End-of-Day report
Timeframe: Dienstag 04-01-2022 18:00 - Mittwoch 05-01-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
iOS malware can fake iPhone shut downs to snoop on camera, microphone
Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection.
https://www.bleepingcomputer.com/news/security/ios-malware-can-fake-iphone-shut-downs-to-snoop-on-camera-microphone/
Code Reuse In the Malware Landscape, (Wed, Jan 5th)
Code re-use is classic behavior for many developers and this looks legit: Why reinvent the wheel if you can find some pieces of code that do what you are trying to achieve?
https://isc.sans.edu/diary/rss/28216
New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification
An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and Microsofts digital signature verification to siphon user credentials and sensitive information.
https://thehackernews.com/2022/01/new-zloader-banking-malware-campaign.html
Elephant Beetle: Uncovering an organized financial-theft operation
Using an arsenal of over 80 unique tools & scripts, the group executes its attacks patiently over long periods of time, blending in with the target-s environment and going completely undetected while it quietly liberates organizations of large amounts of money.
https://blog.sygnia.co/elephant-beetle-an-organized-financial-theft-operation
-Media Markt Exclusive Giveaway- Aktion ist Fake!
Auf Facebook werden derzeit Links zu einer nachgeahmten Media Markt Seite verbreitet. Dort heißt es, dass Media Markt landesweit Filialen schließt und daher eine -Online-Aktion- durchführt. KonsumentInnen hätten so die Chance, Produkte wie iPhones, Macbooks, Playstations und mehr günstig zu kaufen. Wer bei dieser Aktion mitmacht, verliert jedoch Geld und erhält keine der versprochenen Produkte.
https://www.watchlist-internet.at/news/media-markt-exclusive-giveaway-aktion-ist-fake/
Malware Reverse Engineering for Beginners - Part 1: From 0x0
Malware researchers require a diverse skill set usually gained over time through experience and self-training. Reverse engineering (RE) is an integral part of malware analysis and research but it is also one of the most advanced skills a researcher can have.
https://www.intezer.com/blog/malware-analysis/malware-reverse-engineering-beginners/
Vulnerabilities
IBM Security Bulletins 2022-01-05
IBM hat 26 Security Bulletins veröffentlicht.
https://www.ibm.com/blogs/psirt/
VMware-Sicherheitsupdates: Virtuelles CD-ROM-Laufwerk als Angreifer-Schlupfloch
VMware warnt vor einer Lücke in seinen Anwendungen für virtuelle Maschinen Cloud Foundation, ESXi, Fusion und Workstation. Einige Patches fehlen noch.
https://heise.de/-6318269
Sicherheitspatches: Angreifer könnten Datenbanken in IBM Db2 manipulieren
IBM hat Sicherheitslücken in mehreren Anwendungen wie Cloud Private, Db2 und Elastic Search geschlossen. Außerdem gibt es Neuigkeiten zu Log4j-Anfälligkeiten.
https://heise.de/-6318740
Entwickler schließen 37 Sicherheitslücken in Chrome 97
Die Vorgängerversion von Chrome 97 enthielt mindestens eine kritische Sicherheitslücke. Angreifer hätten vermutlich eingeschleusten Code ausführen können.
https://heise.de/-6318885
Security updates for Wednesday
Security updates have been issued by CentOS (xorg-x11-server), Debian (apache2), openSUSE (libvirt), Oracle (grafana, qemu, and xorg-x11-server), Red Hat (idm:DL1, samba, and telnet), SUSE (libvirt), and Ubuntu (python-django).
https://lwn.net/Articles/880454/
Google Patches 48 Vulnerabilities With First Set of 2022 Android Updates
Google this week published information on the first set of 2022 security updates for Android, describing a total of 48 vulnerabilities that were addressed across Android OS, Pixel devices, and Android Automotive OS.
https://www.securityweek.com/google-patches-48-vulnerabilities-first-set-2022-android-updates
K10396196: Linux RPM vulnerability CVE-2021-20271
https://support.f5.com/csp/article/K10396196
WAGO: Smart Script affected by Log4Shell Vulnerability
http://cert.vde.com/de/advisories/VDE-2021-060/