[CERT-daily] Tageszusammenfassung - 30.06.2023
Daily end-of-shift report
team at cert.at
Fri Jun 30 18:37:05 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 29-06-2023 18:00 − Freitag 30-06-2023 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Torrent of image-based phishing emails are harder to detect and more convincing ∗∗∗
---------------------------------------------
The arms race between scammers and defenders continues.
---------------------------------------------
https://arstechnica.com/?p=1951208
∗∗∗ Spamdexing: What is SEO Spam & How to Remove It ∗∗∗
---------------------------------------------
Ever had an uninvited guest crash your party, resulting in chaos, confusion, and some unhappy visitors? Well, SEO spam is that party crasher - just for websites. Why should you care, you ask? Well, just imagine your meticulously crafted website content being replaced with unsolicited ads for services and products that would make your grandma blush. Or even worse, your loyal site visitors being redirected to shady third party websites. Not the picture of ideal user experience,
---------------------------------------------
https://blog.sucuri.net/2023/06/spamdexing-what-is-seo-spam.html
∗∗∗ Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign ∗∗∗
---------------------------------------------
An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer (P2P) proxy network, such as Peer2Profit or Honeygain," Akamai researcher Allen West said [...]
---------------------------------------------
https://thehackernews.com/2023/06/cybercriminals-hijacking-vulnerable-ssh.html
∗∗∗ Its 2023 and memory overwrite bugs are not just a thing, theyre still number one ∗∗∗
---------------------------------------------
Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISAs must-patch list The most dangerous type of software bug is the out-of-bounds write, according to MITRE this week. This type of flaw is responsible for 70 CVE-tagged holes in the US governments list of known vulnerabilities that are under active attack and need to be patched, we note.
---------------------------------------------
https://go.theregister.com/feed/www.theregister.com/2023/06/29/cwe_top_25_2023/
∗∗∗ Router-Malware: Aktuelle Kampagne des Mirai-Botnet greift viele Lücken an ∗∗∗
---------------------------------------------
Das Mirari-Botnet ist weiter aktiv. Die Drahtzieher nutzen in einer aktuellen Kampagne zahlreiche Sicherheitslücken, um diverse Internetrouter zu infizieren.
---------------------------------------------
https://heise.de/-9203406
∗∗∗ 200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin ∗∗∗
---------------------------------------------
Attackers exploit critical vulnerability in the Ultimate Member plugin to create administrative accounts on WordPress websites.
---------------------------------------------
https://www.securityweek.com/200000-wordpress-sites-exposed-to-attacks-exploiting-flaw-in-ultimate-member-plugin/
∗∗∗ Neue browserbasierte Social-Engineering-Trends ∗∗∗
---------------------------------------------
Report von WatchGuard Threat Lab: Angreifer nutzen neue Wege, um im Internet surfende Anwender auszutricksen.
---------------------------------------------
https://www.zdnet.de/88410262/neue-browserbasierte-social-engineering-trends/
∗∗∗ Malware Execution Method Using DNS TXT Record ∗∗∗
---------------------------------------------
AhnLab Security Emergency response Center (ASEC) has confirmed instances where DNS TXT records were being utilized during the execution process of malware. This is considered meaningful from various perspectives, including analysis and detection as this method has not been widely utilized as a means of executing malware.
---------------------------------------------
https://asec.ahnlab.com/en/54916/
∗∗∗ Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator ∗∗∗
---------------------------------------------
We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.
---------------------------------------------
https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html
∗∗∗ Decrypted: Akira Ransomware ∗∗∗
---------------------------------------------
Researchers for Avast have developed a decryptor for the Akira ransomware and released it for public download. The Akira ransomware appeared in March 2023 and since then, the gang claims successful attacks on various organizations in the education, finance and real estate industries, amongst others.
---------------------------------------------
https://decoded.avast.io/threatresearch/decrypted-akira-ransomware/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (docker-registry, flask, systemd, and trafficserver), Fedora (moodle, python-reportlab, suricata, and vim), Red Hat (go-toolset and golang, go-toolset-1.19 and go-toolset-1.19-golang, go-toolset:rhel8, open-vm-tools, python27:2.7, and python3), SUSE (buildah, chromium, gifsicle, libjxl, sqlite3, and xonotic), and Ubuntu (linux, linux-allwinner, linux-allwinner-5.19, linux-aws, linux-aws-5.19, linux-azure, linux-gcp, linux-gcp-5.19, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux-starfive, linux-starfive-5.19, linux, linux-aws, linux-aws-5.15, linux-aws-5.4, linux-azure, linux-azure-5.15, linux-azure-5.4, linux-azure-fde-5.15, linux-bluefield, linux-gcp, linux-gcp-5.15, linux-gcp-5.4, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, and linux-oem-6.1).
---------------------------------------------
https://lwn.net/Articles/936949/
∗∗∗ Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-23
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list