Tageszusammenfassung - 01.10.2021

End-of-Day report

Timeframe: Donnerstag 30-09-2021 18:00 - Freitag 01-10-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer

News

Hydra malware targets customers of Germanys second largest bank

The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germanys second-largest financial institution.

https://www.bleepingcomputer.com/news/security/hydra-malware-targets-customers-of-germanys-second-largest-bank/


Flubot Android malware now spreads via fake security updates

The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections.

https://www.bleepingcomputer.com/news/security/flubot-android-malware-now-spreads-via-fake-security-updates/


Hackers rob thousands of Coinbase customers using MFA flaw

Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the companys SMS multi-factor authentication security feature.

https://www.bleepingcomputer.com/news/security/hackers-rob-thousands-of-coinbase-customers-using-mfa-flaw/


New Tool to Add to Your LOLBAS List: cvtres.exe , (Fri, Oct 1st)

LOLBAS (-Living Off the Land Binaries And Scripts-) is a list of tools[1] that are present on any Windows system because they are provided by Microsoft as useful tools to perform system maintenance, updates, etc. This list is maintained and upgraded regularly. This is a good starting point when you need to investigate suspicious processes activity on a system (proactively or in forensics investigation).

https://isc.sans.edu/diary/27892


Introduction to ICS Security Part 3

In part 3 of the Introduction to ICS blog series, Stephan Mathezer discusses Remote Access Connections into ICS, examines why they here to stay, and reviews the best practices for securing them.

https://www.sans.org/blog/introduction-to-ics-security-part-3/


Android Trojan GriftHorse, the gift horse you definitely should look in the mouth

The GriftHorse Android Trojan is a widespread campaign with millions of victims in over 70 countries.

https://blog.malwarebytes.com/android/2021/09/android-trojan-grifthorse-the-gift-horse-you-definitely-should-look-in-the-mouth/


ESET Threat Report T2 2021

Unsere Sicherheitsforscher analysieren die Cybersicherheitslage und die ESET-Telemetriedaten im zweiten Drittel des Jahres 2021.

https://www.welivesecurity.com/deutsch/2021/09/30/eset-threat-report-t2-2021/


Heute startet der Europäische Monat der Cyber-Sicherheit!

Wie jedes Jahr steht auch heuer der Oktober ganz im Zeichen der Cyber-Sicherheit. Auch Österreich nimmt wieder an der EU-weiten Kampagne -European Cyber Security Month- (ESCM) teil. Ziel ist es, das Bewusstsein über die Risiken im Netz zu stärken und gezielt Informationen zur IT-Sicherheit zu verbreiten.

https://www.watchlist-internet.at/news/heute-startet-der-europaeische-monat-der-cyber-sicherheit/


Credential Harvesting at Scale Without Malware

Email credential harvesting can lead to business email compromise and ransomware. Often, attackers simply ask for victims- credentials.

https://unit42.paloaltonetworks.com/credential-harvesting/


Fortinet, Shopify and more report issues after root CA certificate from Lets Encrypt expires

Experts had been warning for weeks that there would be issues resulting from the expiration of root CA certificates provided by Lets Encrypt.

https://www.zdnet.com/article/fortinet-shopify-others-report-issues-after-root-ca-certificate-from-lets-encrypt-expires/


Vulnerabilities

IBM Security Bulletins

IBM hat 11 Security Bulletins veröffentlicht.

https://www.ibm.com/blogs/psirt/


Security updates for Friday

Security updates have been issued by Debian (curl, krb5, openssl1.0, and taglib), Fedora (cifs-utils), SUSE (libqt5-qtbase and rubygem-activerecord-4_2), and Ubuntu (linux-raspi, linux-raspi-5.4 and linux-raspi2).

https://lwn.net/Articles/871564/


Google Patches Two More Exploited Zero-Day Vulnerabilities in Chrome

Google on Thursday announced the rollout of a Chrome update to address four security vulnerabilities, including two that are already being exploited in the wild.

https://www.securityweek.com/google-patches-two-more-exploited-zero-day-vulnerabilities-chrome


Command Injection Vulnerability in QVR

https://www.qnap.com/en-us/security-advisory/QSA-21-38


Stored XSS Vulnerabilities in Photo Station

https://www.qnap.com/en-us/security-advisory/QSA-21-41


Stored XSS Vulnerability in Photo Station

https://www.qnap.com/en-us/security-advisory/QSA-21-42


Stored XSS Vulnerability in Image2PDF

https://www.qnap.com/en-us/security-advisory/QSA-21-43