware – ich hatte es nicht im Blog, aber binnen einer Woche waren es wohl über 3.600 Opfer. Der NAS-Hersteller greift nun zu drastischen Mitteln und versucht die Firmware betroffener Geräte zwangsweise zu aktualisieren.
---------------------------------------------
https://www.borncity.com/blog/2022/01/28/qnap-probt-zwangsupdate-nach-3-600-deadbolt-ransomware-infektionen/


∗∗∗ EU to create pan-European cyber incident coordination framework ∗∗∗
---------------------------------------------
The European Systemic Risk Board (ESRB) proposed a new systemic cyber incident coordination framework that would allow EU relevant authorities to better coordinate when having to respond to major cross-border cyber incidents impacting the Unions financial sector.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/eu-to-create-pan-european-cyber-incident-coordination-framework/


∗∗∗ Doctor Web’s December 2021 review of virus activity on mobile devices ∗∗∗
---------------------------------------------
According to detection statistics from Dr.Web for Android anti-virus products, adware trojans remained the most active Android threat in December. Another common threat detected on protected devices was malware that downloaded other apps. At the same time, more threats have been found on Google Play, like fake apps from the Android.FakeApp malware family. These are used in various fraudulent schemes.
---------------------------------------------
https://news.drweb.com/show/?i=14408&lng=en&c=9


∗∗∗ Doctor Web’s December 2021 virus activity review ∗∗∗
---------------------------------------------
Our December analysis of Dr.Web’s statistics revealed a 34% increase in the total number of threats compared to the previous month. The number of unique threats decreased by 15%. Nonetheless, adware still made up the majority of detected threats. These threats manifested with different types of malware. A variety of malware, including backdoors, was most often distributed in mail traffic.
---------------------------------------------
https://news.drweb.com/show/?i=14410&lng=en&c=9


∗∗∗ Why are WordPress Websites Targeted by Hackers? ∗∗∗
---------------------------------------------
If you are wondering why your wordpress site keeps getting hacked, or why you’re being targeted by hackers, we’ve compiled some of the top reasons for you. WordPress is one of the most commonly used Content Management Systems across the modern web. Currently over 445 million websites are utilizing WordPress. With a make up of over 40% of sites on the web utilizing WordPress to some extent, it’s only expected for bad actors to take advantage of its popularity. 
---------------------------------------------
https://blog.sucuri.net/2022/01/why-are-wordpress-sites-targeted-by-hackers.html


∗∗∗ Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing ∗∗∗
---------------------------------------------
Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victims network to further propagate spam emails and widen the infection pool. The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication (MFA), thereby making it possible for the adversary to take advantage of the target's bring-your-own-device (BYOD) policy and introduce their own rogue devices using the pilfered credentials.
---------------------------------------------
https://thehackernews.com/2022/01/hackers-using-device-registration-trick.html


∗∗∗ How to avoid an open source security nightmare ∗∗∗
---------------------------------------------
Just as it would be a mistake to say that all closed source projects are bug-free, its a mistake to say that all open source projects are security risks. Different projects have different focuses; some of them are much more concerned with the security of their releases.
---------------------------------------------
https://www.zdnet.com/article/how-to-avoid-an-open-source-security-nightmare/


∗∗∗ Weekly Threat Report 28th January 2022 ∗∗∗
---------------------------------------------
Read about the Mirai-based malware exploiting poor security, CISA updates and New Scanning Made Easy trial service from the NCSC
---------------------------------------------
https://www.ncsc.gov.uk/report/weekly-threat-report-28th-january-2022



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates available in Foxit PDF Reader 11.2.1 and Foxit PDF Editor 11.2.1 ∗∗∗
---------------------------------------------
Foxit has released Foxit PDF Reader 11.2.1 and Foxit PDF Editor 11.2.1, which address potential security and stability issues. CVE-2018-1285, CVE-2021-40420, CVE-2021-44708, CVE-2021-44709, CVE-2021-44740, CVE-2021-44741, CVE-2022-22150
---------------------------------------------
https://www.foxit.com/support/security-bulletins.html


∗∗∗ VMSA-2021-0028 - VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046) ∗∗∗
---------------------------------------------
2022-01-27: VMSA-2022-0028.10 - Revised advisory with updates to multiple products, including vCenter Server.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0028.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (java-1.8.0-openjdk), Debian (graphicsmagick), Fedora (grafana), Mageia (aom and roundcubemail), openSUSE (log4j and qemu), Oracle (parfait:0.5), Red Hat (java-1.7.1-ibm and java-1.8.0-openjdk), Slackware (expat), SUSE (containerd, docker, log4j, and strongswan), and Ubuntu (cpio, shadow, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/883047/


∗∗∗ Denial of Service in Rexroth ActiveMover using Profinet protocol ∗∗∗
---------------------------------------------
BOSCH-SA-637429: The ActiveMover with Profinet communication module (Rexroth no. 3842 559 445) sold by Bosch Rexroth contains communication technology from Hilscher (PROFINET IO Device V3) in which a vulnerability with high severity has been discovered. A Denial of Service vulnerability may lead to unexpected loss of cyclic communication or interruption of acyclic communication.
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-637429.html


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list