End-of-Day report
Timeframe: Freitag 02-12-2022 18:00 - Montag 05-12-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
BlackProxies proxy service increasingly popular among hackers
A new residential proxy market is becoming popular among hackers, cybercriminals, phishers, scalpers, and scammers, selling access to a million claimed proxy IP addresses worldwide.
https://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/
Hackers use new, fake crypto app to breach networks, steal cryptocurrency
The North Korean Lazarus hacking group is linked to a new attack spreading fake cryptocurrency apps under the made-up brand, "BloxHolder," to install the AppleJeus malware for initial access to networks and steal crypto assets.
https://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/
If one sheep leaps over the ditch-
In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend.
https://securelist.com/crimeware-report-ransomware-tactics-vulnerable-drivers/108197/
OWASP Top 10 CI/CD Security Risks
This document helps defenders identify focus areas for securing their CI/CD ecosystem. It is the result of extensive research into attack vectors associated with CI/CD, and the analysis of high profile breaches and security flaws.
https://owasp.org/www-project-top-10-ci-cd-security-risks/
#StopRansomware: Cuba Ransomware Alert (AA22-335A)
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.
https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
CryWiper: Fake-Ransomware zerstört Daten insbesondere in Russland
Die Virenanalysten von Kaspersky haben den Schädling CryWiper entdeckt, der sich als Ransomware ausgibt, Daten aber unwiderbringlich zerstört.
https://heise.de/-7366160
Vulnerabilities
Severe AMI MegaRAC flaws impact servers from AMD, ARM, HPE, Dell, others
Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers.
https://www.bleepingcomputer.com/news/security/severe-ami-megarac-flaws-impact-servers-from-amd-arm-hpe-dell-others/
Sicherheitsupdate: Schadcode könnte durch Sophos-Firewalls schlüpfen
Die Entwickler des Sicherheitssoftware-Anbieters Sophos haben in hauseigenen Firewalls sieben Sicherheitslücken geschlossen. Eine gilt als kritisch.
https://heise.de/-7366076
Sicherheitslücke: Codeschmuggel mit Ping in FreeBSD
Angreifer könnten FreeBSD mit manipulierten Ping-Anfragen zum Ausführen untergejubelten Schadcodes bringen. Aktualisierungen stehen bereit.
https://heise.de/-7366590
Notfall-Update: Zero-Day-Sicherheitslücke in Google Chrome unter Beschuss
Google hat ein ungeplantes Update für Chrome herausgegeben. Damit schließt der Hersteller eine Sicherheitslücke im Webbrowser, die derzeit angegriffen wird.
https://heise.de/-7365415
Veritas NetBackup: Update schließt teils kritische Scherheitslücken
In Veritas NetBackup Flex Scale und Access Appliance könnten Angreifer aus dem Netz ohne Anmeldung Befehle einschleusen. Hotfixes beheben die Fehler.
https://heise.de/-7365984
Security updates for Monday
Security updates have been issued by Debian (awstats, chromium, clamav, g810-led, giflib, http-parser, jhead, libpgjava, node-cached-path-relative, node-fetch, and vlc), Fedora (fastnetmon, kernel, librime, qpress, rr, thunderbird, and wireshark), Red Hat (kernel, kernel-rt, and kpatch-patch), Slackware (mozilla), SUSE (cherrytree and chromium), and Ubuntu (libbpf, libxml2, linux-gcp-5.15, linux-gke, linux-gke-5.15, and linux-gke).
https://lwn.net/Articles/916979/