Tageszusammenfassung - 03.03.2023

End-of-Day report

Timeframe: Donnerstag 02-03-2023 18:00 - Freitag 03-03-2023 18:00 Handler: Robert Waldner Co-Handler: Michael Schlagenhaufer

News

FBI and CISA warn of increasing Royal ransomware attack risks

CISA and the FBI have issued a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education.

https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-increasing-royal-ransomware-attack-risks/

Persistence Techniques That Persist

In this blog post, we will focus on how malware can achieve persistence by abusing the Windows Registry. Specifically, we will focus on lesser-known techniques, many of which have been around since the days of Windows XP and are just as effective today on Windows 10 and 11.

https://www.cyberark.com/resources/threat-research-blog/persistence-techniques-that-persist

NIST Cybersecurity Framework 2.0: Aktualisierte Leitlinien gegen Cybercrime

Weil sich die IT-Angriffslandschaft stetig ändert, hat das US-amerikanische Institute of Standards and Technology sein Cybersecurity-Framework aktualisiert.

https://heise.de/-7534206

FAQ: Welche Cyberangriffe es gibt und wie sich Risiken vermeiden lassen

Cyberangriffe können jeden betreffen, doch mit ein paar einfachen Maßnahmen können Sie Ihr persönliches Risiko zumindest minimieren.

https://heise.de/-7523370

Thousands of Websites Hijacked Using Compromised FTP Credentials

Cybersecurity startup Wiz warns of a widespread redirection campaign in which thousands of websites have been compromised using legitimate FTP credentials.

https://www.securityweek.com/thousands-of-websites-hijacked-using-compromised-ftp-credentials/

Of Degens and Defrauders: Using Open-Source Investigative Tools to Investigate Decentralized Finance Frauds and Money Laundering. (arXiv:2303.00810v1 [cs.CR])

This study demonstrates how open-source investigative tools can extract transaction-based evidence that could be used in a court of law to prosecute DeFi frauds. Additionally, we investigate how these funds are subsequently laundered.

http://arxiv.org/abs/2303.00810

Vulnerabilities

IBM Security Bulletins 2023-03-03

IBM Cloud Pak, IBM Financial Transaction Manager, Operations Dashboard, IBM App Connect Enterprise Certified Container, IBM Sterling Connect:Express, IBM HTTP Server, IBM Spectrum Control, IBM Aspera Faspex, IBM SAN, IBM Storwize, IBM Spectrum Virtualize, IBM FlashSystem, IBM Maximo, IBM WebSphere Remote Server, IBM Business Automation Workflow, Rational Functional Tester.

https://www.ibm.com/support/pages/bulletin/

Schadcode-Attacken auf HPE Serviceguard unter Linux möglich

Die Entwickler haben in Serviceguard for Linux von HPE drei Sicherheitslücken geschlossen. Abgesicherte Version stehen zum Download bereit.

https://heise.de/-7534361

Security updates for Friday

Security updates have been issued by Debian (linux-5.10 and node-css-what), SUSE (gnutls, google-guest-agent, google-osconfig-agent, nodejs10, nodejs14, nodejs16, opera, pkgconf, python-cryptography, python-cryptography-vectors, rubygem-activesupport-4_2, thunderbird, and tpm2-0-tss), and Ubuntu (git, kernel, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-ibm, linux-lowlatency, linux-oracle, linux-azure-fde, linux-oem-5.14, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, php7.0, python-pip, ruby-rack, spip, and sudo).

https://lwn.net/Articles/925060/

Lücken in Intel-CPUs: Microsoft veröffentlicht außerplanmäßiges Sicherheitsupdate

Es soll insgesamt vier Lücken stopfen. Die Schwachstellen sind allerdings schon seit Juni 2022 bekannt. Betroffen sind Windows 10, Windows 11 und Windows Server.

https://www.zdnet.de/88407530/luecken-in-intel-cpus-microsoft-veroeffentlicht-ausserplanmaessiges-sicherheitsupdate/