Tageszusammenfassung - 27.09.2022

End-of-Day report

Timeframe: Montag 26-09-2022 18:00 - Dienstag 27-09-2022 18:00 Handler: Thomas Pribitzer Co-Handler: n/a

News

Hackers use PowerPoint files for mouseover malware delivery

The threat actor lures targets with a PowerPoint (.PPT) file allegedly linked to the Organization for Economic Co-operation and Development (OECD), an intergovernmental organization working towards stimulating economic progress and trade worldwide.

https://www.bleepingcomputer.com/news/security/hackers-use-powerpoint-files-for-mouseover-malware-delivery/

New Erbium password-stealing malware spreads as game cracks, cheats

The new Erbium information-stealing malware is being distributed as fake cracks and cheats for popular video games to steal victims credentials and cryptocurrency wallets.

https://www.bleepingcomputer.com/news/security/new-erbium-password-stealing-malware-spreads-as-game-cracks-cheats/

Pass-the-Hash Attacks and How to Prevent them in Windows Domains

Hackers often start out with nothing more than a low-level user account and then work to gain additional privileges that will allow them to take over the network. One of the methods that is commonly used to acquire these privileges is a pass-the-hash attack.

https://www.bleepingcomputer.com/news/security/pass-the-hash-attacks-and-how-to-prevent-them-in-windows-domains/

Anlagebetrug: Vorsicht vor Diensten, die Ihnen helfen wollen, Ihr verlorenes Geld zurückzubekommen

Haben Sie bei einer betrügerischen Investmentplattform Geld verloren? Dann nehmen Sie sich vor Folgebetrug in Acht. Kriminelle bewerben Dienstleistung, die Ihnen angeblich dabei helfen, Ihr verlorenes Geld zurückzubekommen. Angebote von finanzaufsicht.com oder firstmoneyback.com sind aber Fake! Sie werden erneut betrogen!

https://www.watchlist-internet.at/news/anlagebetrug-vorsicht-vor-diensten-die-ihnen-helfen-wollen-ihr-verlorenes-geld-zurueckzubekommen/

More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID

Polyglot files, such as the malicious CHM file analyzed here, can be abused to hide from anti-malware systems that rely on file format identification.

https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload/

What happens with a hacked Instagram account - and how to recover it

Had your Instagram account stolen? Don-t panic - here-s how to get your account back and how to avoid getting hacked (again).

https://www.welivesecurity.com/2022/09/26/what-happens-hacked-instagram-account-how-recover/

Vulnerabilities

Security updates for Tuesday

Security updates have been issued by Debian (dovecot and firefox-esr), Fedora (firefox and grafana), Red Hat (firefox and thunderbird), Slackware (dnsmasq and vim), SUSE (dpdk, firefox, kernel, libarchive, libcaca, mariadb, openvswitch, opera, permissions, podofo, snakeyaml, sqlite3, unzip, and vsftpd), and Ubuntu (expat, libvpx, linux-azure-fde, linux-oracle, squid, squid3, and webkit2gtk).

https://lwn.net/Articles/909576/

SECURITY - ABB Central Licensing System Vulnerabilities, impact on ABB Ability SCADAvantage

https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A3198&LanguageCode=en&DocumentPartId=&Action=Launch

Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-commons-fileupload-affects-ibm-tivoli-business-service-manager-cve-2013-2186-cve-2013-0248-cve-2016-3092-cve-2014-0050-220723/

Security Bulletin: A vulnerability in FasterXML Woodstox affects IBM Tivoli Business Service Manager (220573)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-fasterxml-woodstox-affects-ibm-tivoli-business-service-manager-220573/