End-of-Day report
Timeframe: Montag 05-09-2022 18:00 - Dienstag 06-09-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
New EvilProxy service lets all hackers use advanced phishing tactics
A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI.
https://www.bleepingcomputer.com/news/security/new-evilproxy-service-lets-all-hackers-use-advanced-phishing-tactics/
Mythic Case Study: Assessing Common Offensive Security Tools
Having covered the Sliver C2 framework in a previous post (May 2022), this blog will continue our examination of Cobalt Strike -alternatives-, focusing on the Mythic C2 framework.
https://team-cymru.com/blog/2022/09/06/mythic-case-study-assessing-common-offensive-security-tools/
Analysis of an Encoded Cobalt Strike Beacon, (Tue, Sep 6th)
Someone reached out to me for the analysis of a Cobalt Strike beacon. This is the sample.
https://isc.sans.edu/diary/rss/29014
TA505 Groups TeslaGun In-Depth Analysis
TA505 is a financially motivated threat group that has been active since 2014. The group frequently changes its malware attack strategies in response to global cybercrime trends. It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on.
https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis
Vorsicht vor gefälschten PayPal-Nachrichten
Gefälschte PayPal-Nachrichten befinden sich momentan vermehrt im Umlauf. Sie haben eine angebliche Rechnung von PayPal erhalten, über ein Produkt, das Sie nicht bestellt haben? Oder es wird eine Vorabzahlung für eine angebliche Transaktion gefordert? Ignorieren Sie diese Nachrichten, sie sind Fake!
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-paypal-nachrichten/
Mirai Variant MooBot Targeting D-Link Devices
Attackers are leveraging known vulnerabilities in D-Link devices to deliver MooBot, a Mirai variant, potentially leading to further DDoS attacks.
https://unit42.paloaltonetworks.com/moobot-d-link-devices/
Shikitega - New stealthy malware targeting Linux
Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.
https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linux
Over Half of Global Firms Supply Chains Compromised by Ransomware
Cybersecurity leader Trend Micro announced new research today that reveals global organizations are increasingly at risk of ransomware compromise via their extensive supply chains.
https://newsroom.trendmicro.com/2022-09-06-Over-Half-of-Global-Firms-Supply-Chains-Compromised-by-Ransomware
Play Ransomwares Attack Playbook Similar to that of Hive, Nokoyawa
Play is a new ransomware that takes a page out of Hive and Nokoyawas playbook. The many similarities among them indicate that Play, like Nokoyawa, are operated by the same people.
https://www.trendmicro.com/en_us/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html
Vulnerabilities
Fortinet Security Advisories 2022-09-06
On Sep 06, 2022, Fortinet has released 12 advisories for issues resolved in Fortinet products. (Severity: Low (2), Medium (9), High (1))
https://fortiguard.fortinet.com/psirt?date=09-2022
Security updates for Tuesday
Security updates have been issued by Red Hat (pcs), SUSE (389-ds and firefox), and Ubuntu (linux-hwe-5.4 and linux-oracle).
https://lwn.net/Articles/907275/
Hitachi Storage: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Hitachi Storage ausnutzen, um Informationen offenzulegen und beliebigen Code zur Ausführung zu bringen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1292
Hitachi Energy TXpert Hub CoreTec 4
https://us-cert.cisa.gov/ics/advisories/icsa-22-249-04
Triangle Microworks Libraries
https://us-cert.cisa.gov/ics/advisories/icsa-22-249-01
AVEVA Edge 2020 R2 SP1 and all prior versions
https://us-cert.cisa.gov/ics/advisories/icsa-22-249-02
Cognex 3D-A1000 Dimensioning System
https://us-cert.cisa.gov/ics/advisories/icsa-22-249-03