Börzel IT
Updates
- Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution | SecurityWeek.Com
- Critical severity command injection vulnerability - CVE-2022-43781 - Create and track feature requests for Atlassian products.
- Microsoft Patchday
- Microsoft’s November 2022 Patch Tuesday Addresses 62 CVEs (CVE-2022-41073)
- Microsoft fixes bug behind Windows 10 freezes, desktop issues
- Microsoft fixes Windows Kerberos auth issues in emergency updates
- Microsoft fixes Windows zero-day bug exploited to push malware
- Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks
- Mozilla Releases Security Updates for Multiple Products | CISA
- Cisco Releases Security Updates for Identity Services Engine | CISA
- Cisco Releases Security Updates for Multiple Products | CISA
- Citrix urges admins to patch critical ADC, Gateway auth bypass
- CVE-2022-27510: Critical Citrix ADC and Gateway Authentication Bypass Vulnerability
- VMware Releases Security Updates | CISA
- VMware fixes three critical auth bypass bugs in remote access tool
- Chrome Stable Channel Update for Desktop
- Patchday: Angreifer könnten Android-Geräte über Attacken lahmlegen
Vorfälle
- China-Based Billbug APT Infiltrates Certificate Authority
- US govt: Iranian hackers breached federal agency using Log4Shell exploit
- Having refused to pay ransom, health insurer Medibank sees customer data posted online by hackers
- Medibank Confirms Data Breach Impacts 9.7 Million Customers | SecurityWeek.Com
Schwachstellen und Bedrohungen
- Exploit released for actively abused ProxyNotShell Exchange bug
- Instagram Impersonators Target Thousands, Slipping by Microsoft's Cybersecurity
- Magento stores targeted in massive surge of TrojanOrders attacks
- Microsoft urges devs to migrate away from .NET Core 3.1 ASAP
- Failures in Twitter’s Two-Factor Authentication System - Schneier on Security
- Industrie 4.0: CNC-Maschinen im Fadenkreuz von Cyberkriminellen
- Windows Kerberos authentication breaks after November updates
Cyber Crime
- Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police
- Top Zeus Botnet Suspect “Tank” Arrested in Geneva
- Alleged LockBit ransomware operator arrested in Canada
- Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide
- Ukraine arrests fraud ring members who made €200 million per year
- New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders
- North Korean hackers target European orgs with updated malware
- LockBit affiliate uses Amadey Bot malware to deploy ransomware
- Silk Road drugs market hacker pleads guilty, faces 20 years inside
Malware
- New ransomware encrypts files, then steals your Discord account
- Stopping Cobalt Strike with YARA
- Researchers Quietly Cracked Zeppelin Ransomware Keys
- Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan
- Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images
- Malicious extension lets attackers control Google Chrome remotely
- DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework
- Emotet coming in hot
- InfoSec Handlers Diary Blog - SANS Internet Storm Center
Sonstiges
- Erste Hilfe im Cybersecurity-Notfall: Ehrenamtliche wollen KRITIS unterstützen
- Instagram, Facebook, Twitter, YouTube suspended in Turkey after blast
- Mastodon now has over 1 million users amid Twitter tensions
- Japan joins NATO cyber defense center
- Microsoft switches on password-free mobile authentication
