End-of-Day report
Timeframe: Montag 29-01-2024 18:00 - Dienstag 30-01-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Ransomwareattacke: Hacker greifen interne Daten von Schneider Electric ab
Angeblich steckt die Ransomwaregruppe Cactus hinter dem Angriff. Sie hat offenbar mehrere TByte an Daten exfiltriert und fordert ein Lösegeld.
https://www.golem.de/news/ransomwareattacke-hacker-greifen-interne-daten-von-schneider-electric-ab-2401-181695.html
What did I say to make you stop talking to me?, (Tue, Jan 30th)
We use Cowrie to emulate an SSH and Telnet server for our honeypots. Cowrie is great software maintained by Michel Oosterhof.
https://isc.sans.edu/diary/rss/30604
New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility
Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnets infrastructure was dismantled in April 2022.
https://thehackernews.com/2024/01/new-zloader-malware-variant-surfaces.html
Is Your SAP Cloud Connector Safe? The Risk You Can-t Ignore
In this article, we will discuss security issues and provide recommendations to mitigate the risks associated with using SAP CC on the Windows platform.
https://redrays.io/blog/sap-cloud-connector-security/
Ransomware-Bericht: Immer weniger Opfer zahlen Lösegeld
Sicherheitsforscher zeigen aktuelle Trends bei Verschlüsselungstrojanern auf. Unter anderem schrumpfen die Summen von Lösegeldern.
https://www.heise.de/news/Ransomware-Bericht-Immer-weniger-Opfer-zahlen-Loesegeld-9613134.html
Lieber nicht: Abnehm-Pillen von Keto Base
In einem gefälschten Online-Artikel werden Abnehm-Pillen von Keto Base beworben. Angeblich wurde dieses -Wundermittel- zum schnellen Abnehmen in der TV-Show -Höhle des Löwen- vorgestellt und finanziert. Dabei handelt es sich aber um Fake News. Dieses Angebot ist unseriös und schädigt im schlimmsten Fall Ihrer Gesundheit.
https://www.watchlist-internet.at/news/lieber-nicht-abnehm-pillen-von-keto-base/
Trigona Ransomware Threat Actor Uses Mimic Ransomware
AhnLab SEcurity intelligence Center (ASEC) has recently identified a new activity of the Trigona ransomware threat actor installing Mimic ransomware.
https://asec.ahnlab.com/en/61000/
DarkGate malware delivered via Microsoft Teams - detection and response
While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector.
https://cybersecurity.att.com/blogs/security-essentials/darkgate-malware-delivered-via-microsoft-teams-detection-and-response
Vulnerabilities
DLL Proxying: Trend Micro liefert Updates, weitere Hersteller angreifbar
Bei Antivirenprogrammen mehrerer Hersteller haben IT-Forscher DLL-Proxying-Schwachstellen gefunden. Trend Micro hat schon Updates.
https://www.heise.de/news/DLL-Proxying-Trend-Micro-liefert-Updates-weitere-Hersteller-angreifbar-9612567.html
Security updates for Tuesday
Security updates have been issued by Debian (pillow, postfix, and redis), Fedora (python-templated-dictionary and selinux-policy), Red Hat (gnutls, kpatch-patch, libssh, and tomcat), and Ubuntu (amanda, ceph, linux-azure, linux-azure-4.15, linux-kvm, and tinyxml).
https://lwn.net/Articles/960008/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
XSA-450
https://xenbits.xen.org/xsa/advisory-450.html
XSA-449
https://xenbits.xen.org/xsa/advisory-449.html
Festo: Multiple products contain CoDe16 vulnerability
https://cert.vde.com/de/advisories/VDE-2023-063/
Pilz: Vulnerabiiity in PASvisu and PMI v8xx
https://cert.vde.com/de/advisories/VDE-2023-050/
Emerson Rosemount GC370XA, GC700XA, GC1500XA
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01
Mitsubishi Electric FA Engineering Software Products
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02
Mitsubishi Electric MELSEC WS Series Ethernet Interface Module
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-03
Zyxel security advisory for post-authentication command injection vulnerability in NAS products
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products-01-30-2024