Tageszusammenfassung - 30.12.2021
End-of-Day report
Timeframe: Mittwoch 29-12-2021 18:00 - Donnerstag 30-12-2021 18:00 Handler: Robert Waldner Co-Handler: Thomas PribitzerNews
Hiding malware inside the flex capacity space on modern SSDs
Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location thats beyond the reach of the user and security solutions.Agent Tesla Updates SMTP Data Exfiltration Technique, (Thu, Dec 30th)
Agent Tesla is a Windows-based keylogger and RAT that commonly uses SMTP or FTP to exfiltrate stolen data. This malware has been around since 2014, and SMTP is its most common method for data exfiltration.https://isc.sans.edu/diary/rss/28190
LastPass Automated Warnings Linked to -Credential Stuffing- Attack
Users of the popular LastPass password manager are being targeted in so-called -credential stuffing- attacks that use email addresses and passwords obtained from third-party breaches.Android 12: Samsung überrascht zum Jahresende mit regelrechter Update-Flut
Updates für praktisch alle High-End-Smartphones der vergangenen drei Jahre veröffentlicht. Selbst erste Tablets werden schon bedient.Vulnerabilities
Security updates for Thursday
Security updates have been issued by Debian (advancecomp, apache-log4j2, postgis, spip, uw-imap, and xorg-server), Mageia (kernel and kernel-linus), Scientific Linux (log4j), and SUSE (kernel-firmware and mariadb).https://lwn.net/Articles/880039/