[CERT-daily] Tageszusammenfassung - 06.09.2022

Tue Sep 6 18:34:39 CEST 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 05-09-2022 18:00 − Dienstag 06-09-2022 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ New EvilProxy service lets all hackers use advanced phishing tactics ∗∗∗
---------------------------------------------
A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-evilproxy-service-lets-all-hackers-use-advanced-phishing-tactics/


∗∗∗ Mythic Case Study: Assessing Common Offensive Security Tools ∗∗∗
---------------------------------------------
Having covered the Sliver C2 framework in a previous post (May 2022), this blog will continue our examination of Cobalt Strike “alternatives”, focusing on the Mythic C2 framework.
---------------------------------------------
https://team-cymru.com/blog/2022/09/06/mythic-case-study-assessing-common-offensive-security-tools/


∗∗∗ Analysis of an Encoded Cobalt Strike Beacon, (Tue, Sep 6th) ∗∗∗
---------------------------------------------
Someone reached out to me for the analysis of a Cobalt Strike beacon. This is the sample.
---------------------------------------------
https://isc.sans.edu/diary/rss/29014


∗∗∗ TA505 Groups TeslaGun In-Depth Analysis ∗∗∗
---------------------------------------------
TA505 is a financially motivated threat group that has been active since 2014. The group frequently changes its malware attack strategies in response to global cybercrime trends. It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on.
---------------------------------------------
https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis


∗∗∗ Vorsicht vor gefälschten PayPal-Nachrichten ∗∗∗
---------------------------------------------
Gefälschte PayPal-Nachrichten befinden sich momentan vermehrt im Umlauf. Sie haben eine angebliche Rechnung von PayPal erhalten, über ein Produkt, das Sie nicht bestellt haben? Oder es wird eine Vorabzahlung für eine angebliche Transaktion gefordert? Ignorieren Sie diese Nachrichten, sie sind Fake!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-paypal-nachrichten/


∗∗∗ Mirai Variant MooBot Targeting D-Link Devices ∗∗∗
---------------------------------------------
Attackers are leveraging known vulnerabilities in D-Link devices to deliver MooBot, a Mirai variant, potentially leading to further DDoS attacks.
---------------------------------------------
https://unit42.paloaltonetworks.com/moobot-d-link-devices/


∗∗∗ Shikitega - New stealthy malware targeting Linux ∗∗∗
---------------------------------------------
Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.
---------------------------------------------
https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linux


∗∗∗ Over Half of Global Firms Supply Chains Compromised by Ransomware ∗∗∗
---------------------------------------------
Cybersecurity leader Trend Micro announced new research today that reveals global organizations are increasingly at risk of ransomware compromise via their extensive supply chains.
---------------------------------------------
https://newsroom.trendmicro.com/2022-09-06-Over-Half-of-Global-Firms-Supply-Chains-Compromised-by-Ransomware


∗∗∗ Play Ransomwares Attack Playbook Similar to that of Hive, Nokoyawa ∗∗∗
---------------------------------------------
Play is a new ransomware that takes a page out of Hive and Nokoyawas playbook. The many similarities among them indicate that Play, like Nokoyawa, are operated by the same people.
---------------------------------------------
https://www.trendmicro.com/en_us/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Fortinet Security Advisories 2022-09-06 ∗∗∗
---------------------------------------------
On Sep 06, 2022, Fortinet has released 12 advisories for issues resolved in Fortinet products. (Severity: Low (2), Medium (9), High (1))
---------------------------------------------
https://fortiguard.fortinet.com/psirt?date=09-2022


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Red Hat (pcs), SUSE (389-ds and firefox), and Ubuntu (linux-hwe-5.4 and linux-oracle).
---------------------------------------------
https://lwn.net/Articles/907275/


∗∗∗ Hitachi Storage: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein Angreifer kann mehrere Schwachstellen in Hitachi Storage ausnutzen, um Informationen offenzulegen und beliebigen Code zur Ausführung zu bringen.
---------------------------------------------
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1292


∗∗∗ Hitachi Energy TXpert Hub CoreTec 4 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-249-04


∗∗∗ Triangle Microworks Libraries ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-249-01


∗∗∗ AVEVA Edge 2020 R2 SP1 and all prior versions ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-249-02


∗∗∗ Cognex 3D-A1000 Dimensioning System ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-249-03

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily