[CERT-daily] Tageszusammenfassung - 01.12.2022

Daily end-of-shift report team at cert.at
Thu Dec 1 18:11:09 CET 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 30-11-2022 18:00 − Donnerstag 01-12-2022 18:00
Handler:     Stephan Richter
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ New Windows malware scans victims’ mobile phones for data to steal ∗∗∗
---------------------------------------------
Security researchers found a previously unknown backdoor they call Dophin thats been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-windows-malware-scans-victims-mobile-phones-for-data-to-steal/


∗∗∗ New DuckLogs malware service claims having thousands of ‘customers’ ∗∗∗
---------------------------------------------
A new malware-as-a-service (MaaS) operation named DuckLogs has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-ducklogs-malware-service-claims-having-thousands-of-customers-/


∗∗∗ Making unphishable 2FA phishable ∗∗∗
---------------------------------------------
One of the huge benefits of WebAuthn is that it makes traditional phishing attacks impossible. But what if there was a mechanism for an attacker to direct a user to a legitimate login page, resulting in a happy WebAuthn flow, and obtain valid credentials for that user anyway?
---------------------------------------------
https://mjg59.dreamwidth.org/62175.html


∗∗∗ Whats the deal with these router vulnerabilities?, (Thu, Dec 1st) ∗∗∗
---------------------------------------------
Earlier today, I was browser recently made public vulnerabilities for tomorrow's version of our @Risk newsletter. What stuck out was a set of about twenty vulnerabilities in Netgear and DLink routers.
---------------------------------------------
https://isc.sans.edu/diary/rss/29288


∗∗∗ Sirius XM flaw unlocks so-called smart cars thanks to code flaw ∗∗∗
---------------------------------------------
Telematics program doesn't just give you music, but a big security flaw Sirius XMs Connected Vehicle Services has fixed an authorization flaw that would have allowed an attacker to remotely unlock doors and start engines on connected cars knowing only the vehicle identification number (VIN).
---------------------------------------------
https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/


∗∗∗ l+f: Sicherheitsforscher legen aus Versehen gesamtes Botnet KmsdBot lahm ∗∗∗
---------------------------------------------
Wie ein Typo kriminellen Machenschaften das Handwerk legt.
---------------------------------------------
https://heise.de/-7363007


∗∗∗ Vorsicht, wenn Sie ein SMS von Amazon erhalten ∗∗∗
---------------------------------------------
Kriminelle geben sich als Amazon aus und versenden gefälschte Benachrichtigungen. Im SMS steht, dass Ihr Amazon-Konto vorübergehend gesperrt wurde und Sie Informationen aktualisieren müssen. Dafür sollten Sie auf einen Link klicken. Achtung: Der Link führt zu einer gefälschten Login-Seite. Kriminelle stehlen damit Ihre Benutzer- und Kreditkartendaten!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-wenn-sie-ein-sms-von-amazon-erhalten/


∗∗∗ LastPass-Kundendaten nach Hack eines Cloud-Speicherdiensts abgezogen (Nov. 2022) ∗∗∗
---------------------------------------------
Der Dienst LastPass informierte vor einigen Stunden seine Kunden, dass kürzlich "ungewöhnliche Aktivitäten" bei einem Cloud-Speicherdienst eines Drittanbieters entdeckt wurden. 
---------------------------------------------
https://www.borncity.com/blog/2022/12/01/lastpass-kundendaten-nach-hack-eines-cloud-speicherdiensts-abgezogen-nov-2022/


∗∗∗ Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities ∗∗∗
---------------------------------------------
Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.
---------------------------------------------
https://blog.talosintelligence.com/vulnerability-spotlight-lansweeper-directory-traversal-and-cross-site-scripting-vulnerabilities/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical RCE bugs in Android remote keyboard apps with 2M installs ∗∗∗
---------------------------------------------
Three Android applications that allow users to use devices as remote keyboards for their computers have critical vulnerabilities that could expose key presses and enable remote code execution.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/critical-rce-bugs-in-android-remote-keyboard-apps-with-2m-installs/


∗∗∗ IBM Security Bulletins 2022-11-30 ∗∗∗
---------------------------------------------
IBM API Connect, IBM MQ Operator and Queue manager container images, IBM Security Guardium, IBM Sterling Control Center, IBM Watson Discovery for IBM Cloud Pak for Data, IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data.
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (device-mapper-multipath, firefox, hsqldb, krb5, thunderbird, and xorg-x11-server), Debian (libraw), Fedora (freerdp and grub2), SUSE (bcel, emacs, glib2, glibc, grub2, nodejs10, and tomcat), and Ubuntu (linux-azure-fde and snapd).
---------------------------------------------
https://lwn.net/Articles/916443/


∗∗∗ Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-062 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-062


∗∗∗ Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-061 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-061


∗∗∗ Social Base - Moderately critical - Access bypass - SA-CONTRIB-2022-060 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-060


∗∗∗ Horner Automation Remote Compact Controller ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-335-02


∗∗∗ Replay Angriffe & Darstellung beliebiger Inhalte in Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol (electronic shelf labels) ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/replay-attacks-displaying-arbitrary-contents-in-zhuhai-suny-technology-esl-tag-etag-tech-protocol-electronic-shelf-labels/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list