DFN-CERT | @[email protected]

Auch wir sehen vermehrt mit #Pikabot infizierte Systeme in unseren #Netflow Daten und informieren betroffenen Einrichtungen unmittelbar. 🤗

#CONNECT44 - the latest GÉANT CONNECT Magazine is now out, and it's a jam-packed issue with contributions from the community! Highlights: 🌐 #OpenScience ⚛️ #Quantum Communications ⚡️ #HPC & applications in R&E And many more topics! Read it here 👉 connect.geant.org/connect44

⚓️Ahoi! Dabei sein & mitfeiern!🎂Wir zelebrieren die 10. DFN-Konferenz „#Datenschutz“ an den #Landungsbrücken🚢in Hamburg @DFNCERT Am Dienstag & Mittwoch, 28. & 29. November 2023 ist es soweit. Meldet Euch gleich an! 👉dfn-cert.de/veranstaltunge…

Cisco CVE-2023-20198 exploitation activity: We see over 32.8K Cisco IOS XE IPs compromised with implants based on the check published by Cisco in blog.talosintelligence.com/active-exploit… IP data on implants shared out daily in: shadowserver.org/what-we-do/net… tagged 'device-implant'.

#Cisco admins please disable the HTTP Server-Feature on internet facing Cisco IOS XE devices or else (CVE-2023-20198). CVSS 10.0 via Web UI, no updates, exploitation detected. sec.cloudapps.cisco.com/security/cente…

@lazy_daemon @heisec @malware_traffic/111183156096970123" target="_blank" rel="nofollow noopener">infosec.exchange/@malware_traff…

@heisec Nicht ganz richtig, siehe twitter.com/ffforward/stat…

Botnet: Trotz Qakbot-Schlag verteilt Cybergang weiter Malware heise.de/news/Botnet-Tr… #Ransomware #Security #Sicherheitslücken

@lazy_daemon @heisec twitter.com/malware_traffi…

🥳Der neue #DFNInfobriefRecht ist online! Diesen Monat berichtet die Forschungsstelle Recht der @uni_muenster über 👩‍⚖️Datenschutzrecht im #Metaverse, Kritik an der aktuellen Praxis des #elending & über das neue EU-US Data Privacy Framework. 👉 dfn.de/dfn-infobrief-…

Season starts early this year: major incidents in the German National Research and Education Network @DFN_de are piling up. Stay safe everyone and contact cert@dfn-cert.de if in trouble!

Exim 4.97 is in the works (RC1 available) and should include patches, but no confirmation so far. lists.exim.org/lurker/message…

3 of 6 #Exim Patches are available for distribution maintainers, 2x severity 'high' (RCE would be 'critical'). seclists.org/oss-sec/2023/q… #release-triggers" target="_blank" rel="nofollow noopener">github.com/Exim/exim/wiki…

The ZDI published some 0Day advisories for #Exim recently at zerodayinitiative.com/advisories/pub…. RCE with CVSS Base Score of 9.8 is among the vulnerabilities, but Exim devs are not so sure ¯\_(ツ)_/¯.

On September 21st, 2023 Telekom Security CTI Team observed the threat actor #TA577, also known as "TR", launching a new high-volume malware distribution campaign spreading #DarkGate malware. 🧵 1/4

Long time no see! 👋 V25 of my family tree 🌳 dedicated to #ransomware is out on @orangecyberdef’s GitHub. Always happy to receive your reviews so don’t hesitate :)) ➡️github.com/cert-orangecyb… #CyberSecurity #cti @CERTCyberdef

