[CERT-daily] Tageszusammenfassung - 03.03.2023

Daily end-of-shift report team at cert.at
Fri Mar 3 18:36:15 CET 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 02-03-2023 18:00 − Freitag 03-03-2023 18:00
Handler:     Robert Waldner
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ FBI and CISA warn of increasing Royal ransomware attack risks ∗∗∗
---------------------------------------------
CISA and the FBI have issued a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-increasing-royal-ransomware-attack-risks/


∗∗∗ Persistence Techniques That Persist ∗∗∗
---------------------------------------------
In this blog post, we will focus on how malware can achieve persistence by abusing the Windows Registry. Specifically, we will focus on lesser-known techniques, many of which have been around since the days of Windows XP and are just as effective today on Windows 10 and 11.
---------------------------------------------
https://www.cyberark.com/resources/threat-research-blog/persistence-techniques-that-persist


∗∗∗ NIST Cybersecurity Framework 2.0: Aktualisierte Leitlinien gegen Cybercrime ∗∗∗
---------------------------------------------
Weil sich die IT-Angriffslandschaft stetig ändert, hat das US-amerikanische Institute of Standards and Technology sein Cybersecurity-Framework aktualisiert.
---------------------------------------------
https://heise.de/-7534206


∗∗∗ FAQ: Welche Cyberangriffe es gibt und wie sich Risiken vermeiden lassen ∗∗∗
---------------------------------------------
Cyberangriffe können jeden betreffen, doch mit ein paar einfachen Maßnahmen können Sie Ihr persönliches Risiko zumindest minimieren.
---------------------------------------------
https://heise.de/-7523370


∗∗∗ Thousands of Websites Hijacked Using Compromised FTP Credentials ∗∗∗
---------------------------------------------
Cybersecurity startup Wiz warns of a widespread redirection campaign in which thousands of websites have been compromised using legitimate FTP credentials.
---------------------------------------------
https://www.securityweek.com/thousands-of-websites-hijacked-using-compromised-ftp-credentials/


∗∗∗ Of Degens and Defrauders: Using Open-Source Investigative Tools to Investigate Decentralized Finance Frauds and Money Laundering. (arXiv:2303.00810v1 [cs.CR]) ∗∗∗
---------------------------------------------
This study demonstrates how open-source investigative tools can extract transaction-based evidence that could be used in a court of law to prosecute DeFi frauds. Additionally, we investigate how these funds are subsequently laundered. 
---------------------------------------------
http://arxiv.org/abs/2303.00810



=====================
=  Vulnerabilities  =
=====================

∗∗∗ IBM Security Bulletins 2023-03-03 ∗∗∗
---------------------------------------------
IBM Cloud Pak, IBM Financial Transaction Manager, Operations Dashboard, IBM App Connect Enterprise Certified Container, IBM Sterling Connect:Express, IBM HTTP Server, IBM Spectrum Control, IBM Aspera Faspex, IBM SAN, IBM Storwize, IBM Spectrum Virtualize, IBM FlashSystem, IBM Maximo, IBM WebSphere Remote Server, IBM Business Automation Workflow, Rational Functional Tester.
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Schadcode-Attacken auf HPE Serviceguard unter Linux möglich ∗∗∗
---------------------------------------------
Die Entwickler haben in Serviceguard for Linux von HPE drei Sicherheitslücken geschlossen. Abgesicherte Version stehen zum Download bereit.
---------------------------------------------
https://heise.de/-7534361


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (linux-5.10 and node-css-what), SUSE (gnutls, google-guest-agent, google-osconfig-agent, nodejs10, nodejs14, nodejs16, opera, pkgconf, python-cryptography, python-cryptography-vectors, rubygem-activesupport-4_2, thunderbird, and tpm2-0-tss), and Ubuntu (git, kernel, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-ibm, linux-lowlatency, linux-oracle, linux-azure-fde, linux-oem-5.14, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, php7.0, python-pip, ruby-rack, spip, and sudo).
---------------------------------------------
https://lwn.net/Articles/925060/


∗∗∗ Lücken in Intel-CPUs: Microsoft veröffentlicht außerplanmäßiges Sicherheitsupdate ∗∗∗
---------------------------------------------
Es soll insgesamt vier Lücken stopfen. Die Schwachstellen sind allerdings schon seit Juni 2022 bekannt. Betroffen sind Windows 10, Windows 11 und Windows Server.
---------------------------------------------
https://www.zdnet.de/88407530/luecken-in-intel-cpus-microsoft-veroeffentlicht-ausserplanmaessiges-sicherheitsupdate/


∗∗∗ [R1] Nessus Version 10.5.0 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-09


∗∗∗ BOSCH-SA-931197: Vulnerability in routers FL MGUARD and TC MGUARD ∗∗∗
---------------------------------------------
https://psirt.bosch.com/security-advisories/bosch-sa-931197.html


∗∗∗ SonicOS SSLVPN Improper Restriction of Excessive MFA Attempts Vulnerability ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005


∗∗∗ SonicOS Unauthenticated Stack-Based Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list