Tageszusammenfassung - 28.10.2021

End-of-Day report

Timeframe: Mittwoch 27-10-2021 18:00 - Donnerstag 28-10-2021 18:00 Handler: Wolfgang Menezes Co-Handler: Dimitri Robl

News

QR Codes Help Attackers Sneak Emails Past Security Controls

A recently discovered campaign shows how attackers are constantly developing new techniques to deceive phishing victims.

https://www.darkreading.com/attacks-breaches/qr-codes-help-attackers-sneak-emails-past-security-controls


How we took part in MLSEC and (almost) won

How we took part in the Machine Learning Security Evasion Competition (MLSEC) - a series of trials testing contestants- ability to create and attack machine learning models.

https://securelist.com/how-we-took-part-in-mlsec-and-almost-won/104699/


EU-s Green Pass Vaccination ID Private Key Leaked

The private key used to sign the vaccine passports was leaked and is being passed around to create fake passes for the likes of Mickey Mouse and Adolf Hitler.

https://threatpost.com/eus-green-pass-vaccination-id-private-key-leaked/175857/


New Wslink Malware Loader Runs as a Server and Executes Modules in Memory

Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed "Wslink" by ESET, this previously undocumented malware stands apart from the rest in that it runs as a server and executes received modules in memory.

https://thehackernews.com/2021/10/new-wslink-malware-loader-runs-as.html


Threat profile: Ranzy Locker ransomware

What you need to know about Ranzy Locker ransomware.

https://blog.malwarebytes.com/ransomware/2021/10/threat-profile-ranzy-locker-ransomware/


PSA: Widespread Remote Working Scam Underway

Attackers are posting jobs pretending to be from existing companies and steal money and/or personal information from jobseekers.

https://www.wordfence.com/blog/2021/10/psa-widespread-remote-working-scam-underway/


Trends und Entwicklungen bei Fake-Shops

Fake-Shops gibt es wie Sand am Meer - und auch sie entwickeln sich nach Trends: Von E-Bikes bis zur Playstation5. Diese Trends sind von der Saison, aber auch von Angebot und Nachfrage abhängig. Was die Watchlist Internet im letzten Jahr über Fake-Shop-Trends erfahren hat, lesen Sie hier.

https://www.watchlist-internet.at/news/trends-und-entwicklungen-bei-fake-shops/


Free decrypters released for AtomSilo, Babuk, and LockFile ransomware strains

Antivirus maker and cyber-security firm Avast has released today free decryption utilities to recover files that have been encrypted by three ransomware strains-AtomSilo, Babuk, and LockFile.

https://therecord.media/free-decrypters-released-for-atomsilo-babuk-and-lockfile-ransomware-strains/

Vulnerabilities

Cisco Security Advisories

Cisco hat 19 Security Advisories veröffentlicht. Keines davon wird als "Critical" eingestuft, neun als "High".

https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&lastPublishedStartDate=2021%2F10%2F27&lastPublishedEndDate=2021%2F10%2F28


Security updates for Thursday

Security updates have been issued by openSUSE (salt), Slackware (bind), SUSE (salt), and Ubuntu (php5, php7.0, php7.2, php7.4, php8.0).

https://lwn.net/Articles/874210/


2021 CWE Most Important Hardware Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List. The 2021 Hardware List is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in hardware.

https://us-cert.cisa.gov/ncas/current-activity/2021/10/28/2021-cwe-most-important-hardware-weaknesses