Tageszusammenfassung - 05.12.2022

End-of-Day report

Timeframe: Freitag 02-12-2022 18:00 - Montag 05-12-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

BlackProxies proxy service increasingly popular among hackers

A new residential proxy market is becoming popular among hackers, cybercriminals, phishers, scalpers, and scammers, selling access to a million claimed proxy IP addresses worldwide.

https://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/


Hackers use new, fake crypto app to breach networks, steal cryptocurrency

The North Korean Lazarus hacking group is linked to a new attack spreading fake cryptocurrency apps under the made-up brand, "BloxHolder," to install the AppleJeus malware for initial access to networks and steal crypto assets.

https://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/


If one sheep leaps over the ditch-

In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend.

https://securelist.com/crimeware-report-ransomware-tactics-vulnerable-drivers/108197/


OWASP Top 10 CI/CD Security Risks

This document helps defenders identify focus areas for securing their CI/CD ecosystem. It is the result of extensive research into attack vectors associated with CI/CD, and the analysis of high profile breaches and security flaws.

https://owasp.org/www-project-top-10-ci-cd-security-risks/


#StopRansomware: Cuba Ransomware Alert (AA22-335A)

This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

https://www.cisa.gov/uscert/ncas/alerts/aa22-335a


CryWiper: Fake-Ransomware zerstört Daten insbesondere in Russland

Die Virenanalysten von Kaspersky haben den Schädling CryWiper entdeckt, der sich als Ransomware ausgibt, Daten aber unwiderbringlich zerstört.

https://heise.de/-7366160

Vulnerabilities

Severe AMI MegaRAC flaws impact servers from AMD, ARM, HPE, Dell, others

Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers.

https://www.bleepingcomputer.com/news/security/severe-ami-megarac-flaws-impact-servers-from-amd-arm-hpe-dell-others/


Sicherheitsupdate: Schadcode könnte durch Sophos-Firewalls schlüpfen

Die Entwickler des Sicherheitssoftware-Anbieters Sophos haben in hauseigenen Firewalls sieben Sicherheitslücken geschlossen. Eine gilt als kritisch.

https://heise.de/-7366076


Sicherheitslücke: Codeschmuggel mit Ping in FreeBSD

Angreifer könnten FreeBSD mit manipulierten Ping-Anfragen zum Ausführen untergejubelten Schadcodes bringen. Aktualisierungen stehen bereit.

https://heise.de/-7366590


Notfall-Update: Zero-Day-Sicherheitslücke in Google Chrome unter Beschuss

Google hat ein ungeplantes Update für Chrome herausgegeben. Damit schließt der Hersteller eine Sicherheitslücke im Webbrowser, die derzeit angegriffen wird.

https://heise.de/-7365415


Veritas NetBackup: Update schließt teils kritische Scherheitslücken

In Veritas NetBackup Flex Scale und Access Appliance könnten Angreifer aus dem Netz ohne Anmeldung Befehle einschleusen. Hotfixes beheben die Fehler.

https://heise.de/-7365984


Security updates for Monday

Security updates have been issued by Debian (awstats, chromium, clamav, g810-led, giflib, http-parser, jhead, libpgjava, node-cached-path-relative, node-fetch, and vlc), Fedora (fastnetmon, kernel, librime, qpress, rr, thunderbird, and wireshark), Red Hat (kernel, kernel-rt, and kpatch-patch), Slackware (mozilla), SUSE (cherrytree and chromium), and Ubuntu (libbpf, libxml2, linux-gcp-5.15, linux-gke, linux-gke-5.15, and linux-gke).

https://lwn.net/Articles/916979/