Auch diese Woche habe ich wieder die wichtigsten Neuigkeiten gesammelt. Ein mehere Jahre alter Bug in polkit's pkexec erlaubt es sehr leicht Root Rechte zu erlangen. Chinesische APT hat es auf Deutsche Industrieunternehmen abgesehen. Apple schließt ZeroDay Lücken in iOS und MacOS. Zudem gibt es ein kleines OSINT Schmankerl zum Verfassungsschutz von Lilith Wittmann, sehr lesenswert!
Vulnerabilities & Patches
Windows vulnerability with new public exploits lets you become admin Microsoft Restricts Excel 4.0 Macros by Default Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets Update now! Apple pushes out security patches for iPhone and Mac zero-day vulnerabilities Bug Alert: Local privilege escalation in pkexec, a core Linux system component Linux kernel bug can let hackers escape Kubernetes containers A flaw in Rust Programming language could allow to delete files and directories Vulnerabilities in Control Web Panel potentially expose Linux Servers to hack
Cybercrime
Russian Authorities Arrest Head of International Cybercrime Group | SecurityWeek.Com REvil Ransomware Operations Apparently Unaffected by Recent Arrests High anxiety spreads among Russian criminal groups in wake of REvil raid Hackers say they encrypted Belarusian Railway servers in protest North Korean Hackers Using Windows Update Service to Infect PCs with Malware MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists | IT Security News Alleged carder gang mastermind and three acolytes under arrest in Russia
Malware
Emotet-Botnet verstärkt Aktivitäten Emotet spam uses unconventional IP address formats to evade detection A new highly evasive technique used to deliver the AsyncRAT Malware North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks Lockbit ransomware gang claims to have hacked Ministry of Justice of France TrickBot now crashes researchers' browsers to block malware analysis TrickBot Malware Using New Techniques to Evade Web Injection Attacks French Ministry of Justice Targeted in Ransomware Attack | SecurityWeek.Com New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key New MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks Malicious PowerPoint files used to push remote access trojans
Incidents
Verfassungsschutz: "Hyperbro"-Angriffskampagne auf deutsche Unternehmen Sicherheit: Erfolgreicher Angriff auf Nutzerkonten bei Thalia NCSC alerts UK orgs to brace for destructive Russian cyberattacks Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users Segway e-store compromised in a Magecart attack to steal credit cards 33.000 hochsensible Mails aus dem Ausländeramt Lübeck bei eBay verkauft. Dark Souls 3 Servers Shut Down Due to Critical RCE Bug North Korea Hackers Gain $400 Million in Cryptocurrency Scams - MSSP Alert Puerto Rico was hit by a major cyberattack
Cybernews
EU to create pan-European cyber incident coordination framework EU to fund bug bounty programs for LibreOffice, Mastodon, three others Bayern und Sachsen-Anhalt entscheiden sich gegen die Luca-App Google sued in US over 'deceptive' location tracking UK govt releasing Nmap scripts to find unpatched vulnerabilities FBI warns of malicious QR codes used to steal your money Staff negligence is now a major reason for insider security incidents Impulse für die sichere Digitalisierung Deutschlands: BSI richtet 18. Deutschen IT-Sicherheitskongress aus
Tipps & Links
Bundesservice Telekommunikation — enttarnt: Dieser Geheimdienst steckt dahinter Windows Server 2022 absichern (Hardening)