@anyrun_app Cc: @mattnotmax

📌#GootLoader is a loader distributed under a malware-as-a-service model #MaaS is an affiliate program that lowers the entry threshold for participants into malicious activities. 🤲To decode the traffic, we've specially crafted a recipe for you in #CyberChef Check out the submission - app.any.run/tasks/c0b41d04… 📄 Copy the entire Cookie field by clicking the 'Copy' button next to it: 🟩 - Check-in traffic is hidden in the Cookie field under five parameters. 📝 Next, paste the copied clipboard content into the #CyberChef input field: #recipe=Register('(%5BA-F0-9%5D%7B10%7D)',true,false,false)Fork('$R0','%5C%5Cn%5C%5Cn',false)Find_/_Replace%28%7B'option':'Regex','string':'%5E%5C%5Cd?%3D'%7D,'%20',true,false,true,false)From_Base64('A-Za-z0-9%2B/%3D',true,false)Gunzip%28%29&input=ODU2NTM5MUVDQT1INHNJQUFBQUFBQUVBSTJVWFcrYk1CU0cvd3JjYmRLR3VpYktwdWJLZ0JuZU1FYTJTWHFCakJoeE1qUUlDTk8xbGZqeHMwblVVclZLZDRIeCtiSmZIejhBb2lobGtMS0VrZ0JGVUhnM1dkSzNoNzVvL0dJb1Joc2tpUTg0TVA1VXlWNWx4YTZwamhub09oUFBhRnRvOHpEYVh0czA3ZkZjR2xTMVZMT2xyTW1SblhKT3hsc1ZIeDYrclQ2K0tyTW05NlhpN1dxNXVINTNPNEtUbEVNYUF3eUZPZkxueEp2V1laMHNUZkcyT3U3YWU1V3BSelhJWm5HZGxjM09rUTl5dElNa2owa2VFc1p6TDRUZVR4R1QwUTRKaGo1Rkc5T3lrNVVBSG9wNWwwWTdJaDZJM21saDFKWkZiVksvazFqTDJrQXFzdXhKWUp4aUY5S2NCTG0rSVE4eVJpZ1R5OUVtVEp3RjV6RWZiYk0zdk9YQzBjZGNPL0FXcmgwWDhMWGpZWC90YkZ4bUJ1Mzd3Y3lqSjFzV21DRmNPNWg1T2kySjlCcGtxMEVJWVJUbFBtS2NJamZsaU1UNnpDQ09ZU1F3UXpmblBhMnZsdTcxWGlwVnRVZWova2xjRHFnWElnNDlubElvQVBaWHkza1UrVERtS0VENmtGUE1DalEvOWFPMXNuQzdrN1gxWldteFFYYWRac3BhZkxMQTNmQmJIb2VxMU1uelpTSzQwWUpXY3hlRkc4UzBYSEVscnhZNjhBenhLNll2VXZveWZBbkpwOHkzK2RQaDFJMlE5M3p2eWQydnVpcEhtMDJFK1gzMVYwN3duR3phdHNPTXc5SG1FQ2NYb2NtNGJEcWQ5MzlwQmltZllJRGlaL3pOWlBvZ3pyd2FlL1luZU1IeXZkWlY5UzhVM3A4SkhQcWkxRGVXNyt2aW9NVGlkYUJ1RDN2ZEUxUHNicmlyRlhLcEJwVlZSelVVZGQwVjVaL2lJTE5TVmVkTVI3OE41RnVNQks3S3ZsWHRmckRlcHMvNkI2RFpxRW5FQkFBQTsgODU2NTM5MUVDQTE9SDRzSUFBQUFBQUFFQUNXTjBRcURNQXhGdjZYL01QWXU2b01QQTFISG5rV0RGdE9tSktYZG9CKy9TQWtrQis0SnQyMFJWZy84ZkJTemtUOUpvb0t3U0RGN2RzWEFOeUF4Y0RIRGpxRDcxWGREdTd6SHJsbjZZbERXVzBWUk5WQUdsaE1RaXhIZ1pEZlFTTnd0U0NCQ1NRcHBxeVh6VHlMb1YxemxBbjlVcUZHMlhxY0Mwa0crbUkvMVV6UHBkWGJrTkd0emRzRkR6TmNmL2wxQWpNSUFBQUE9OyA4NTY1MzkxRUNBMj1INHNJQUFBQUFBQUVBQVhCT3hKQVFCQUUwS3U0QUdYMm8yM29DZ0l5VmJhbnQ0cEFJbkI5NyszWHN5N3JzVjM2dXI1anJTVzV6MkNrWXN4RVZzWVVMRm1RbkJvdE5oSTRXWUtZMFNDa2t4amRaVmFHKy8wQjNnU0ZSVkVBQUFBPTsgODU2NTM5MUVDQTM9SDRzSUFBQUFBQUFFQUtXUnkwN0RNQkJGZnlYOWdhcHBXa3lYRUI0YlhnS0ovV1I4azdvNHRqVXhsS0IrUEJOb04yeForREZIOTQ2dk5XVWQrL1NlSVlkWitRd2UyYU80ZEVHck9vWXMwUmRQRk9DMUp0di84RHZYQ0luRGNKaFZmelVQeVBzb2I0ZlpzaUZQZ2JHak1FK2hVOENrUWhkb3Z4M25rdHVKTk0xbVplMjU0WXBSVldzMmE2ek4yYkpjbFV2QU1oWmwxVEliUTd4Wmd0ZW1OVEFyWXJPd0ZtVzVtZTgwUXZudkxsOHVUV0VzYUJoUFdXTVluSVdBeEovU1dzb3VkSTNvZGlKbzhzQU9JYnZXOGRIYTZoZTlIK0hCV1pUK1NydjRBUW05U2dXZU11eVI5N0NPRW8zelhack1TV0xyMU9tbnBzTVJDdnFZOGFIcmFCSU1XUi93Y2YrcldGeXd4SVp5OFF6UzBNVlZyYXl1UFhRb090YkZqUk8wOFZOdnR6RjJPdDk2SzdHSDF2ZE9uVU5zYzNGdHV3azhKZ2pwK2ZJMnBxbCt2YXVMbjR4RjhqUkN2Z0dweEhIU0xnSUFBQT09OyA4NTY1MzkxRUNBND1INHNJQUFBQUFBQUVBSE9PTTdFd3RUUzFNRFUzTWJBQUFKWStvd1VOQUFBQQ" target="_blank" rel="nofollow noopener">gchq.github.io/CyberChef/#rec… ✅ At last, get the information sent to the #GootLoader's C2

