Diese Woche hat eine weiterer Java Bug namens "Spring4Shell" Unruhe verbreitet.
Zum Glück ist dieser nicht ganz so dramatisch wie Log4Shell.
Vulnerabilities & Patches
- Fix für Schwachstelle CVE-2022-104 in Sophos Firewall (v18.5 MR3)
- Root-Lücke im netfilter-Subsystem des Linux-Kernels
- What Is SpringShell? What We Know About the SpringShell Vulnerability
- Apple pushes out two emergency 0-day updates – get ’em now!
- Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 - SANS Internet Storm Center
- Trend Micro fixes actively exploited remote code execution bug
- Critical GitLab vulnerability lets attackers take over accounts
- VMware released updates to fix the Spring4Shell vulnerability in multiple products
- Zero-Day-Lücken: Ältere macOS- und iOS-Versionen weiter angreifbar
- Netzwerkausstatter: Zahlreiche Schwachstellen in Cisco-Produkten
- Western Digital fixes critical bug giving root on My Cloud NAS devices
Incidents
- MailChimp breached, intruders conducted phishing attacks against crypto customers
Cybercrime
- Two teenagers charged in relation to LAPSUS$ hacking group investigation
- Crooks use fake emergency data requests to get personal info out of Big Tech – report
- Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin
- FIN7 Hacking Group Member Sentenced To Five Years Behind Bars
- Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware
- Hamas-linked Hackers Targeting High-Ranking Israelis Using 'Catfish' Lures
- FIN7 hacker sentenced to five years
Malware
- New Python-based Ransomware Targeting JupyterLab Web Notebooks
- Malware FFDroider zielt auf Social Media-Nutzer
Cybernews
- Viasat shares details on KA-SAT satellite service cyberattack
- Windows Autopatch Aims to Make Patch Tuesday 'Just Another Tuesday' for Enterprises
- Raspberry Pi removes default user to hinder brute-force attacks
- GitHub can now alert of supply-chain bugs in new dependencies
- GitHub can now auto-block commits containing API keys, auth tokens
- Vorläufige Einigung zwischen EU und USA im Trans-Atlantic Data Privacy Framework
Tipps & Links
- https://github.com/Lissy93/personal-security-checklist