Tageszusammenfassung - 22.08.2022

End-of-Day report

Timeframe: Freitag 19-08-2022 18:00 - Montag 22-08-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer

News

241 npm and PyPI packages caught dropping Linux cryptominers

More than 200 malicious packages were discovered infiltrating the PyPI and npm open source registries this week. These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.

https://www.bleepingcomputer.com/news/security/241-npm-and-pypi-packages-caught-dropping-linux-cryptominers/


New tool checks if in-app mobile browsers inject risky code on sites

A new online tool named InAppBrowser lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.

https://www.bleepingcomputer.com/news/security/new-tool-checks-if-in-app-mobile-browsers-inject-risky-code-on-sites/


LockBit claims ransomware attack on security giant Entrust, leaks data

The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust.

https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-security-giant-entrust-leaks-data/


Multi-Faktor-Authentisierung umgehen: Malware klaut automatisiert Cookies

Um Multi-Faktor-Authentisierung umgehen zu können, klauen Kriminelle vermehrt Browser-Cookies mittels Malware.

https://www.golem.de/news/multi-faktor-authentisierung-umgehen-malware-klaut-automatisiert-cookies-2208-167763.html


Meet Borat RAT, a New Unique Triple Threat

Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen?

https://thehackernews.com/2022/08/meet-borat-rat-new-unique-triple-threat.html


Sicherer im Internet surfen: Obacht vor gefälschten DDoS-Check-Websites

Wer im Internet ohne Nachzudenken klickt, kann sich schnell einen Trojaner einfangen. Nun warnen Sicherheitsforscher vor einer weiteren Malware-Masche.

https://heise.de/-7238985


Bösartige Apps im Google Play Store: Mehr als zwei Millionen Downloads

Bitdefender hat 35 bösartige Apps in Googles Play Store entdeckt. Sie kommen zusammen auf mehr als zwei Millionen Downloads.

https://heise.de/-7239109


Kriminelle kapern Facebook-Konten und bewerben Fake-Investment-Plattformen

Tom und zahlreiche andere Personen wurden von Claudia auf Facebook bei einem Beitrag markiert. Der Beitrag ist ein Link zu einem Artikel, wie man mit einer Investment-Plattform in kurzer Zeit viel Geld verdienen kann. Vorsicht: Dabei handelt es sich um Betrug.

https://www.watchlist-internet.at/news/kriminelle-kapern-facebook-konten-und-bewerben-fake-investment-plattformen/


Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More

Recent exploits observed in the wild are highlighted based on the availability of proofs of concept, the severity of the vulnerabilities the exploits are based on and the ease of exploitation.

https://unit42.paloaltonetworks.com/recent-exploits-network-security-trends/


Hackers are using this sneaky exploit to bypass Microsofts multi-factor authentication

Attackers guessed the password of a dormant account and were able to apply their own MFA to it - providing access to the victims network.

https://www.zdnet.com/article/hackers-are-using-this-sneaky-trick-to-exploit-dormant-microsoft-cloud-accounts-and-bypass-multi-factor-authentication/


Sicherheitslücken - jetzt auch in deiner Appliance

Die Entwickler des quelloffenen Frameworks YARA haben vor knapp zwei Wochen fast schon heimlich still und leise eine neue Version veröffentlicht, v4.2.3, welche in der medialen Berichterstattung beinahe untergegangen ist.

https://cert.at/de/blog/2022/8/sicherheitslucken-jetzt-auch-in-deiner-appliance


CISA Adds One Known Exploited Vulnerabilities to Catalog

CISA has added a new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

https://us-cert.cisa.gov/ncas/current-activity/2022/08/22/cisa-adds-one-known-exploited-vulnerabilities-catalog


Sicherheit: Wenn plötzlich ein (Fake-)"Office 365-Paket" per Post kommt

Kleine Warnung, die sich vor allem an unerfahrene Leser dieses Blogs bzw. Nutzer richtet. Kriminelle verschicken wohl Päckchen an (vorwiegend ältere Leute), in denen vorgeblich ein Microsoft Office enthalten ist.

https://www.borncity.com/blog/2022/08/21/sicherheit-wenn-pltzlich-ein-office-paket-per-post-kommt/

Vulnerabilities

Uncovering a ChromeOS remote memory corruption vulnerability

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).

https://www.microsoft.com/security/blog/2022/08/19/uncovering-a-chromeos-remote-memory-corruption-vulnerability/


"As Nasty as Dirty Pipe" - 8 Year Old Linux Kernel Vulnerability Uncovered

Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe." Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level.

https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html


Security updates for Monday

Security updates have been issued by Debian (jetty9 and kicad), Fedora (community-mysql and trafficserver), Gentoo (chromium, gettext, tomcat, and vim), Mageia (apache-mod_wsgi, libitrpc, libxml2, teeworlds, wavpack, and webkit2), Red Hat (podman), Slackware (vim), SUSE (java-1_8_0-openjdk, nodejs10, open-iscsi, rsync, and trivy), and Ubuntu (exim4).

https://lwn.net/Articles/905590/


YARA 4.2.3 Released, (Sat, Aug 20th)

https://isc.sans.edu/diary/rss/28964


Security Bulletin: This Power System update is being released to address CVE 2021-29891

https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2021-29891/


Security Bulletin: This Power System update is being released to address CVE-2019-16649 and CVE-2019-16650

https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2019-16649-and-cve-2019-16650/


Security Bulletin: Vulnerabilities with OpenJDK affect IBM Cloud Object Storage Systems (August 2022v1)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-openjdk-affect-ibm-cloud-object-storage-systems-august-2022v1/


Security Bulletin: This Power System update is being released to address CVE 2022-0778

https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2022-0778/


Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring RRT Agent (CVE-2021-45346)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-rrt-agent-cve-2021-45346/


Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak-3/


Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak-2/


Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak/