[CERT-daily] Tageszusammenfassung - 14.10.2022
Daily end-of-shift report
team at cert.at
Fri Oct 14 19:13:40 CEST 2022
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 13-10-2022 18:00 − Freitag 14-10-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Infostealer: Was ist das, wie werden sie verbreitet und wie lassen sie sich aufhalten? ∗∗∗
---------------------------------------------
Infostealer sind eine schädliche Software, die darauf ausgelegt ist, Ihre vertraulichen Daten zu stehlen. Hier erfahren Sie, was genau sie sind, wie sie verbreitet werden und wie sie sich aufhalten lassen.
---------------------------------------------
https://blog.emsisoft.com/de/41944/infostealer-was-ist-das-wie-werden-sie-verbreitet-und-wie-lassen-sie-sich-aufhalten/
∗∗∗ Magniber ransomware now infects Windows users via JavaScript files ∗∗∗
---------------------------------------------
A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/magniber-ransomware-now-infects-windows-users-via-javascript-files/
∗∗∗ What the Uber Hack can teach us about navigating IT Security ∗∗∗
---------------------------------------------
The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/what-the-uber-hack-can-teach-us-about-navigating-it-security/
∗∗∗ Microsoft 365 Message Encryption Can Leak Sensitive Info ∗∗∗
---------------------------------------------
The default email encryption used in Microsoft Offices cloud version is leaky, which the company acknowledged but said it wouldnt fix.
---------------------------------------------
https://www.darkreading.com/application-security/microsoft-365-message-encryption-can-leak-sensitive-info
∗∗∗ Hunting for Cobalt Strike: Mining and plotting for fun and profit ∗∗∗
---------------------------------------------
Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you have Cobalt Strike [...]
---------------------------------------------
https://msrc-blog.microsoft.com/2022/10/13/hunting-for-cobalt-strike-mining-and-plotting-for-fun-and-profit/
∗∗∗ Improvements in Security Update Notifications Delivery - And a New Delivery Method ∗∗∗
---------------------------------------------
At MSRC, we are passionate about ensuring our customers have a positive experience when they use the Microsoft Security Update Guide (SUG). A big part of improving that experience is ensuring that customers have timely and easily accessible notifications. As such we have two important announcements to share about changes to the way we provide notifications.
---------------------------------------------
https://msrc-blog.microsoft.com/2022/10/12/14921/
∗∗∗ Analysis of a Malicious HTML File (QBot), (Thu, Oct 13th) ∗∗∗
---------------------------------------------
Reader Eric submitted a malicious HTML page that contains BASE64 images with malware.
---------------------------------------------
https://isc.sans.edu/diary/rss/29146
∗∗∗ Firefoxs New Service Gives You a Burner Phone Number To Cut Down on Spam ∗∗∗
---------------------------------------------
Firefox Relay, a Mozilla service designed to hide your "real" email address by giving you virtual ones to hand out, is expanding to offer virtual phone numbers. From a report: In a blog post Mozilla product manager Tony Amaral-Cinotto explains that the relay service generates a phone number for you to give out to companies if you suspect they might use it to send you spam messages in the future, or if you think they might share it with others who will.
---------------------------------------------
https://news.slashdot.org/story/22/10/13/1124240/firefoxs-new-service-gives-you-a-burner-phone-number-to-cut-down-on-spam
∗∗∗ PiRogue Tool Suite Mobile forensic & network analysis on a Raspberry Pie ∗∗∗
---------------------------------------------
PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting mobile devices both Android and iOS, internet of things devices (devices that are connected to the user mobile apps), and in general any device using wi-fi to connect to the Internet.
---------------------------------------------
https://pts-project.org/
∗∗∗ PoC Published for Fortinet Vulnerability as Mass Exploitation Attempts Begin ∗∗∗
---------------------------------------------
Details and a proof-of-concept (PoC) exploit have been published for the recent Fortinet vulnerability tracked as CVE-2022-40684, just as cybersecurity firms are seeing what appears to be the start of mass exploitation attempts.
---------------------------------------------
https://www.securityweek.com/poc-published-fortinet-vulnerability-mass-exploitation-attempts-begin
∗∗∗ Ransom Cartel Ransomware: A Possible Connection With REvil ∗∗∗
---------------------------------------------
Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview.
---------------------------------------------
https://unit42.paloaltonetworks.com/ransom-cartel-ransomware/
∗∗∗ Seven tips to run effective security awareness campaigns ∗∗∗
---------------------------------------------
Planning large-scale security awareness campaigns throws up many questions to grapple with. How can you make sure your campaign reaches the right people? What’s the best way to inspire them to take action? And how do you run a security awareness campaign so realistic it gets banned by the national post office?
---------------------------------------------
https://connect.geant.org/2022/10/14/seven-tips-to-run-effective-security-awareness-campaigns
∗∗∗ Shodan Verified Vulns 2022-10-01 ∗∗∗
---------------------------------------------
Mit Stand 2022-10-01 sieht Shodan in Österreich die folgenden Schwachstellen: [...]
---------------------------------------------
https://cert.at/de/aktuelles/2022/10/shodan-verified-vulns-2022-10-01
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM Performance Management, IBM Watson Discovery for IBM Cloud Pak for Data, IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data, IBM Cloud Pak System
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium), Fedora (dbus, dhcp, expat, kernel, thunderbird, vim, and weechat), Mageia (libofx, lighttpd, mediawiki, and python), Oracle (.NET 6.0 and .NET Core 3.1), Slackware (python3), SUSE (chromium, kernel, libosip2, python-Babel, and python-waitress), and Ubuntu (gThumb, heimdal, linux-aws, linux-gcp-4.15, linux-aws-hwe, linux-gcp, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, postgresql-9.5, and xmlsec1).
---------------------------------------------
https://lwn.net/Articles/911168/
∗∗∗ Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service ∗∗∗
---------------------------------------------
This advisory contains mitigations for Allocation of Resources Without Limits or Throttling and Code Injection vulnerabilities in versions of Hitachi Energy Lumada Asset Performance Manager (APM) software.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-286-05
∗∗∗ OpenSSL Infinite loop when parsing certificates CVE-2022-0778 ∗∗∗
---------------------------------------------
Version: 1.7, Date: 14-Oct-2022, Description: Fixed product(s) lists are updated: GMS, Analytics, SonicWave, SonicSwitch, Connect Tunnel Client.
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
∗∗∗ Joomla KSAdvertiser 2.5.37 Cross Site Scripting ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2022100035
∗∗∗ Android App "IIJ SmartKey" vulnerable to information disclosure ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN74534998/
∗∗∗ Pulse Secure Pulse Connect Secure: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1717
∗∗∗ Red Hat Enterprise Linux (Advanced Cluster Management): Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1715
∗∗∗ Atlassian Jira Software: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1719
∗∗∗ Octopus Deploy: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1720
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list