[CERT-daily] Tageszusammenfassung - 15.12.2023

Fri Dec 15 18:06:55 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-12-2023 18:00 − Freitag 15-12-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Ten new Android banking trojans targeted 985 bank apps in 2023 ∗∗∗
---------------------------------------------
This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ten-new-android-banking-trojans-targeted-985-bank-apps-in-2023/


∗∗∗ Fake-Werbeanzeige auf Facebook & Instagram: „Verlorenes Gepäck für nur 1,95 €!“ ∗∗∗
---------------------------------------------
Im Namen des „Vienna International Airport“ schalten Kriminelle aktuell betrügerische Anzeigen und behaupten, dass verloren gegangene Koffer für knapp 2 Euro verkauft werden.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-werbeanzeige-auf-facebook-instagram-verlorenes-gepaeck-fuer-nur-195-eur/


∗∗∗ OilRig’s persistent attacks using cloud service-powered downloaders ∗∗∗
---------------------------------------------
ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications.
---------------------------------------------
https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/


∗∗∗ New Hacker Group GambleForce Hacks Targets with Open Source Tools ∗∗∗
---------------------------------------------
Yet another day, yet another threat actor posing a danger to the cybersecurity of companies globally.
---------------------------------------------
https://www.hackread.com/gambleforce-hacks-targets-open-source-tools/


∗∗∗ Mining The Undiscovered Country With GreyNoise EAP Sensors: F5 BIG-IP Edition ∗∗∗
---------------------------------------------
Discover the fascinating story of a GreyNoise researcher who found that attackers were using his demonstration code for a vulnerability instead of the real exploit. Explore the implications of this situation and learn about the importance of using accurate and up-to-date exploits in the cybersecurity community.
---------------------------------------------
https://www.greynoise.io/blog/mining-the-undiscovered-country-with-greynoise-eap-sensors-f5-big-ip-edition


∗∗∗ Opening a new front against DNS-based threats ∗∗∗
---------------------------------------------
There are multiple ways in which threat actors can leverage DNS to carry out attacks. We will provide a an introduction to DNS threat landscape.The post Opening a new front against DNS-based threats appeared first on Avast Threat Labs.
---------------------------------------------
https://decoded.avast.io/threatintel/opening-a-new-front-against-dns-based-threats/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Ubiquiti: Nutzer konnten auf fremde Sicherheitskameras zugreifen ∗∗∗
---------------------------------------------
Teilweise erhielten Anwender sogar Benachrichtigungen auf ihre Smartphones, in denen Bilder der fremden Kameras enthalten waren.
---------------------------------------------
https://www.golem.de/news/ubiquiti-nutzer-konnten-auf-fremde-sicherheitskameras-zugreifen-2312-180359.html


∗∗∗ New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now ∗∗∗
---------------------------------------------
Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances.
---------------------------------------------
https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.html


∗∗∗ Squid-Proxy: Denial of Service durch Endlosschleife ∗∗∗
---------------------------------------------
Schickt ein Angreifer einen präparierten HTTP-Header an den Proxy-Server, kann er ihn durch eine unkontrollierte Rekursion zum Stillstand bringen.
---------------------------------------------
https://www.heise.de/news/Squid-Proxy-Denial-of-Service-durch-Endlosschleife-9575176.html?wt_mc=rss.red.security.security.atom.beitrag.beitrag


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bluez and haproxy), Fedora (curl, dotnet6.0, dotnet7.0, tigervnc, and xorg-x11-server), Red Hat (avahi and gstreamer1-plugins-bad-free), Slackware (bluez), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cosign, curl, gstreamer-plugins-bad, haproxy, ImageMagick, kernel, kernel-firmware, libreoffice, tiff, [...]
---------------------------------------------
https://lwn.net/Articles/955336/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Unitronics Vision Series ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-15

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily