Tageszusammenfassung - 03.11.2022

End-of-Day report

Timeframe: Mittwoch 02-11-2022 18:00 - Donnerstag 03-11-2022 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer

News

Emotet botnet starts blasting malware again after 5 month break

The Emotet malware operation is again spamming malicious emails after almost a five-month "vacation" that saw little activity from the notorious cybercrime operation.

https://www.bleepingcomputer.com/news/security/emotet-botnet-starts-blasting-malware-again-after-5-month-break/


Hundreds of U.S. news sites push malware in supply-chain attack

The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S.

https://www.bleepingcomputer.com/news/security/hundreds-of-us-news-sites-push-malware-in-supply-chain-attack/


Was tun, wenn ich Opfer von Cybercrime geworden bin?

Die Online-Identität kann schnell gestohlen werden, wenn jemand seine Daten auf unseriösen Websites eingibt. Dann kann es zu weiteren Konsequenzen kommen.

https://futurezone.at/digital-life/cybercrime-identitaetsdiebstahl-phishing-e-mails-passwoerter-it-sicherheit/402203712


The OpenSSL security update story - how can you tell what needs fixing?

How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...

https://nakedsecurity.sophos.com/2022/11/03/the-openssl-security-update-story-how-can-you-tell-what-needs-fixing/


P2P Botnets: Review - Status - Continuous Monitoring

P2P networks are more scalable and robust than traditional C/S structures, and these advantages were recognized by the botnet authors early on and used in their botnets.

https://blog.netlab.360.com/p2p-botnets-review-status-continuous-monitoring/


Breakpoints in Burp, (Wed, Nov 2nd)

No, this is not a story about the Canadian Thanksgiving long weekend, it's about web application testing. I recently had a web application to assess, and I used Burp Suite Pro as part of that project.

https://isc.sans.edu/diary/rss/29214


Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro.

https://thehackernews.com/2022/11/hackers-using-rogue-versions-of-keepass.html


Researchers discover security loophole allowing attackers to use Wi-Fi to see through walls

The Wi-Peep exploits a loophole the researchers call polite Wi-Fi. Even if a network is password protected, smart devices will automatically respond to contact attempts from any device within range. The Wi-Peep sends several messages to a device as it flies and then measures the response time on each, enabling it to identify the devices location to within a meter.

https://techxplore.com/news/2022-11-loophole-wi-fi-walls.html


Passwörter: 64 Prozent der User verwenden Kennwörter mehrmals

Eine Umfrage unter 3750 Angestellten auch aus deutschen Organisationen fördert bedenkliche Passwortnutzung zutage. Und das trotz besseren Wissens.

https://heise.de/-7328871


BSI-Lagebericht 2022: Gefährdungslage im Cyber-Raum hoch wie nie

Im Berichtszeitraum hat sich die bereits zuvor angespannte Lage weiter zugespitzt. Grund dafür sind anhaltende Aktivitäten im Bereich der Cyber-Kriminalität, Cyber-Angriffe im Kontext des russischen Angriffs auf die Ukraine und eine unzureichende Produktqualität von IT- und Software-Produkten.

https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/221025_Lagebericht.html


A new crop of malicious modules found on PyPI

Phylum has posted anarticle with a detailed look at a set of malicious packages discoveredby an automated system they have developed. Similar to this attacker-s previous attempts, this particular attack starts by copying existing popular libraries and simply injecting a malicious __import__ statement into an otherwise healthy codebase.

https://lwn.net/Articles/913555/


Vorsicht vor Scam-Versuchen auf Telegram

Eine Nachricht auf Telegram erreicht Sie aus heiterem Himmel: Jemand, den Sie nicht kennen bietet Ihnen eine lukrative Investment-Möglichkeit an, oder sogar eine große Summe Geld. Vorsicht, bei diesen Nachrichten handelt es sich um Betrugsversuche!

https://www.watchlist-internet.at/news/vorsicht-vor-scam-versuchen-auf-telegram/


Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild

We present new techniques that leverage active probing and network fingerprint technology to help you detect Cobalt Strike-s Team Servers.

https://unit42.paloaltonetworks.com/cobalt-strike-team-server/


ASEC Weekly Malware Statistics (October 24th, 2022 - October 30th, 2022)

This post will list weekly statistics collected from October 24th, 2022 (Monday) to October 30th (Sunday).

https://asec.ahnlab.com/en/41139/

Vulnerabilities

Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)

Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October 25th 2022, fixed in version 3.0.7. As part of our standard processes, we are rolling out fixes for impacted services.

https://msrc-blog.microsoft.com/2022/11/02/microsoft-guidance-related-to-openssl-risk-cve-2022-3786-and-cve-2202-3602/


IBM Security Bulletins 2022-11-02

Content Collector for Email in Content Search Services container, IBM Business Automation Workflow, IBM Business Process Manager (BPM), IBM InfoSphere DataStage, IBM MQ, IBM Operations Analytics - Log Analysis, IBM SPSS Modeler, IBM Security SOAR, Platform Navigator and Automation Assets in IBM Cloud Pak for Integration

https://www.ibm.com/blogs/psirt/


Schwachstellenscanner Nessus: Updates schließen mehrere Sicherheitslücken

Der Netzwerk-Schwachstellenscanner Nessus behebt mit neuen Versionen mehrere Schwachstellen in Drittherstellerkomponenten. Admins sollten sie installieren.

https://heise.de/-7328440


Patchday Fortinet: FortiSIEM speichert Log-in-Daten unverschlüsselt

Es gibt wichtige Updates für Sicherheitsprodukte von Fortinet. Darunter etwa FortiADC und FortiOS. Keine Lücke gilt als kritisch.

https://heise.de/-7328476


(Non-US) DIR-1935 : Rev. Ax : F/W v1.03b02 :: Multiple Vulnerabilities

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10310


Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product

https://www.securityweek.com/splunk-patches-9-high-severity-vulnerabilities-enterprise-product


ETIC Telecom Remote Access Server (RAS)

https://us-cert.cisa.gov/ics/advisories/icsa-22-307-01


Nokia ASIK AirScale System Module

https://us-cert.cisa.gov/ics/advisories/icsa-22-307-02


Delta Industrial Automation DIALink

https://us-cert.cisa.gov/ics/advisories/icsa-22-307-03