Tageszusammenfassung - 16.08.2021
End-of-Day report
Timeframe: Freitag 13-08-2021 18:00 - Montag 16-08-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan RichterNews
Keine Panik nach Ransomware-Angriff
Sieben Maßnahmen, die Opfer während oder nach einem erfolgreichen Ransomware-Angriff ergreifen sollten, schildert Daniel Clayton, Vice President of Global Services and Support bei Bitdefender, in einem Gastbeitrag. https://www.zdnet.de/88396234/keine-panik-nach-ransomware-angriff/USA: 100 Millionen T-Mobile-Kunden von Datenleck betroffen
Kriminelle haben Server von T-Mobile gehackt und umfangreiche Kundendaten kopiert. Diese bieten sie nun zum Verkauf an. https://www.golem.de/news/usa-100-millionen-t-mobile-kunden-von-datenleck-betroffen-2108-158909-rss.htmlMicrosoft Teams korrekt absichern - Teil 2
Wie die Absicherung der beliebten Kollaborations-Software am besten gelingt, schildert Bert Skorupski, Senior Manager Sales Engineering bei Quest Software, im zweiten Teil seines Gastbeitrages. https://www.zdnet.de/88396232/microsoft-teams-korrekt-absichern-teil-2/Firewalls and middleboxes can be weaponized for gigantic DDoS attacks
In an award-winning paper today, academics said they discovered a way to abuse the TCP protocol, firewalls, and other network middleboxes to launch giant distributed denial of service (DDoS) attacks against any target on the internet. https://therecord.media/firewalls-and-middleboxes-can-be-weaponized-for-gigantic-ddos-attacks/The sextortion Scams: The Numbers Show That What We Have Is A Failure Of Education
Subject: Your account was under attack! Change your credentials! [...] Did you receive a message phrased more or less like that, which then went on to say that they have a video of you performing an embarrasing activity while visiting an "adult" site, which they will send to all your contacts unless you buy Bitcoin and send to a specific ID? The good news is that the video does not exist. I know this, because neither does our friend Adnan here. https://bsdly.blogspot.com/2020/02/the-sextortion-scams-numbers-show-that.htmlWindows 365 exposes Microsoft Azure credentials in plaintext
A security researcher has figured out a way to dump a users unencrypted plaintext Microsoft Azure credentials from Microsofts new Windows 365 Cloud PC service using Mimikatz. https://www.bleepingcomputer.com/news/microsoft/windows-365-exposes-microsoft-azure-credentials-in-plaintext/Colonial Pipeline reports data breach after May ransomware attack
Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. https://www.bleepingcomputer.com/news/security/colonial-pipeline-reports-data-breach-after-may-ransomware-attack/Simple Tips For Triage Of MALWARE Bazaars Daily Malware Batches, (Sun, Aug 15th)
I was asked for tips to triage MALWARE Bazaar's daily malware batches. On Linux / macOS, you can unzip a malware batch and triage it with the file command. There is no file command on Windows, but there are Windows versions you can install, and you can also use my file-magic tool (it's a Python tool that uses Python module python-magic-bin). https://isc.sans.edu/diary/rss/27750Discovering CAPTCHA Protected Phishing Campaigns
CAPTCHA-protected phishing campaigns are becoming more popular. We share techniques to detect malicious content despite these evasions. https://unit42.paloaltonetworks.com/captcha-protected-phishing/Trickbot Deploys a Fake 1Password Installer
Over the past years, Trickbot has established itself as modular and multifunctional malware. Initially focusing on bank credential theft, the Trickbot operators have extended its capabilities. https://thedfirreport.com/2021/08/16/trickbot-deploys-a-fake-1password-installer/Vulnerabilities
Security Advisories for COMMAX Products
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5667.phphttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5666.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5664.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5663.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5662.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5660.php https://www.zeroscience.mk/en/vulnerabilities/