End-of-Day report
Timeframe: Donnerstag 13-10-2022 18:00 - Freitag 14-10-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Robert Waldner
News
Infostealer: Was ist das, wie werden sie verbreitet und wie lassen sie sich aufhalten?
Infostealer sind eine schädliche Software, die darauf ausgelegt ist, Ihre vertraulichen Daten zu stehlen. Hier erfahren Sie, was genau sie sind, wie sie verbreitet werden und wie sie sich aufhalten lassen.
https://blog.emsisoft.com/de/41944/infostealer-was-ist-das-wie-werden-sie-verbreitet-und-wie-lassen-sie-sich-aufhalten/
Magniber ransomware now infects Windows users via JavaScript files
A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates.
https://www.bleepingcomputer.com/news/security/magniber-ransomware-now-infects-windows-users-via-javascript-files/
What the Uber Hack can teach us about navigating IT Security
The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security.
https://www.bleepingcomputer.com/news/security/what-the-uber-hack-can-teach-us-about-navigating-it-security/
Microsoft 365 Message Encryption Can Leak Sensitive Info
The default email encryption used in Microsoft Offices cloud version is leaky, which the company acknowledged but said it wouldnt fix.
https://www.darkreading.com/application-security/microsoft-365-message-encryption-can-leak-sensitive-info
Hunting for Cobalt Strike: Mining and plotting for fun and profit
Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you have Cobalt Strike [...]
https://msrc-blog.microsoft.com/2022/10/13/hunting-for-cobalt-strike-mining-and-plotting-for-fun-and-profit/
Improvements in Security Update Notifications Delivery - And a New Delivery Method
At MSRC, we are passionate about ensuring our customers have a positive experience when they use the Microsoft Security Update Guide (SUG). A big part of improving that experience is ensuring that customers have timely and easily accessible notifications. As such we have two important announcements to share about changes to the way we provide notifications.
https://msrc-blog.microsoft.com/2022/10/12/14921/
Analysis of a Malicious HTML File (QBot), (Thu, Oct 13th)
Reader Eric submitted a malicious HTML page that contains BASE64 images with malware.
https://isc.sans.edu/diary/rss/29146
Firefoxs New Service Gives You a Burner Phone Number To Cut Down on Spam
Firefox Relay, a Mozilla service designed to hide your "real" email address by giving you virtual ones to hand out, is expanding to offer virtual phone numbers. From a report: In a blog post Mozilla product manager Tony Amaral-Cinotto explains that the relay service generates a phone number for you to give out to companies if you suspect they might use it to send you spam messages in the future, or if you think they might share it with others who will.
https://news.slashdot.org/story/22/10/13/1124240/firefoxs-new-service-gives-you-a-burner-phone-number-to-cut-down-on-spam
PiRogue Tool Suite Mobile forensic & network analysis on a Raspberry Pie
PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting mobile devices both Android and iOS, internet of things devices (devices that are connected to the user mobile apps), and in general any device using wi-fi to connect to the Internet.
https://pts-project.org/
PoC Published for Fortinet Vulnerability as Mass Exploitation Attempts Begin
Details and a proof-of-concept (PoC) exploit have been published for the recent Fortinet vulnerability tracked as CVE-2022-40684, just as cybersecurity firms are seeing what appears to be the start of mass exploitation attempts.
https://www.securityweek.com/poc-published-fortinet-vulnerability-mass-exploitation-attempts-begin
Ransom Cartel Ransomware: A Possible Connection With REvil
Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview.
https://unit42.paloaltonetworks.com/ransom-cartel-ransomware/
Seven tips to run effective security awareness campaigns
Planning large-scale security awareness campaigns throws up many questions to grapple with. How can you make sure your campaign reaches the right people? What-s the best way to inspire them to take action? And how do you run a security awareness campaign so realistic it gets banned by the national post office?
https://connect.geant.org/2022/10/14/seven-tips-to-run-effective-security-awareness-campaigns
Shodan Verified Vulns 2022-10-01
Mit Stand 2022-10-01 sieht Shodan in Österreich die folgenden Schwachstellen: [...]
https://cert.at/de/aktuelles/2022/10/shodan-verified-vulns-2022-10-01
Vulnerabilities
IBM Security Bulletins
IBM Performance Management, IBM Watson Discovery for IBM Cloud Pak for Data, IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data, IBM Cloud Pak System
https://www.ibm.com/blogs/psirt/
Security updates for Friday
Security updates have been issued by Debian (chromium), Fedora (dbus, dhcp, expat, kernel, thunderbird, vim, and weechat), Mageia (libofx, lighttpd, mediawiki, and python), Oracle (.NET 6.0 and .NET Core 3.1), Slackware (python3), SUSE (chromium, kernel, libosip2, python-Babel, and python-waitress), and Ubuntu (gThumb, heimdal, linux-aws, linux-gcp-4.15, linux-aws-hwe, linux-gcp, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, postgresql-9.5, and xmlsec1).
https://lwn.net/Articles/911168/
Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service
This advisory contains mitigations for Allocation of Resources Without Limits or Throttling and Code Injection vulnerabilities in versions of Hitachi Energy Lumada Asset Performance Manager (APM) software.
https://us-cert.cisa.gov/ics/advisories/icsa-22-286-05
OpenSSL Infinite loop when parsing certificates CVE-2022-0778
Version: 1.7, Date: 14-Oct-2022, Description: Fixed product(s) lists are updated: GMS, Analytics, SonicWave, SonicSwitch, Connect Tunnel Client.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
Joomla KSAdvertiser 2.5.37 Cross Site Scripting
https://cxsecurity.com/issue/WLB-2022100035
Android App "IIJ SmartKey" vulnerable to information disclosure
https://jvn.jp/en/jp/JVN74534998/
Pulse Secure Pulse Connect Secure: Mehrere Schwachstellen ermöglichen Denial of Service
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1717
Red Hat Enterprise Linux (Advanced Cluster Management): Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1715
Atlassian Jira Software: Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1719
Octopus Deploy: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1720