End-of-Day report
Timeframe: Freitag 02-09-2022 18:00 - Montag 05-09-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Malware dev open-sources CodeRAT after being exposed
The source code of a remote access trojan (RAT) dubbed CodeRAT has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool.
https://www.bleepingcomputer.com/news/security/malware-dev-open-sources-coderat-after-being-exposed/
Quickie: Grep & Tail -f With Notepad++, (Mon, Sep 5th)
Notepad++ is a free and open source text editor for Windows. You can simulate grep-like functionality with Notepad++ in 2 steps.
https://isc.sans.edu/diary/rss/29018
Prynt Stealer Contains a Backdoor to Steal Victims Data Stolen by Other Cybercriminals
Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims exfiltrated data when used by other cybercriminals.
https://thehackernews.com/2022/09/prynt-stealer-contains-backdoor-to.html
Win32/Hive.ZY: Update stoppt Fehlalarmserie von Microsoft Defender unter Windows
Die Windows-Virenabwehr Defender hat fälschlicherweise Chrome, Edge & Co. als Trojaner eingestuft.
https://heise.de/-7253919
Ransomware: Der Trend geht zum Angriff auf Linux-Server
Trend Micro sieht im ersten Halbjahr 2022 ein Wachstum bei Ransomware-Angriffen. Linux-Umgebungen sind 75 Prozent häufiger ein Ziel als im Vorjahreszeitraum.
https://heise.de/-7254059
There-s Another Hole In Your SoC: Unisoc ROM Vulnerabilities
As part of this research, NCC Group focused on the secure boot chain implemented by UNISOC processors used in Android phones and tablets. Several vulnerabilities in the Boot ROM were discovered which could persistently undermine secure boot.
https://research.nccgroup.com/2022/09/02/theres-another-hole-in-your-soc-unisoc-rom-vulnerabilities/
Was tun, wenn mein Gerät mit Schadsoftware infiziert wurde?
Schadsoftware (auch Malware) kann viele Formen annehmen und mit unterschiedlichen Bedrohungen für Sie und Ihr Gerät einhergehen. Schäden, die dabei entstehen können, bewegen sich vom Datendiebstahl, über das Zuspammen mit Werbung bis hin zu Lösegeldforderungen.
https://www.watchlist-internet.at/news/was-tun-wenn-mein-geraet-mit-schadsoftware-infiziert-wurde/
Vulnerabilities
Jetzt patchen! Google warnt vor möglichen Attacken auf Chrome
Ein wichtiges Sicherheitsupdate schließt eine Lücke im Webbrowser Chrome.
https://heise.de/-7253510
Security updates for Monday
Security updates have been issued by Debian (flac, ghostscript, libmodbus, qemu, rails, ruby-rack, and thunderbird), Fedora (kernel, kernel-headers, kernel-tools, libtar, qt5-qtwebengine, subscription-manager-cockpit, tcpreplay, and vim), Mageia (chromium-browser-stable, webkit2, and ytnef), SUSE (curl, firefox, freerdp, gdk-pixbuf, ImageMagick, json-c, libgda, php-composer2, and python-pyxdg), and Ubuntu (libzstd, linux-aws, linux-aws-5.4, linux-azure-5.4, and linux-oem-5.17).
https://lwn.net/Articles/907201/
DeadBolt Ransomware
QNAP detected a new DeadBolt ransomware campaign on the morning of September 3rd, 2022 (GMT+8).
https://www.qnap.com/en-us/security-advisory/QSA-22-24
Security Bulletin: DataStage on Cloud Pak for Data Is Vulnerable to Sensitive Information Disclosure Error (CVE-2022-38714)
https://www.ibm.com/blogs/psirt/security-bulletin-datastage-on-cloud-pak-for-data-is-vulnerable-to-sensitive-information-disclosure-error-cve-2022-38714/
Security Bulletin: Information Disclosure and Denial of Service Vulnerabilities in the IBM Spectrum Protect Backup-Archive Client may affect IBM Spectrum Protect for Space Management (CVE-2022-22478, CVE-2022-22474)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-and-denial-of-service-vulnerabilities-in-the-ibm-spectrum-protect-backup-archive-client-may-affect-ibm-spectrum-protect-for-space-management-cve-2022-22478/
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2022
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-cloud-pak-for-business-automation-ifixes-for-august-2022/
Security Bulletin: Prototype pollution vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - [CVE-2021-23450]
https://www.ibm.com/blogs/psirt/security-bulletin-prototype-pollution-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2021-23450/
Security Bulletin: Persistent Cross-Site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2022-35644
https://www.ibm.com/blogs/psirt/security-bulletin-persistent-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2022-35644/
OTRS: Mehrere Schwachstellen
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1286