[CERT-daily] Tageszusammenfassung - 03.11.2022
Daily end-of-shift report
team at cert.at
Thu Nov 3 18:10:38 CET 2022
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 02-11-2022 18:00 − Donnerstag 03-11-2022 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
=====================
= News =
=====================
∗∗∗ Emotet botnet starts blasting malware again after 5 month break ∗∗∗
---------------------------------------------
The Emotet malware operation is again spamming malicious emails after almost a five-month "vacation" that saw little activity from the notorious cybercrime operation.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emotet-botnet-starts-blasting-malware-again-after-5-month-break/
∗∗∗ Hundreds of U.S. news sites push malware in supply-chain attack ∗∗∗
---------------------------------------------
The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hundreds-of-us-news-sites-push-malware-in-supply-chain-attack/
∗∗∗ Was tun, wenn ich Opfer von Cybercrime geworden bin? ∗∗∗
---------------------------------------------
Die Online-Identität kann schnell gestohlen werden, wenn jemand seine Daten auf unseriösen Websites eingibt. Dann kann es zu weiteren Konsequenzen kommen.
---------------------------------------------
https://futurezone.at/digital-life/cybercrime-identitaetsdiebstahl-phishing-e-mails-passwoerter-it-sicherheit/402203712
∗∗∗ The OpenSSL security update story – how can you tell what needs fixing? ∗∗∗
---------------------------------------------
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...
---------------------------------------------
https://nakedsecurity.sophos.com/2022/11/03/the-openssl-security-update-story-how-can-you-tell-what-needs-fixing/
∗∗∗ P2P Botnets: Review - Status - Continuous Monitoring ∗∗∗
---------------------------------------------
P2P networks are more scalable and robust than traditional C/S structures, and these advantages were recognized by the botnet authors early on and used in their botnets.
---------------------------------------------
https://blog.netlab.360.com/p2p-botnets-review-status-continuous-monitoring/
∗∗∗ Breakpoints in Burp, (Wed, Nov 2nd) ∗∗∗
---------------------------------------------
No, this is not a story about the Canadian Thanksgiving long weekend, it's about web application testing. I recently had a web application to assess, and I used Burp Suite Pro as part of that project.
---------------------------------------------
https://isc.sans.edu/diary/rss/29214
∗∗∗ Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT ∗∗∗
---------------------------------------------
The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro.
---------------------------------------------
https://thehackernews.com/2022/11/hackers-using-rogue-versions-of-keepass.html
∗∗∗ Researchers discover security loophole allowing attackers to use Wi-Fi to see through walls ∗∗∗
---------------------------------------------
The Wi-Peep exploits a loophole the researchers call polite Wi-Fi. Even if a network is password protected, smart devices will automatically respond to contact attempts from any device within range. The Wi-Peep sends several messages to a device as it flies and then measures the response time on each, enabling it to identify the devices location to within a meter.
---------------------------------------------
https://techxplore.com/news/2022-11-loophole-wi-fi-walls.html
∗∗∗ Passwörter: 64 Prozent der User verwenden Kennwörter mehrmals ∗∗∗
---------------------------------------------
Eine Umfrage unter 3750 Angestellten auch aus deutschen Organisationen fördert bedenkliche Passwortnutzung zutage. Und das trotz besseren Wissens.
---------------------------------------------
https://heise.de/-7328871
∗∗∗ BSI-Lagebericht 2022: Gefährdungslage im Cyber-Raum hoch wie nie ∗∗∗
---------------------------------------------
Im Berichtszeitraum hat sich die bereits zuvor angespannte Lage weiter zugespitzt. Grund dafür sind anhaltende Aktivitäten im Bereich der Cyber-Kriminalität, Cyber-Angriffe im Kontext des russischen Angriffs auf die Ukraine und eine unzureichende Produktqualität von IT- und Software-Produkten.
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/221025_Lagebericht.html
∗∗∗ A new crop of malicious modules found on PyPI ∗∗∗
---------------------------------------------
Phylum has posted anarticle with a detailed look at a set of malicious packages discoveredby an automated system they have developed. Similar to this attacker’s previous attempts, this particular attack starts by copying existing popular libraries and simply injecting a malicious __import__ statement into an otherwise healthy codebase.
---------------------------------------------
https://lwn.net/Articles/913555/
∗∗∗ Vorsicht vor Scam-Versuchen auf Telegram ∗∗∗
---------------------------------------------
Eine Nachricht auf Telegram erreicht Sie aus heiterem Himmel: Jemand, den Sie nicht kennen bietet Ihnen eine lukrative Investment-Möglichkeit an, oder sogar eine große Summe Geld. Vorsicht, bei diesen Nachrichten handelt es sich um Betrugsversuche!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-scam-versuchen-auf-telegram/
∗∗∗ Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild ∗∗∗
---------------------------------------------
We present new techniques that leverage active probing and network fingerprint technology to help you detect Cobalt Strike’s Team Servers.
---------------------------------------------
https://unit42.paloaltonetworks.com/cobalt-strike-team-server/
∗∗∗ ASEC Weekly Malware Statistics (October 24th, 2022 – October 30th, 2022) ∗∗∗
---------------------------------------------
This post will list weekly statistics collected from October 24th, 2022 (Monday) to October 30th (Sunday).
---------------------------------------------
https://asec.ahnlab.com/en/41139/
=====================
= Vulnerabilities =
=====================
∗∗∗ Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602) ∗∗∗
---------------------------------------------
Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October 25th 2022, fixed in version 3.0.7. As part of our standard processes, we are rolling out fixes for impacted services.
---------------------------------------------
https://msrc-blog.microsoft.com/2022/11/02/microsoft-guidance-related-to-openssl-risk-cve-2022-3786-and-cve-2202-3602/
∗∗∗ IBM Security Bulletins 2022-11-02 ∗∗∗
---------------------------------------------
Content Collector for Email in Content Search Services container, IBM Business Automation Workflow, IBM Business Process Manager (BPM), IBM InfoSphere DataStage, IBM MQ, IBM Operations Analytics - Log Analysis, IBM SPSS Modeler, IBM Security SOAR, Platform Navigator and Automation Assets in IBM Cloud Pak for Integration
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Schwachstellenscanner Nessus: Updates schließen mehrere Sicherheitslücken ∗∗∗
---------------------------------------------
Der Netzwerk-Schwachstellenscanner Nessus behebt mit neuen Versionen mehrere Schwachstellen in Drittherstellerkomponenten. Admins sollten sie installieren.
---------------------------------------------
https://heise.de/-7328440
∗∗∗ Patchday Fortinet: FortiSIEM speichert Log-in-Daten unverschlüsselt ∗∗∗
---------------------------------------------
Es gibt wichtige Updates für Sicherheitsprodukte von Fortinet. Darunter etwa FortiADC und FortiOS. Keine Lücke gilt als kritisch.
---------------------------------------------
https://heise.de/-7328476
∗∗∗ (Non-US) DIR-1935 : Rev. Ax : F/W v1.03b02 :: Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10310
∗∗∗ Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product ∗∗∗
---------------------------------------------
https://www.securityweek.com/splunk-patches-9-high-severity-vulnerabilities-enterprise-product
∗∗∗ ETIC Telecom Remote Access Server (RAS) ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-307-01
∗∗∗ Nokia ASIK AirScale System Module ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-307-02
∗∗∗ Delta Industrial Automation DIALink ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-307-03
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list