There is still time to submit your paper to the Elbsides light conference - send in your talk elbsides.eu/2023/cfp/ until Sept 23rd #wewantyourtalk #infosec #cybersecurity #cfp

DFN-PKI: Version 13 der Zertifizierungsrichtlinie der DFN-PKI im Sicherheitsniveau „Global“ blog.pki.dfn.de/2023/09/versio…

🏙️Berlin, Berlin, wir fahren nach Berlin – heißt es im Oktober zur #DFN_BT79! Nur noch wenige Woche, dann sehen wir uns wieder bei der 79. DFN-Betriebstagung am 17. & 18.10.2023 zum Austauschen & auf den neusten Stand bringen🫂. Wir freuen uns wie Bolle! dfn.de/event/79-betri…

#Zimbra Patches for 2 #XSS have arrived: #Security_Fixes" target="_blank" rel="nofollow noopener">wiki.zimbra.com/wiki/Zimbra_Re… #Security_Fixes" target="_blank" rel="nofollow noopener">wiki.zimbra.com/wiki/Zimbra_Re… #Security_Fixes" target="_blank" rel="nofollow noopener">wiki.zimbra.com/wiki/Zimbra_Re…

PSA: new Zimbra #XSS, Patch will be available 2023-09-13 (aka tomorrow) for - Daffodil 10.0.4 - 9.0.0 Kelper Patch 36 - 8.8.15 Joule Patch 43 blog.zimbra.com/2023/09/new-pa…