End-of-Day report
Timeframe: Dienstag 06-12-2022 18:00 - Mittwoch 07-12-2022 18:00
Handler: Stephan Richter
Co-Handler: Thomas Pribitzer
News
For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers
Microsoft, three others release patches to fix a vulnerability in their respective products that enables such manipulation. Other EDR products potentially are affected as well.
https://www.darkreading.com/vulnerabilities-threats/cyberattackers-popular-edr-tools-destructive-data-wipers
DEV-0139 launches targeted attacks against the cryptocurrency industry
Microsoft security researchers investigate an attack where the threat actor, tracked DEV-0139, used chat groups to target specific cryptocurrency investment companies and run a backdoor within their network.
https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/
New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network
A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software.
https://thehackernews.com/2022/12/new-go-based-zerobot-botnet-exploiting.html
ChatGPT shows promise of using AI to write malware
For even the most skilled hackers, it can take at least an hour to write a script to exploit a software vulnerability and infiltrate their target. Soon, a machine may be able to do it in mere seconds.
https://www.cyberscoop.com/chatgpt-ai-malware/
So schützen Sie sich vor Scams
Beim Scamming - auch Vorschussbetrug genannt - versuchen Kriminelle, Sie zu einer Vorauszahlung zu drängen. Sie werden beispielsweise mit einem Millionengewinn, einer Erbschaft oder einem günstigen Kreditangebot geködert.
https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-scams/
OpenSSL punycode - with hindsight
The next Heartbleeds were about to be announced, two critical vulnerabilities that affect everyone and everything, everywhere. And then they were released. And everyone was let down.
https://blog.checkpoint.com/2022/12/07/openssl-punycode-with-hindsight/
Malware Distributed with Disguised Filenames (RIGHT-TO-LEFT OVERRIDE)
In August, the ASEC analysis team made a post on the malware being distributed with filenames that utilize RTLO (Right-To-Left Override).
https://asec.ahnlab.com/en/43518/
Industry 4.0: CNC Machine Security Risks Part 3
This three-part blog series explores the risks associated with CNC machines
https://www.trendmicro.com/en_us/research/22/l/cnc-machine-security-risks-part-3.html
Vulnerabilities
Fortinet schließt Sicherheitslücken in mehreren Produkten
Für zahlreiche Produkte aus dem Portfolio hat Fortinet Sicherheitsupdates herausgegeben. Sie schließen teils hochriskante Schwachstellen.
https://heise.de/-7368520
Dienste-Monitoring: Angreifer können Cacti beliebigen Code unterschieben
In der Webanwendung Cacti, die etwa zur Diensteüberwachung dient, könnten Angreifer beliebigen Code einschleusen und ausführen. Ein Patch ist verfügbar.
https://heise.de/-7369455
Jetzt patchen: Fehlkonfiguration in Netgear-Router lässt Angreifer auf das Gerät
Forscher warnen vor Fremdzugriffen auf den Nighthawk WiFi 6 Router von Netgear. Ein Update ist verfügbar, soll sich aber nicht automatisch installieren.
https://heise.de/-7369071
Security updates for Wednesday
Security updates have been issued by Debian (cgal, ruby-rails-html-sanitizer, and xfce4-settings), Red Hat (dbus, grub2, kernel, pki-core, and usbguard), Scientific Linux (pki-core), SUSE (bcel, LibVNCServer, and xen), and Ubuntu (ca-certificates and u-boot).
https://lwn.net/Articles/917208/
Cross-Site Scripting in Handy Macros for Confluence (SYSS-2022-049)
Durch eine Cross-Site Scripting-Schwachstelle im "Handy Tip"-Makro in Handy Macros for Confluence kann ausführbarer Schadcode in Seiten eingebaut werden.
https://www.syss.de/pentest-blog/cross-site-scripting-in-handy-macros-for-confluence-syss-2022-049
K35253541: Java vulnerabilities CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14797
https://support.f5.com/csp/article/K35253541
K71522481: Java vulnerability CVE-2021-2163
https://support.f5.com/csp/article/K71522481
Sprecher SPRECON-E-C/-E-P/-E-T3: Schwachstelle in der Firmwareverifikation
https://www.sprecher-automation.com/it-sicherheit/security-alerts