Tageszusammenfassung - 06.09.2022

End-of-Day report

Timeframe: Montag 05-09-2022 18:00 - Dienstag 06-09-2022 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer


New EvilProxy service lets all hackers use advanced phishing tactics

A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI.


Mythic Case Study: Assessing Common Offensive Security Tools

Having covered the Sliver C2 framework in a previous post (May 2022), this blog will continue our examination of Cobalt Strike -alternatives-, focusing on the Mythic C2 framework.


Analysis of an Encoded Cobalt Strike Beacon, (Tue, Sep 6th)

Someone reached out to me for the analysis of a Cobalt Strike beacon. This is the sample.


TA505 Groups TeslaGun In-Depth Analysis

TA505 is a financially motivated threat group that has been active since 2014. The group frequently changes its malware attack strategies in response to global cybercrime trends. It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on.


Vorsicht vor gefälschten PayPal-Nachrichten

Gefälschte PayPal-Nachrichten befinden sich momentan vermehrt im Umlauf. Sie haben eine angebliche Rechnung von PayPal erhalten, über ein Produkt, das Sie nicht bestellt haben? Oder es wird eine Vorabzahlung für eine angebliche Transaktion gefordert? Ignorieren Sie diese Nachrichten, sie sind Fake!


Mirai Variant MooBot Targeting D-Link Devices

Attackers are leveraging known vulnerabilities in D-Link devices to deliver MooBot, a Mirai variant, potentially leading to further DDoS attacks.


Shikitega - New stealthy malware targeting Linux

Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.


Over Half of Global Firms Supply Chains Compromised by Ransomware

Cybersecurity leader Trend Micro announced new research today that reveals global organizations are increasingly at risk of ransomware compromise via their extensive supply chains.


Play Ransomwares Attack Playbook Similar to that of Hive, Nokoyawa

Play is a new ransomware that takes a page out of Hive and Nokoyawas playbook. The many similarities among them indicate that Play, like Nokoyawa, are operated by the same people.



Fortinet Security Advisories 2022-09-06

On Sep 06, 2022, Fortinet has released 12 advisories for issues resolved in Fortinet products. (Severity: Low (2), Medium (9), High (1))


Security updates for Tuesday

Security updates have been issued by Red Hat (pcs), SUSE (389-ds and firefox), and Ubuntu (linux-hwe-5.4 and linux-oracle).


Hitachi Storage: Mehrere Schwachstellen

Ein Angreifer kann mehrere Schwachstellen in Hitachi Storage ausnutzen, um Informationen offenzulegen und beliebigen Code zur Ausführung zu bringen.


Hitachi Energy TXpert Hub CoreTec 4


Triangle Microworks Libraries


AVEVA Edge 2020 R2 SP1 and all prior versions


Cognex 3D-A1000 Dimensioning System