[CERT-daily] Tageszusammenfassung - 17.03.2023
Daily end-of-shift report
team at cert.at
Fri Mar 17 18:26:40 CET 2023
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 16-03-2023 18:00 − Freitag 17-03-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Adobe Acrobat Sign abused to push Redline info-stealing malware ∗∗∗
---------------------------------------------
Cybercriminals are abusing Adobe Acrobat Sign, an online document signing service, to distribute info-stealing malware to unsuspecting users.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/adobe-acrobat-sign-abused-to-push-redline-info-stealing-malware/
∗∗∗ Hitachi Energy confirms data breach after Clop GoAnywhere attacks ∗∗∗
---------------------------------------------
Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hitachi-energy-confirms-data-breach-after-clop-goanywhere-attacks/
∗∗∗ How to Google Dork a Specific Website for Hacking ∗∗∗
---------------------------------------------
You might pride yourself on being savvy in cyber security but be prepared for surprises if you test the Google dorks provided. Done right, these Google dorks can identify high-priority vulnerabilities you can investigate further using penetration testing tools.
---------------------------------------------
https://www.stationx.net/how-to-google-dork-a-specific-website/
∗∗∗ Chaos Malware Quietly Evolves Persistence and Evasion Techniques ∗∗∗
---------------------------------------------
The name Chaos is being used for a ransomware strain, a remote access trojan (RAT), and now a DDoS malware variant too. Talk about chaos! In this case, Sysdig’s Threat Research Team captured attacks using the Chaos variant of the Kaiji botnet malware. There is very little reported information on this malware since September 2022, perhaps because of the unfortunately chaotic naming, or simply because it is relatively new.
---------------------------------------------
https://sysdig.com/blog/chaos-malware-persistence-evasion-techniques/
∗∗∗ Free decryptor released for Conti-based ransomware following data leak ∗∗∗
---------------------------------------------
Security researchers have released a new decryption tool that should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free.
---------------------------------------------
https://www.tripwire.com/state-of-security/free-decryptor-released-conti-based-ransomware-following-data-leak
∗∗∗ Phishing-Welle: Vorsicht vor Fake Disney+ Mails ∗∗∗
---------------------------------------------
Sie haben ein E-Mail erhalten, in dem Disney+ Sie darauf hinweist, dass eine Zahlung fehlgeschlagen ist? Löschen Sie die Nachricht oder schieben Sie sie in den SPAM-Ordner – es handelt sich um einen Phishing-Versuch! Die E-Mails werden mit dem Betreff „Aussetzung Ihres Disney+ Kontos“ oder „Sperrung Ihres Disney+ Kontos“ massenhaft verschickt!
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-welle-vorsicht-vor-fake-disney-mails/
∗∗∗ #StopRansomware: LockBit 3.0 ∗∗∗
---------------------------------------------
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a
∗∗∗ Windows 10/11: Microsoft veröffentlicht Script für den WinRE BitLocker Bypass-Fix ∗∗∗
---------------------------------------------
Seit November 2022 ist bekannt, dass es eine Bitlocker-Bypass-Schwachstelle CVE-2022-41099 im Windows Recovery Environment (WinRE) gibt. Das Patchen ist aber alles andere als einfach.
---------------------------------------------
https://www.borncity.com/blog/2023/03/17/windows-10-11-microsoft-verffentlicht-script-fr-den-winre-bitlocker-bypass-fix/
∗∗∗ ShellBot Malware Being Distributed to Linux SSH Servers ∗∗∗
---------------------------------------------
AhnLab Security Emergency response Center (ASEC) has recently discovered the ShellBot malware being installed on poorly managed Linux SSH servers. ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server.
---------------------------------------------
https://asec.ahnlab.com/en/49769/
∗∗∗ Debugging D-Link: Emulating firmware and hacking hardware ∗∗∗
---------------------------------------------
GreyNoise researchers explain the process of gaining a foothold in firmware or a physical device for vulnerability research and achieving a debuggable interface.
---------------------------------------------
https://www.greynoise.io/blog/debugging-d-link-emulating-firmware-and-hacking-hardware
=====================
= Vulnerabilities =
=====================
∗∗∗ Exynos: Google findet schwerwiegende Zero Days in Samsung-Chips ∗∗∗
---------------------------------------------
Die betroffenen Geräte lassen sich über das Internet hacken, darunter Smartphones von Samsung, Google und Vivo sowie Wearables und Autos.
---------------------------------------------
https://www.golem.de/news/exynos-google-findet-schwerwiegende-zero-days-in-samsung-chips-2303-172724.html
∗∗∗ Honeywell OneWireless Wireless Device Manager ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-06
∗∗∗ Rockwell Automation Modbus TCP AOI Server ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-07
∗∗∗ Omron CJ1M PLC ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01
∗∗∗ AVEVA Plant SCADA and AVEVA Telemetry Server ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-04
∗∗∗ Autodesk FBX SDK ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-02
∗∗∗ [R1] Sensor Proxy Version 1.0.7 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-15
∗∗∗ IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957836
∗∗∗ IBM Cognos Command Center is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6555376
∗∗∗ InfoSphere Identity Insight vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963974
∗∗∗ Security Vulnerabilities in moment, ansi-regex, Node.js, and minimatch may affect IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management (CVE-2022-31129, CVE-2022-24785, CVE-2021-3807, CVE-2022-29244, CVE-2022-3517) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6956237
∗∗∗ IBM App Connect Enterprise & IBM Integration Bus are vulnerable to a denial of service due to node.js module qs [CVE-2022-24999] ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6964166
∗∗∗ Vulnerabilities in IBM Db2, IBM Java Runtime, and Golang Go may affect IBM Spectrum Protect Server (CVE-2022-21626, CVE-2022-41717, CVE-2022-43929, CVE-2022-43927, CVE-2022-43930) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963640
∗∗∗ Vulnerability in Java SE may affect IBM Spectrum Protect Operations Center (CVE-2022-21626) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6963642
∗∗∗ IBM Sterling Control Center is vulnerable to denial of service due to Node.js Angular (CVE-2022-25844) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6964174
∗∗∗ IBM Sterling Control Center is vulnerable to denial of service due to Apache commons-fileupload (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6964176
∗∗∗ AIX is vulnerable to denial of service vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6847947
∗∗∗ IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6957836
∗∗∗ AIX is vulnerable to a denial of service due to lpd (CVE-2022-43382) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848309
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list