End-of-Day report
Timeframe: Freitag 19-08-2022 18:00 - Montag 22-08-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
241 npm and PyPI packages caught dropping Linux cryptominers
More than 200 malicious packages were discovered infiltrating the PyPI and npm open source registries this week. These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.
https://www.bleepingcomputer.com/news/security/241-npm-and-pypi-packages-caught-dropping-linux-cryptominers/
New tool checks if in-app mobile browsers inject risky code on sites
A new online tool named InAppBrowser lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.
https://www.bleepingcomputer.com/news/security/new-tool-checks-if-in-app-mobile-browsers-inject-risky-code-on-sites/
LockBit claims ransomware attack on security giant Entrust, leaks data
The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust.
https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-security-giant-entrust-leaks-data/
Multi-Faktor-Authentisierung umgehen: Malware klaut automatisiert Cookies
Um Multi-Faktor-Authentisierung umgehen zu können, klauen Kriminelle vermehrt Browser-Cookies mittels Malware.
https://www.golem.de/news/multi-faktor-authentisierung-umgehen-malware-klaut-automatisiert-cookies-2208-167763.html
Meet Borat RAT, a New Unique Triple Threat
Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen?
https://thehackernews.com/2022/08/meet-borat-rat-new-unique-triple-threat.html
Sicherer im Internet surfen: Obacht vor gefälschten DDoS-Check-Websites
Wer im Internet ohne Nachzudenken klickt, kann sich schnell einen Trojaner einfangen. Nun warnen Sicherheitsforscher vor einer weiteren Malware-Masche.
https://heise.de/-7238985
Bösartige Apps im Google Play Store: Mehr als zwei Millionen Downloads
Bitdefender hat 35 bösartige Apps in Googles Play Store entdeckt. Sie kommen zusammen auf mehr als zwei Millionen Downloads.
https://heise.de/-7239109
Kriminelle kapern Facebook-Konten und bewerben Fake-Investment-Plattformen
Tom und zahlreiche andere Personen wurden von Claudia auf Facebook bei einem Beitrag markiert. Der Beitrag ist ein Link zu einem Artikel, wie man mit einer Investment-Plattform in kurzer Zeit viel Geld verdienen kann. Vorsicht: Dabei handelt es sich um Betrug.
https://www.watchlist-internet.at/news/kriminelle-kapern-facebook-konten-und-bewerben-fake-investment-plattformen/
Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
Recent exploits observed in the wild are highlighted based on the availability of proofs of concept, the severity of the vulnerabilities the exploits are based on and the ease of exploitation.
https://unit42.paloaltonetworks.com/recent-exploits-network-security-trends/
Hackers are using this sneaky exploit to bypass Microsofts multi-factor authentication
Attackers guessed the password of a dormant account and were able to apply their own MFA to it - providing access to the victims network.
https://www.zdnet.com/article/hackers-are-using-this-sneaky-trick-to-exploit-dormant-microsoft-cloud-accounts-and-bypass-multi-factor-authentication/
Sicherheitslücken - jetzt auch in deiner Appliance
Die Entwickler des quelloffenen Frameworks YARA haben vor knapp zwei Wochen fast schon heimlich still und leise eine neue Version veröffentlicht, v4.2.3, welche in der medialen Berichterstattung beinahe untergegangen ist.
https://cert.at/de/blog/2022/8/sicherheitslucken-jetzt-auch-in-deiner-appliance
CISA Adds One Known Exploited Vulnerabilities to Catalog
CISA has added a new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
https://us-cert.cisa.gov/ncas/current-activity/2022/08/22/cisa-adds-one-known-exploited-vulnerabilities-catalog
Sicherheit: Wenn plötzlich ein (Fake-)"Office 365-Paket" per Post kommt
Kleine Warnung, die sich vor allem an unerfahrene Leser dieses Blogs bzw. Nutzer richtet. Kriminelle verschicken wohl Päckchen an (vorwiegend ältere Leute), in denen vorgeblich ein Microsoft Office enthalten ist.
https://www.borncity.com/blog/2022/08/21/sicherheit-wenn-pltzlich-ein-office-paket-per-post-kommt/
Vulnerabilities
Uncovering a ChromeOS remote memory corruption vulnerability
Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
https://www.microsoft.com/security/blog/2022/08/19/uncovering-a-chromeos-remote-memory-corruption-vulnerability/
"As Nasty as Dirty Pipe" - 8 Year Old Linux Kernel Vulnerability Uncovered
Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe." Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level.
https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html
Security updates for Monday
Security updates have been issued by Debian (jetty9 and kicad), Fedora (community-mysql and trafficserver), Gentoo (chromium, gettext, tomcat, and vim), Mageia (apache-mod_wsgi, libitrpc, libxml2, teeworlds, wavpack, and webkit2), Red Hat (podman), Slackware (vim), SUSE (java-1_8_0-openjdk, nodejs10, open-iscsi, rsync, and trivy), and Ubuntu (exim4).
https://lwn.net/Articles/905590/
YARA 4.2.3 Released, (Sat, Aug 20th)
https://isc.sans.edu/diary/rss/28964
Security Bulletin: This Power System update is being released to address CVE 2021-29891
https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2021-29891/
Security Bulletin: This Power System update is being released to address CVE-2019-16649 and CVE-2019-16650
https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2019-16649-and-cve-2019-16650/
Security Bulletin: Vulnerabilities with OpenJDK affect IBM Cloud Object Storage Systems (August 2022v1)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-openjdk-affect-ibm-cloud-object-storage-systems-august-2022v1/
Security Bulletin: This Power System update is being released to address CVE 2022-0778
https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2022-0778/
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring RRT Agent (CVE-2021-45346)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-rrt-agent-cve-2021-45346/
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak-3/
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak-2/
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak/