Tageszusammenfassung - 14.10.2022

End-of-Day report

Timeframe: Donnerstag 13-10-2022 18:00 - Freitag 14-10-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Robert Waldner

News

Infostealer: Was ist das, wie werden sie verbreitet und wie lassen sie sich aufhalten?

Infostealer sind eine schädliche Software, die darauf ausgelegt ist, Ihre vertraulichen Daten zu stehlen. Hier erfahren Sie, was genau sie sind, wie sie verbreitet werden und wie sie sich aufhalten lassen.

https://blog.emsisoft.com/de/41944/infostealer-was-ist-das-wie-werden-sie-verbreitet-und-wie-lassen-sie-sich-aufhalten/

Magniber ransomware now infects Windows users via JavaScript files

A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates.

https://www.bleepingcomputer.com/news/security/magniber-ransomware-now-infects-windows-users-via-javascript-files/

What the Uber Hack can teach us about navigating IT Security

The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security.

https://www.bleepingcomputer.com/news/security/what-the-uber-hack-can-teach-us-about-navigating-it-security/

Microsoft 365 Message Encryption Can Leak Sensitive Info

The default email encryption used in Microsoft Offices cloud version is leaky, which the company acknowledged but said it wouldnt fix.

https://www.darkreading.com/application-security/microsoft-365-message-encryption-can-leak-sensitive-info

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you have Cobalt Strike [...]

https://msrc-blog.microsoft.com/2022/10/13/hunting-for-cobalt-strike-mining-and-plotting-for-fun-and-profit/

Improvements in Security Update Notifications Delivery - And a New Delivery Method

At MSRC, we are passionate about ensuring our customers have a positive experience when they use the Microsoft Security Update Guide (SUG). A big part of improving that experience is ensuring that customers have timely and easily accessible notifications. As such we have two important announcements to share about changes to the way we provide notifications.

https://msrc-blog.microsoft.com/2022/10/12/14921/

Analysis of a Malicious HTML File (QBot), (Thu, Oct 13th)

Reader Eric submitted a malicious HTML page that contains BASE64 images with malware.

https://isc.sans.edu/diary/rss/29146

Firefoxs New Service Gives You a Burner Phone Number To Cut Down on Spam

Firefox Relay, a Mozilla service designed to hide your "real" email address by giving you virtual ones to hand out, is expanding to offer virtual phone numbers. From a report: In a blog post Mozilla product manager Tony Amaral-Cinotto explains that the relay service generates a phone number for you to give out to companies if you suspect they might use it to send you spam messages in the future, or if you think they might share it with others who will.

https://news.slashdot.org/story/22/10/13/1124240/firefoxs-new-service-gives-you-a-burner-phone-number-to-cut-down-on-spam

PiRogue Tool Suite Mobile forensic & network analysis on a Raspberry Pie

PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting mobile devices both Android and iOS, internet of things devices (devices that are connected to the user mobile apps), and in general any device using wi-fi to connect to the Internet.

https://pts-project.org/

PoC Published for Fortinet Vulnerability as Mass Exploitation Attempts Begin

Details and a proof-of-concept (PoC) exploit have been published for the recent Fortinet vulnerability tracked as CVE-2022-40684, just as cybersecurity firms are seeing what appears to be the start of mass exploitation attempts.

https://www.securityweek.com/poc-published-fortinet-vulnerability-mass-exploitation-attempts-begin

Ransom Cartel Ransomware: A Possible Connection With REvil

Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview.

https://unit42.paloaltonetworks.com/ransom-cartel-ransomware/

Seven tips to run effective security awareness campaigns

Planning large-scale security awareness campaigns throws up many questions to grapple with. How can you make sure your campaign reaches the right people? What-s the best way to inspire them to take action? And how do you run a security awareness campaign so realistic it gets banned by the national post office?

https://connect.geant.org/2022/10/14/seven-tips-to-run-effective-security-awareness-campaigns

Shodan Verified Vulns 2022-10-01

Mit Stand 2022-10-01 sieht Shodan in Österreich die folgenden Schwachstellen: [...]

https://cert.at/de/aktuelles/2022/10/shodan-verified-vulns-2022-10-01

Vulnerabilities

IBM Security Bulletins

IBM Performance Management, IBM Watson Discovery for IBM Cloud Pak for Data, IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data, IBM Cloud Pak System

https://www.ibm.com/blogs/psirt/

Security updates for Friday

Security updates have been issued by Debian (chromium), Fedora (dbus, dhcp, expat, kernel, thunderbird, vim, and weechat), Mageia (libofx, lighttpd, mediawiki, and python), Oracle (.NET 6.0 and .NET Core 3.1), Slackware (python3), SUSE (chromium, kernel, libosip2, python-Babel, and python-waitress), and Ubuntu (gThumb, heimdal, linux-aws, linux-gcp-4.15, linux-aws-hwe, linux-gcp, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, postgresql-9.5, and xmlsec1).

https://lwn.net/Articles/911168/

Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service

This advisory contains mitigations for Allocation of Resources Without Limits or Throttling and Code Injection vulnerabilities in versions of Hitachi Energy Lumada Asset Performance Manager (APM) software.

https://us-cert.cisa.gov/ics/advisories/icsa-22-286-05

OpenSSL Infinite loop when parsing certificates CVE-2022-0778

Version: 1.7, Date: 14-Oct-2022, Description: Fixed product(s) lists are updated: GMS, Analytics, SonicWave, SonicSwitch, Connect Tunnel Client.

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002

Joomla KSAdvertiser 2.5.37 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022100035

Android App "IIJ SmartKey" vulnerable to information disclosure

https://jvn.jp/en/jp/JVN74534998/

Pulse Secure Pulse Connect Secure: Mehrere Schwachstellen ermöglichen Denial of Service

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1717