Tageszusammenfassung - 25.02.2022

End-of-Day report

Timeframe: Donnerstag 24-02-2022 18:00 - Freitag 25-02-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a


US and UK expose new malware used by MuddyWater hackers

MuddyWater is "targeting a range of government and private-sector organizations across sectors-including telecommunications, defense, local government, and oil and natural gas-in Asia, Africa, Europe, and North America.


Jester Stealer malware adds more capabilities to entice hackers

An infostealing piece of malware called Jester Stealer has been gaining popularity in the underground cybercrime community for its functionality and affordable prices.


Cyberangriffe im Ukraine-Krieg: BSI warnt Behörden und Unternehmen nachdrücklich

Das BSI hat ein weiteres Warnschreiben an Unternehmen und Behörden geschickt. Demnach gibt es Netzwerkscans und erste Wiper in Partnerstaaten.


Some details of the DDoS attacks targeting Ukraine and Russia in recent days

At 360Netlab, we continuously track botnets on a global scale through our BotMon system. In particular, for DDoS-related botnets, we further tap into their C2 communications to enable us really see the details of the attacks.


Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years.


-ID-app aktivieren-: Betrügerisches Mail im Namen der Volksbank im Umlauf

Kriminelle versenden derzeit betrügerische E-Mails im Namen der Volksbank, in der dazu aufgefordert wird die ID-app zu aktivieren. Diese App wird von der Volksbank tatsächlich angeboten, um mehr Sicherheit zu gewährleisten. In diesem Fall missbrauchen aber Kriminelle diese Sicherheitsmaßnahme, um an Ihre Zugangsdaten zu kommen.


Russia-Ukraine Crisis: How to Protect Against the Cyber Impact (Updated Feb. 24 to Include New Information on DDoS, HermeticWiper and Defacement)

We provide an overview of known cyberthreats related to the Russia-Ukraine crisis including DDoS attacks, HermeticWiper and defacement and share recommendations for proactive defense.


Mac-Malware auf dem Vormarsch

Die Sicherheitsgefahren für mobile Geräte und Macs nehmen zu. Festgestellt wurden die Mac-Malware-Familien Cimpli, Pirrit, Imobie, Shlayer und Genieo.


Threat Update - Ukraine & Russia conflict

In this report, NVISO CTI describes the cyber threat landscape of Ukraine and by extension the current situation.


New Infostealer -ColdStealer- Being Distributed

The ASEC analysis team has discovered the distribution of ColdStealer that appears to be a new type of infostealer.



Sicherheitsupdates: Java- und Kernel-Lücken in IBM AIX bedrohen Server

Angreifer könnten Server mit IBM AIX attackieren und im schlimmsten Fall die volle Kontrolle über Systeme erlangen.


Security updates for Friday

Security updates have been issued by Fedora (dotnet6.0, kernel, libarchive, libxml2, and wireshark), openSUSE (opera), Oracle (cyrus-sasl), Red Hat (cyrus-sasl, python-pillow, and ruby:2.5), Scientific Linux (cyrus-sasl), and Ubuntu (snapd).


Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities


Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832)


Security Bulletin: CVE-2021-35550 may affect IBM® SDK, Java- Technology Edition


Security Bulletin: Vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data


Security Bulletin: CVE-2021-35603 may affect IBM® SDK, Java- Technology Edition


Security Bulletin: Vulnerability in the AIX smbcd daemon (CVE-2021-38993)


Security Bulletin: IBM PowerVM Novalink is vulnerable to provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications.


Security Bulletin: IBM PowerVM Novalink could allow a remote authenticated attacker to conduct an LDAP injection.


Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM Application Server Liberty due to January 2022 CPU plus deferred CVE-2021-35550 and CVE-2021-35603


Mozilla VPN local privilege escalation via uncontrolled OpenSSL search path


FATEK Automation FvDesigner


Mitsubishi Electric EcoWebServerIII


Schneider Electric Easergy P5 and P3


Baker Hughes Bently Nevada 3500