Tageszusammenfassung - 07.01.2022

End-of-Day report

Timeframe: Mittwoch 05-01-2022 18:00 - Freitag 07-01-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

Google Docs commenting feature exploited for spear-phishing

A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy.

https://www.bleepingcomputer.com/news/security/google-docs-commenting-feature-exploited-for-spear-phishing/

Night Sky is the latest ransomware targeting corporate networks

Its a new year, and with it comes a new ransomware to keep an eye on called Night Sky that targets corporate networks and steals data in double-extortion attacks.

https://www.bleepingcomputer.com/news/security/night-sky-is-the-latest-ransomware-targeting-corporate-networks/

New Mac Malware Samples Underscore Growing Threat

A handful of malicious tools that emerged last year showed threat actors may be getting more serious about attacking Apple macOS and iOS environments.

https://www.darkreading.com/vulnerabilities-threats/new-mac-malware-samples-underscore-growing-threat

Custom Python RAT Builder, (Fri, Jan 7th)

This week I already wrote a diary about "code reuse" in the malware landscape but attackers also have plenty of tools to generate new samples on the fly.

https://isc.sans.edu/diary/rss/28224

NIST Cybersecurity Framework: A Quick Guide for SaaS Security Compliance

When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology (NIST). From the latest password requirements (NIST 800-63) to IoT security for manufacturers (NISTIR 8259), NIST is always the starting point.

https://thehackernews.com/2022/01/nist-cybersecurity-framework-quick.html

iPhone-Angriff: Hacker könnten Reboot verunmöglichen

Malware wie die iOS-Version der Spyware Pegasus gehen nach einem Neustart verloren. Dieser lässt sich allerdings unterbinden, wie eine Sicherheitsfirma zeigt.

https://heise.de/-6319430

Patchday Android: Angreifer könnten sich weitreichende Berechtigungen aneignen

Google und weitere Smartphone-Hersteller haben wichtige Sicherheitsupdates für Android 9, 10, 11 und 12 veröffentlicht.

https://heise.de/-6320248

Vermeintlicher Amazon-Kundendienst verschickt betrügerische Mails zu Kundenprämienprogramm

LeserInnen melden uns derzeit eine E-Mail, die angeblich vom Amazon-Kundendienst stammt. Tatsächlich stecken Kriminelle dahinter.

https://www.watchlist-internet.at/news/vermeintlicher-amazon-kundendienst-verschickt-betruegerische-mails-zu-kundenpraemienprogramm/

Vulnerabilities

QNAP warns of ransomware targeting Internet-exposed NAS devices

QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks.

https://www.bleepingcomputer.com/news/security/qnap-warns-of-ransomware-targeting-internet-exposed-nas-devices/

NHS warns of hackers exploiting Log4Shell in VMware Horizon

UKs National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits.

https://www.bleepingcomputer.com/news/security/nhs-warns-of-hackers-exploiting-log4shell-in-vmware-horizon/

Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console

Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month.

https://thehackernews.com/2022/01/log4shell-like-critical-rce-flaw.html

IBM Security Bulletins

IBM hat 36 Security Bulletins veröffentlicht

https://www.ibm.com/blogs/psirt/

Sicherheitsupdate: Angreifer könnten sich auf WordPress-Websites einnisten

In der aktuellen Version des Content Management System WordPress haben die Entwickler vier Sicherheitslücken geschlossen.

https://heise.de/-6320363

Security updates for Thursday

Security updates have been issued by Fedora (log4j and quaternion), Mageia (gnome-shell and singularity), SUSE (libsndfile, libvirt, net-snmp, and python-Babel), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oracle, linux-oracle-5.11, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, [...]

https://lwn.net/Articles/880564/

Security updates for Friday

Security updates have been issued by Debian (sphinxsearch), Fedora (chromium and vim), Red Hat (rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon), and Ubuntu (apache2 and webkit2gtk).

https://lwn.net/Articles/880672/

January 5, 2022 TNS-2022-01 [R1] Tenable.sc 5.20.0 Fixes Multiple Vulnerabilities

http://www.tenable.com/security/tns-2022-01

January 5, 2022 TNS-2022-02 [R1] Nessus Network Monitor 6.0.0 Fixes Multiple Third-party Vulnerabilities

http://www.tenable.com/security/tns-2022-02

VMware Tanzu Spring Framework: Schwachstelle ermöglicht Manipulation von Log-Dateien

http://www.cert-bund.de/advisoryshort/CB-K22-0006