End-of-Day report
Timeframe: Dienstag 06-09-2022 18:00 - Mittwoch 07-09-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
So schützen Sie sich vor Schadsoftware!
Auf dubiosen Websites, in betrügerischen E-Mails, in scheinbar harmlosen Chat-Nachrichten oder durch Sicherheitslücken in nicht aktualisierten Programmen: Schadsoftware kann auf unterschiedlichen Wegen auf Ihren Computer gelangen, um dort beispielsweise sensible Daten auszulesen und zu stehlen oder gar ganze Systeme lahmzulegen.
https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-schadsoftware/
Worok: The big picture
Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files.
https://www.welivesecurity.com/2022/09/06/worok-big-picture/
Wie Cyberkriminelle USB missbrauchen
Den Fluch des Universal Serial Bus (USB) und die Attraktion für Cyberkriminelle untersucht Andrew Rose, Resident CISO, EMEA bei Proofpoint, in einem Gastbeitrag.
https://www.zdnet.de/88403293/wie-cyberkriminelle-usb-missbrauchen/?utm_source=rss&utm_medium=rss&utm_campaign=rss
AA22-249A: #StopRansomware: Vice Society
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.
https://us-cert.cisa.gov/ncas/alerts/aa22-249a
Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issues
Since Aug. 20, 2022, Cisco Talos has been monitoring suspected distributed denial-of-service (DDoS) attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service (RaaS) data leak sites.
http://blog.talosintelligence.com/2022/09/ransomware-leaksite-ddos.html
Vulnerabilities
IBM Security Bulletins 2022-09-06
IBM Elastic Storage System, IBM Planning Analytics Workspace, IBM Rational Asset analyzer, IBM App Connect Enterprise, IBM Integration Bus, IBM WebSphere Application Server Liberty, IBM Sterling Connect, IBM Spectrum Scale, IBM SPSS Analytic Server, IBM Business Automation Workflow.
https://www.ibm.com/blogs/psirt/
Auf NAS-Systeme von Zyxel könnte Schadcode gelangen
Aktualisierte Firmware-Versionen schließen eine kritische Sicherheitslücke in mehreren NAS-Modellen des Herstellers Zyxel.
https://heise.de/-7255585
Security updates for Wednesday
Security updates have been issued by Fedora (curl, protobuf-c, and vim) and SUSE (gimp, java-1_8_0-openj9, libostree, openvswitch, python-bottle, python-Flask-Security-Too, and zabbix).
https://lwn.net/Articles/907382/
K12055286: Intel CPU vulnerability CVE-2021-33060
https://support.f5.com/csp/article/K12055286
Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual
https://cert.vde.com/de/advisories/VDE-2022-039/
Helmholz: Unauthenticated user enumeration in myREX24 and myREX24.virtual
https://cert.vde.com/de/advisories/VDE-2022-017/
MB connect line: Unauthenticated user enumeration in mbCONNECT24 and mymbCONNECT24
https://cert.vde.com/de/advisories/VDE-2022-011/
[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.21.0: Patch SC-202209.1
https://www.tenable.com/security/tns-2022-18