Tageszusammenfassung - 22.02.2024

End-of-Day report

Timeframe: Mittwoch 21-02-2024 18:00 - Donnerstag 22-02-2024 18:00 Handler: Thomas Pribitzer Co-Handler: n/a


New SSH-Snake malware steals SSH keys to spread across the network

A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure.


Google Play Store: Banking-Trojaner nimmt europäische Nutzer ins Visier

Im Google Play Store tauchen Varianten des Anatsa-Banking-Trojaners auf. Sie kommen auf über 100.000 Installationen.


Why ransomware gangs love using RMM tools-and how to stop them

More and more ransomware gangs are using RMM tools in their attacks.


Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures

In the ever-evolving landscape of cyber threats, ransomware remains a persistent menace, with groups like Lorenz actively exploiting vulnerabilities in small to medium businesses globally.


Angriffe gegen ConnectWise ScreenConnect

Die Remote Desktop und Access Software ConnectWise ScreenConnect ist aktuell Ziel von Cyberangriffen. Der Hersteller der Software hatte kürzlich ein Security Advisory bezüglich Authentication Bypass und Path Traversal Vulnerabilities veröffentlicht und dieses inzwischen um Hinweise auf bereits laufende Angriff und Indikatoren für eine bereits stattgefundene Kompromittierung erweitert.


TinyTurla-NG in-depth tooling and command and control analysis

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.


LockBit Attempts to Stay Afloat With a New Version

This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.


Decrypted: HomuWitch Ransomware

HomuWitch is a ransomware strain that initially emerged in July 2023. Unlike the majority of current ransomware strains, HomuWitch targets end-users - individuals - rather than institutions and companies.


-To live is to fight, to fight is to live! - IBM ODM Remote Code Execution

In today-s match-up, we-re looking at various versions(both old and new!) of IBM-s -Operational Decision Manager- (ODM).



Codeschmuggel-Lücke in diversen HP Laser-Druckern

HP warnt mit gleich zwei Sicherheitsmeldungen vor Lücken in diversen Laserjet-Druckern. Firmwareupdates sollen sie schließen.


Security updates for Thursday

Security updates have been issued by CentOS (python-pillow), Debian (firefox-esr and imagemagick), Fedora (kernel, mbedtls, rust-asyncgit, rust-bat, rust-cargo-c, rust-eza, rust-git-absorb, rust-git-delta, rust-git2, rust-gitui, rust-libgit2-sys, rust-lsd, rust-pore, rust-pretty-git-prompt, rust-shadow-rs, rust-silver, rust-tokei, and rust-vergen), Gentoo (LibreOffice), Red Hat (kpatch-patch), Slackware (mozilla), SUSE (docker, python-pycryptodome, python3, and qemu), [...]


Progress Kemp LoadMaster (Load-Balancer) Schwachstelle CVE-2024-1212

Zum 8. Februar 2024 gab es den Hinweis für Administratoren, die den Load-Balancer LoadMaster von Progress Kemp verwenden, dessen Firmware zu aktualisieren.


2024-02-22: Cyber Security Advisory - B&R Automation Studio & Technology Guarding products use insufficient communication encryption


IBM Security Bulletins


WAGO: Multiple products affected by Terrapin


[R1] Tenable Identity Exposure Secure Relay Version 3.59.4 Fixes Multiple Vulnerabilities


[R1] Tenable Identity Exposure Version 3.59.4 Fixes Multiple Vulnerabilities


Delta Electronics CNCSoft-B DOPSoft