End-of-Day report
Timeframe: Donnerstag 17-03-2022 18:00 - Freitag 18-03-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
New Unix rootkit used to steal ATM banking data
Threat analysts following the activity of LightBasin, a financially motivated group of hackers, report the discovery of a previously unknown Unix rootkit that is used to steal ATM banking data and conduct fraudulent transactions.
https://www.bleepingcomputer.com/news/security/new-unix-rootkit-used-to-steal-atm-banking-data/
Open Source: NPM-Paket löscht Dateien aus Protest gegen Ukrainekrieg
Ein weitverbreitetes NPM-Paket löscht die Dateien von russischen Entwicklern und vervielfältigt Anti-Kriegsbotschaften.
https://www.golem.de/news/open-source-npm-paket-loescht-dateien-aus-protest-gegen-ukrainekrieg-2203-163958-rss.html
Scans for Movable Type Vulnerability (CVE-2021-20837), (Fri, Mar 18th)
Yesterday, our honeypots started seeing many requests scanning for the Movable Type API. Movable Type is a content management system comparable to WordPress or Drupal.
https://isc.sans.edu/diary/rss/28454
New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers
ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks.
https://thehackernews.com/2022/03/new-variant-of-russian-cyclops-blink.html
Neue Phishing-Methode kombiniert Fax und Captchas
Um den Anti-Phishing-Filter auszutricksen, packt eine neue Angriffsmethode Links in Fax-PDFs und versteckt die gefälschte Webseite hinter einem Google-Captcha.
https://heise.de/-6587105
How to protect RDP
RDP is still a popular target for attackers, so how do you keep your remote desktops safe?
https://blog.malwarebytes.com/security-world/business-security-world/2022/03/protect-rdp-access-ransomware-attacks/
Diese Betrugsmaschen sollten LinkedIn-NutzerInnen kennen
LinkedIn wird vor allem mit Professionalität verbunden. Das ist wohl auch ein Grund, wieso LinkedIn weniger mit Betrug in Zusammenhang gebracht wird. Das spielt Kriminellen in die Hände, die mit Fake-Profilen Schadsoftware verbreiten können, betrügerische Jobs anbieten oder mit Hilfe von Phishing-Mails versuchen an sensible Daten zu kommen.
https://www.watchlist-internet.at/news/diese-betrugsmaschen-sollten-linkedin-nutzerinnen-kennen/
Strengthening Cybersecurity of SATCOM Network Providers and Customers
CISA and FBI strongly encourage critical infrastructure organizations and, specifically, organizations that are SATCOM network providers or customers to review the joint CSA and implement the mitigations.
https://us-cert.cisa.gov/ncas/current-activity/2022/03/17/strengthening-cybersecurity-satcom-network-providers-and-customers
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (python-treq), Fedora (openvpn, pesign, rust-regex, and thunderbird), Oracle (expat), Red Hat (kpatch-patch-4_18_0-147_58_1), Slackware (bind and openssl), SUSE (python-lxml), and Ubuntu (apache2).
https://lwn.net/Articles/888412/
CVE-2021-28372: How a Vulnerability in Third-Party Technology Is Leaving Many IP Cameras and Surveillance Systems Vulnerable
CVE-2021-28372, a vulnerability in third-party software commonly built into many IP cameras, highlights issues in IoT supply chain security.
https://unit42.paloaltonetworks.com/iot-supply-chain-cve-2021-28372/
Security Bulletin: A vulnerability in IBM® SDK, Java- may affect IBM Decision Optimization Center (CVE-2021-35603)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-sdk-java-may-affect-ibm-decision-optimization-center-cve-2021-35603/
Security Bulletin: Multiple vulnerabilities in IBM® Java- may affect IBM ILOG CPLEX Optimization Studio (CVE-2022-21360, CVE-2022-21365)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-may-affect-ibm-ilog-cplex-optimization-studio-cve-2022-21360-cve-2022-21365/
Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2021-4104, CVE-2021-29469, CVE-2021-44531, CVE-2021-44531, CVE-2022-21824, CVE-2021-29899, CVE-2021-27290 )
https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilites-that-affect-ibm-engineering-requirements-quality-assistant-on-premises-cve-2021-4104-cve-2021-29469-cve-2021-44531-cve-2021-44531-cve-2022-218/
Security Bulletin: Information disclosure vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-CVE-2021-39046
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affects-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-cve-2021-39046/
Security Bulletin: A vulnerability in IBM® SDK, Java- may affect IBM Decision Optimization Center (CVE-2021-35550)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-sdk-java-may-affect-ibm-decision-optimization-center-cve-2021-35550/
Security Bulletin: Multiple vulnerabilities in IBM® Java- Runtime may affect IBM Decision Optimization Center (CVE-2022-21360, CVE-2022-21365)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-may-affect-ibm-decision-optimization-center-cve-2022-21360-cve-2022-21365/
K08173228: Multiple Intel CPU vulnerabilities
https://support.f5.com/csp/article/K08173228
Synology-SA-22:04 OpenSSL
https://www.synology.com/en-global/support/security/Synology_SA_22_04
Microsoft Edge: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K22-0329