End-of-Day report
Timeframe: Freitag 22-04-2022 18:00 - Montag 25-04-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Einbruch in kritische Infrastrukturen: Experten zeigen, wie einfach es ist
Niederländische Forscher haben beim Hackerwettbewerb Pwn2Own demonstriert, wie leicht sich Industriesoftware übernehmen lässt, die zentrale Dienste steuert.
https://heise.de/-7062641
Netzwerkspeicher: Apple-Protokolle reißen Sicherheitslücken in Qnap-NAS
Die Unterstützung von Apples Netzwerkprotokollen durch netatalk in Qnap-NAS-Systemen bringt teils kritische Sicherheitslücken mit. Erste Updates stehen bereit.
https://heise.de/-7064336
Hacker-Gruppe Lapsus$ soll Sourcecode von T-Mobile kopiert haben
Angreifer sind mit erbeuteten Zugangsdaten in Computer-Systeme von T-Mobile eingebrochen. Kundendaten sollen nicht betroffen sein.
https://heise.de/-7063836
Fake-E-Mail von Spotify: Kriminelle versuchen Ihr Konto zu übernehmen
Kriminelle versenden momentan gefälschte Spotify-E-Mails, um Ihr Konto zu übernehmen und Kreditkartendaten zu stehlen. Nutzer:innen erhalten vom Absender -Spotify-Rechnung- ein Schreiben, in dem ein Problem mit Ihrer Zahlung vorgetäuscht wird. Im E-Mail werden Sie gebeten, auf einen Button zu klicken. Dieser führt dann auf eine gefälschte Spotify-Login-Seite. Daten, die dort eingetippt werden, landen direkt bei Kriminellen.
https://www.watchlist-internet.at/news/fake-e-mail-von-spotify-kriminelle-versuchen-ihr-konto-zu-uebernehmen/
New powerful Prynt Stealer malware sells for just $100 per month
Threat analysts have spotted yet another addition to the growing space of info-stealer malware infections, named Prynt Stealer, which offers powerful capabilities and extra keylogger and clipper modules.
https://www.bleepingcomputer.com/news/security/new-powerful-prynt-stealer-malware-sells-for-just-100-per-month/
DDoS attacks in Q1 2022
Against the backdrop of the conflict between Russia and Ukraine, the number of DDoS attacks in Q1 2022 increased by 4.5 times against Q1 2021. A significant proportion of them were by hacktivists.
https://securelist.com/ddos-attacks-in-q1-2022/106358/
Are Roku Streaming Devices Safe from Exploitation?, (Sat, Apr 23rd)
I have noticed in the past several weeks random scans specifically for Roku streaming devices (and likely other types) captured by my honeypot. If they can be compromised, what can be gain? Settings like stored payment information, personal information (email/password), subscription, App selected, etc. Like any other devices, it is important to keep the OS and Apps up-to-date.
https://isc.sans.edu/diary/rss/28578
Simple PDF Linking to Malicious Content, (Mon, Apr 25th)
Last week, I found an interesting piece of phishing based on a PDF file. Today, most of the PDF files that are delivered to end-user are not malicious, I mean that they dont contain an exploit to trigger a vulnerability and infect the victims computer. They are just used as a transport mechanism to deliver more malicious content. Yesterday, Didier analyzed the same kind of Word document[1]. They are more and more common because they are (usually) not blocked by common filters at the perimeter.
https://isc.sans.edu/diary/rss/28582
Researcher Releases PoC for Recent Java Cryptographic Vulnerability
A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following versions of Java SE and Oracle GraalVM Enterprise Edition - [...]
https://thehackernews.com/2022/04/researcher-releases-poc-for-recent-java.html
Defeating BazarLoader Anti-Analysis Techniques
Anti-analysis techniques make it harder for malware analysts to do their work. We cover BazarLoader anti-analysis techniques and how to defeat them.
https://unit42.paloaltonetworks.com/bazarloader-anti-analysis-techniques/
Webcam hacking: How to know if someone may be spying on you through your webcam
Camfecting doesn-t -just- invade your privacy - it could seriously impact your mental health and wellbeing. Here-s how to keep an eye on your laptop camera.
https://www.welivesecurity.com/2022/04/25/webcam-hacking-how-know-someone-spying/
Quantum Ransomware
In one of the fastest ransomware cases we have observed, in under four hours the threat actors went from initial access, to domain wide ransomware. The initial access vector for [...]
https://thedfirreport.com/2022/04/25/quantum-ransomware/
FBI Releases IOCs Associated with BlackCat/ALPHV Ransomware
The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks involving BlackCat/ALPHV, a Ransomware-as-a-Service that has compromised at least 60 entities worldwide. CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000167-MW and apply the recommended mitigations.
https://us-cert.cisa.gov/ncas/current-activity/2022/04/22/fbi-releases-iocs-associated-blackcatalphv-ransomware
Malware analysis report on SparrowDoor malware
A technical analysis of a new variant of the SparrowDoor malware.
https://www.ncsc.gov.uk/report/mar-sparrowdoor
Vulnerabilities
Critical Bug in Everscale Wallet Couldve Let Attackers Steal Cryptocurrencies
A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victims wallet.
https://thehackernews.com/2022/04/critical-bug-in-everscale-wallet.html
IBM Security Bulletins 2022-04-22
IBM Cloud Private, IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data, IBM Sterling File Gateway, IBM Watson Explorer, IBM Planning Analytics, IBM App Connect Enterprise
https://www.ibm.com/blogs/psirt/
IBM schließt kritische Sicherheitslücken in Cognos Analytics
In der Business-Intelligence-Software IBM Cognos Analytics könnten Angreifer unter anderem Schadcode einschleusen. Aktualisierte Software behebt die Probleme.
https://heise.de/-7063645
Sicherheitsupdates Atlassian Jira: Angreifer könnten Authentifizierung umgehen
Die Entwickler haben eine kritische Sicherheitslücke im Projektmanagement-Tool Jira geschlossen.
https://heise.de/-7063649
Security updates for Monday
Security updates have been issued by Fedora (kernel, kernel-headers, kernel-tools, libinput, podman-tui, and vim), Mageia (git, gzip/xz, libdxfrw, libinput, librecad, and openscad), and SUSE (dnsmasq, git, libinput, libslirp, libxml2, netty, podofo, SDL, SDL2, and tomcat).
https://lwn.net/Articles/892536/
Opportunistic Exploitation of WSO2 CVE-2022-29464
On April 18, 2022, MITRE published CVE-2022-29464, an unrestricted file upload vulnerability affecting various WSO2 products.
https://www.rapid7.com/blog/post/2022/04/22/opportunistic-exploitation-of-wso2-cve-2022-29464/
FreeRADIUS: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K22-0496
Multiple Vulnerabilities in Netatalk
https://www.qnap.com/en-us/security-advisory/QSA-22-12