[CERT-daily] Tageszusammenfassung - 05.01.2023
Daily end-of-shift report
team at cert.at
Thu Jan 5 19:31:07 CET 2023
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 04-01-2023 18:00 − Donnerstag 05-01-2023 18:00
Handler: Stephan Richter
Co-Handler: Michael Schlagenhaufer
=====================
= News =
=====================
∗∗∗ Bluebottle hackers used signed Windows driver in attacks on banks ∗∗∗
---------------------------------------------
A signed Windows driver has been used in attacks on banks in French-speaking countries, likely from a threat actor that stole more than $11 million from various banks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/bluebottle-hackers-used-signed-windows-driver-in-attacks-on-banks/
∗∗∗ SpyNote Android malware infections surge after source code leak ∗∗∗
---------------------------------------------
The Android malware family tracked as SpyNote (or SpyMax) has had a sudden increase in detections in the final quarter of 2022, which is attributed to a source code leak of one of its latest, known as CypherRat.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/spynote-android-malware-infections-surge-after-source-code-leak/
∗∗∗ PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources ∗∗∗
---------------------------------------------
We take a deep dive into Automated Libra, the cloud threat actor group behind the freejacking campaign PurpleUrchin.
---------------------------------------------
https://unit42.paloaltonetworks.com/purpleurchin-steals-cloud-resources/
∗∗∗ ProxyNotShell Mitigations K.O. ∗∗∗
---------------------------------------------
Warum ist ProxyNotShell noch ein Thema? Die Schwachstellen wurden doch von Microsoft Anfang November geschlossen? Kurz gesagt, weil sich viele auf die letzte Mitigation von Microsoft verlassen haben, anstatt auf den November-Patch.
---------------------------------------------
https://cert.at/de/blog/2023/1/proxynotshell-mitigations-ko
∗∗∗ The dos and don’ts of ransomware negotiations ∗∗∗
---------------------------------------------
Has your organization suddenly been attacked by a ransomware virus? Take a deep breath and try to remain composed. It can be easy to panic or become overwhelmed in the face of an attack, but it is vital to remain calm and focused in order to make the best decisions for your organization.
---------------------------------------------
https://cybersecurity.att.com/blogs/security-essentials/the-dos-and-donts-of-ransomware-negotiations
∗∗∗ Dridex Returns, Targets MacOS Using New Entry Method ∗∗∗
---------------------------------------------
The Dridex variant we analyzed targets MacOS platforms with a new technique to deliver documents embedded with malicious macros to users.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/a/-dridex-targets-macos-using-new-entry-method.html
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins 2023-01-05 ∗∗∗
---------------------------------------------
AIX, IBM Content Navigator, IBM Maximo Application Suite, IBM Robotic Process Automation, IBM Robotic Process Automation for Cloud Pak, IBM Security Verify Governance, IBM Sterling B2B Integrator, IBM TXSeries for Multiplatforms, IBM Tivoli Network Manager, ITNM, Operations Dashboard, TADDM, IBM Cloud Object Storage Systems
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
∗∗∗ Zoho fixt Datenbank-Lücke in Password Manager Pro und Zugriffskontroll-Software ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für die ManageEngine-Produkte Access Manager Plus, PAM360 und Password Manager Pro.
---------------------------------------------
https://heise.de/-7449108
∗∗∗ Patchday: Kritische Kernel-Lücken bedrohen Android ∗∗∗
---------------------------------------------
Google stellt gegen mögliche Attacken abgesicherte Android-Versionen 10, 11, 12, 12L und 13 zum Download bereit. Angreifer können sich Nutzerrechte verschaffen.
---------------------------------------------
https://heise.de/-7449147
∗∗∗ Fortinet stopft Schadcode-Lücken in Netzwerk-Produkten ∗∗∗
---------------------------------------------
Angreifer könnten unberechtigt unter anderem auf FortiManager zugreifen. Sicherheitsupdates stehen zum Download bereit.
---------------------------------------------
https://heise.de/-7449288
∗∗∗ Sicherheitspatch: Angreifer könnten Systeme mit IBM Tivoli Monitoring übernehmen ∗∗∗
---------------------------------------------
Schwachstellen in mehreren Komponenten bedrohen die System- und Netzwerküberwachungslösung IBM Tivoli Monitoring.
---------------------------------------------
https://heise.de/-7449768
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (binwalk), Oracle (kernel and webkit2gtk3), Red Hat (webkit2gtk3), Slackware (vim), and Ubuntu (libksba and nautilus).
---------------------------------------------
https://lwn.net/Articles/919112/
∗∗∗ Hitachi Energy UNEM ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-23-005-01
∗∗∗ Hitachi Energy FOXMAN-UN ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-23-005-02
∗∗∗ Hitachi Energy Lumada Asset Performance Management ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-23-005-03
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list