End-of-Day report
Timeframe: Dienstag 03-01-2023 18:00 - Mittwoch 04-01-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Jetzt patchen! Noch 60.000 Exchange-Server für ProxyNotShell-Attacken anfällig
Sicherheitsforscher warnen vor verwundbaren Exchange-Servern. 30.000 davon sind in Europa - der Großteil in Deutschland. Sicherheitspatches sind verfügbar.
https://heise.de/-7448029
l+f: Flipper Zero - Delfin auf Phishing-Tour
Vorsicht beim Kauf des beliebten Hacking-Gadgets Flipper Zero. Cyberkriminelle haben Fake-Shops eingerichtet, um Interessierte abzukassieren.
https://heise.de/-7448371
Nur noch eine Woche Zeit: Support-Ende von Windows 8.1
Die letzten Stunden für Windows 8.1 haben geschlagen. In nicht einmal einer Woche stellt Microsoft die Unterstützung für Windows 8.1 endgültig ein.
https://heise.de/-7448516
Update to RTRBK - Diff and File Dates in PowerShell, (Wed, Jan 4th)
I use my RTRBK script pretty much every week, every single time that I work with a client that doesn't have their network gear in a backup cycle in fact. (for a review of this tool, see the original post https://isc.sans.edu/diary/RTRBK+Router+Switch+Firewall+Backups+in+PowerShell+tool+drop/22079 ) Anyway, I was considering how I could improve this script, aside from adding more and more device types to the backups. A "diff" report was my obvious first thought - [...]
https://isc.sans.edu/diary/rss/29400
Breaking RSA with a Quantum Computer
A group of Chinese researchers have just published a paper claiming that they can-although they have not yet done so-break 2048-bit RSA. This is something to take seriously. It might not be correct, but it-s not obviously wrong. We have long known from Shor-s algorithm that factoring with a quantum computer is easy. But it takes a big quantum computer, on the orders of millions of qbits, to factor anything resembling the key sizes we use today. What the researchers have done is combine classical lattice reduction factoring techniques with a quantum approximate optimization algorithm.
https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html
Androids First Security Updates for 2023 Patch 60 Vulnerabilities
Google announced on Tuesday the first Android security updates for 2023, which patch a total of 60 vulnerabilities. The first part of the update, which arrives on devices as the 2023-01-01 security patch level, addresses 19 security defects in the Framework and System components.
https://www.securityweek.com/androids-first-security-updates-2023-patch-60-vulnerabilities
Ransomware predictions in 2023: more gov-t action and a pivot to data extortion
There were thousands of ransomware attacks in 2022, from breaches targeting militaries to incidents that brought entire governments to a standstill. Ransomware giants like Conti closed shop, while groups like LockBit and Hive took their place, attacking thousands of hospitals, governments, businesses and schools across the world. So what does 2023 have in store for us?
https://therecord.media/ransomware-predictions-in-2023-more-govt-action-and-a-pivot-to-data-extortion/
DeTT&CT: Automate your detection coverage with dettectinator
Last year, I published an article on mapping detection to the MITRE ATT&CK framework using DeTT&CT. In the article, we introduced DeTT&CT and explored its features and usage. If you missed it, you can find the article here. Although, after writing that article, I encountered some challenges. For instance, I considered using DeTT&CT in a production environment but there were hundreds of existing detection rules to consider, and it would have been a tedious process to manually create the necessary YAML file for building a detection coverage layer.
https://blog.nviso.eu/2023/01/04/dettct-automate-your-detection-coverage-with-dettectinator/
Shc Linux Malware Installing CoinMiner
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.
https://asec.ahnlab.com/en/45182/
Three easy steps to dramatically improve your AWS security posture: Step 1, set up IAM properly
Have you ever heard the saying that the greatest benefit of the cloud is that limitless resources can be spun-up with just a few clicks of the mouse? If so, you would be best served by forgetting that saying altogether. Just because cloud resources can be spun-up with a few clicks of the mouse does not mean that they should be. Rather, prior to launching anything in the cloud, careful consideration and planning are a necessity.
https://cybersecurity.att.com/blogs/security-essentials/three-easy-steps-to-dramatically-improve-your-aws-security-posture-step-1-set-up-iam-properly
Vulnerabilities
January 2023 Vulnerability Advisories
FortiTester (CVSS Score: 7.6), FortiPortal (CVSS Score: 6.6), FortiWeb (CVSS Score: 5.3), FortiManager (CVSS Score: 6), FortiADC (CVSS Score: 8.6)
https://fortiguard.fortinet.com/psirt-monthly-advisory/january-2023-vulnerability-advisories
Security updates for Wednesday
Security updates have been issued by Fedora (xorg-x11-server-Xwayland), Red Hat (webkit2gtk3), SUSE (rmt-server), and Ubuntu (freeradius).
https://lwn.net/Articles/919051/
IBM Security Bulletins 2023-01-04
IBM Common Licensings Administration And Reporting Tool (ART), IBM DataPower Gateway, IBM Global Mailbox, IBM Integration Bus, IBM MQ, IBM Security Verify Governance, IBM Sterling Global Mailbox, IBM WebSphere MQ, IBM WebSphere Message Broker, ITNM
https://www.ibm.com/support/pages/bulletin/