Tageszusammenfassung - 05.01.2023

End-of-Day report

Timeframe: Mittwoch 04-01-2023 18:00 - Donnerstag 05-01-2023 18:00 Handler: Stephan Richter Co-Handler: Michael Schlagenhaufer

News

Bluebottle hackers used signed Windows driver in attacks on banks

A signed Windows driver has been used in attacks on banks in French-speaking countries, likely from a threat actor that stole more than $11 million from various banks.

https://www.bleepingcomputer.com/news/security/bluebottle-hackers-used-signed-windows-driver-in-attacks-on-banks/

SpyNote Android malware infections surge after source code leak

The Android malware family tracked as SpyNote (or SpyMax) has had a sudden increase in detections in the final quarter of 2022, which is attributed to a source code leak of one of its latest, known as CypherRat.

https://www.bleepingcomputer.com/news/security/spynote-android-malware-infections-surge-after-source-code-leak/

PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources

We take a deep dive into Automated Libra, the cloud threat actor group behind the freejacking campaign PurpleUrchin.

https://unit42.paloaltonetworks.com/purpleurchin-steals-cloud-resources/

ProxyNotShell Mitigations K.O.

Warum ist ProxyNotShell noch ein Thema? Die Schwachstellen wurden doch von Microsoft Anfang November geschlossen? Kurz gesagt, weil sich viele auf die letzte Mitigation von Microsoft verlassen haben, anstatt auf den November-Patch.

https://cert.at/de/blog/2023/1/proxynotshell-mitigations-ko

The dos and don-ts of ransomware negotiations

Has your organization suddenly been attacked by a ransomware virus? Take a deep breath and try to remain composed. It can be easy to panic or become overwhelmed in the face of an attack, but it is vital to remain calm and focused in order to make the best decisions for your organization.

https://cybersecurity.att.com/blogs/security-essentials/the-dos-and-donts-of-ransomware-negotiations

Dridex Returns, Targets MacOS Using New Entry Method

The Dridex variant we analyzed targets MacOS platforms with a new technique to deliver documents embedded with malicious macros to users.

https://www.trendmicro.com/en_us/research/23/a/-dridex-targets-macos-using-new-entry-method.html

Vulnerabilities

IBM Security Bulletins 2023-01-05

AIX, IBM Content Navigator, IBM Maximo Application Suite, IBM Robotic Process Automation, IBM Robotic Process Automation for Cloud Pak, IBM Security Verify Governance, IBM Sterling B2B Integrator, IBM TXSeries for Multiplatforms, IBM Tivoli Network Manager, ITNM, Operations Dashboard, TADDM, IBM Cloud Object Storage Systems

https://www.ibm.com/support/pages/bulletin/

Zoho fixt Datenbank-Lücke in Password Manager Pro und Zugriffskontroll-Software

Es gibt wichtige Sicherheitsupdates für die ManageEngine-Produkte Access Manager Plus, PAM360 und Password Manager Pro.

https://heise.de/-7449108

Patchday: Kritische Kernel-Lücken bedrohen Android

Google stellt gegen mögliche Attacken abgesicherte Android-Versionen 10, 11, 12, 12L und 13 zum Download bereit. Angreifer können sich Nutzerrechte verschaffen.

https://heise.de/-7449147

Fortinet stopft Schadcode-Lücken in Netzwerk-Produkten

Angreifer könnten unberechtigt unter anderem auf FortiManager zugreifen. Sicherheitsupdates stehen zum Download bereit.

https://heise.de/-7449288

Sicherheitspatch: Angreifer könnten Systeme mit IBM Tivoli Monitoring übernehmen

Schwachstellen in mehreren Komponenten bedrohen die System- und Netzwerküberwachungslösung IBM Tivoli Monitoring.

https://heise.de/-7449768

Security updates for Thursday

Security updates have been issued by Fedora (binwalk), Oracle (kernel and webkit2gtk3), Red Hat (webkit2gtk3), Slackware (vim), and Ubuntu (libksba and nautilus).

https://lwn.net/Articles/919112/