[CERT-daily] Tageszusammenfassung - 21.12.2023

Thu Dec 21 18:24:14 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 20-12-2023 18:00 − Donnerstag 21-12-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ New phishing attack steals your Instagram backup codes to bypass 2FA ∗∗∗
---------------------------------------------
A new phishing campaign pretending to be a copyright infringement email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/


∗∗∗ Fake F5 BIG-IP zero-day warning emails push data wipers ∗∗∗
---------------------------------------------
The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/


∗∗∗ Android malware Chameleon disables Fingerprint Unlock to steal PINs ∗∗∗
---------------------------------------------
The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/android-malware-chameleon-disables-fingerprint-unlock-to-steal-pins/


∗∗∗ Windows CLFS and five exploits used by ransomware operators ∗∗∗
---------------------------------------------
We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these vulnerabilities similar? These questions encouraged me to take a closer look at the CLFS driver and its vulnerabilities.
---------------------------------------------
https://securelist.com/windows-clfs-exploits-ransomware/111560/


∗∗∗ Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518), (Wed, Dec 20th) ∗∗∗
---------------------------------------------
Attacks for the vulnerability started early in November, shortly after the vulnerability was announced. At the time, the attacks were more targeted to specific hosts. Now we are seeing more widespread scans typical for attackers trying to "clean up" instances earlier attacks may have missed.
---------------------------------------------
https://isc.sans.edu/diary/rss/30502


∗∗∗ Weaponizing DHCP DNS Spoofing — A Hands-On Guide ∗∗∗
---------------------------------------------
In this second blog post, we aim to elaborate on some of the technical details that are required to exploit this attack surface. We will detail the methods used to collect all the necessary information to conduct the attacks, describe some attack limitations, and explore how we can spoof multiple DNS records by abusing an interesting DHCP server behavior.
---------------------------------------------
https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing-hands-on-guide


∗∗∗ Kritische Lücken in Mobile-Device-Management-Lösung Ivanti Avalanche geschlossen ∗∗∗
---------------------------------------------
Angreifer können Ivanti Avalanche mit Schadcode attackieren. Eine reparierte Version steht zum Download bereit.
---------------------------------------------
https://www.heise.de/-9580221


∗∗∗ BSI veröffentlicht Studie zu Implementierungsangriffen auf QKD-Systeme ∗∗∗
---------------------------------------------
Das BSI hat eine wissenschaftliche Studie über Implementierungsangriffe auf Quantum Key Distribution (QKD)-Systeme veröffentlicht.
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/QKD-Systeme_231219.html


∗∗∗ Spoofing: Spätestens im Herbst 2024 soll mit dem Betrug Schluss sein ∗∗∗
---------------------------------------------
Alle österreichischen Telefonnummern erhalten ein "Mascherl", das sie als echt ausweist. Provider haben bis 1. September Zeit, die neue Verordnung umzusetzen.
---------------------------------------------
https://www.derstandard.at/story/3000000200615/spoofing-spaetestens-im-herbst-2024-soll-mit-dem-betrug-schluss-sein


∗∗∗ security.txt: A Simple File with Big Value ∗∗∗
---------------------------------------------
Our team at CISA often receives questions about why creation of a “security.txt” file was included as one of the priority Cybersecurity Performance Goals (CPGs). Why is it so important? Well, it’s such a simple concept, but it provides great value to all of those involved in vulnerability management and disclosure.
---------------------------------------------
https://www.cisa.gov/news-events/news/securitytxt-simple-file-big-value


=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI Security Advisories ∗∗∗
---------------------------------------------
Voltronic Power ViewPower, Hancom Office, Honeywell Saia PG5 Controls Suite
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/


∗∗∗ Google Chrome: Update schließt bereits angegriffene Zero-Day-Lücke ∗∗∗
---------------------------------------------
Googles Entwickler haben ein Update für Chrome veröffentlicht, das eine bereits angegriffene Sicherheitslücke abdichtet.
---------------------------------------------
https://www.heise.de/-9580061


∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023) ∗∗∗
---------------------------------------------
Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 7 Vulnerability Researchers that contributed to WordPress Security last week.
---------------------------------------------
https://www.wordfence.com/blog/2023/12/wordfence-intelligence-weekly-wordpress-vulnerability-report-december-11-2023-to-december-17-2023/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr), Fedora (kernel), Mageia (bluez), Oracle (fence-agents, gstreamer1-plugins-bad-free, opensc, openssl, postgresql:10, and postgresql:12), Red Hat (postgresql:15 and tigervnc), Slackware (proftpd), and SUSE (docker, rootlesskit, firefox, go1.20-openssl, go1.21-openssl, gstreamer-plugins-bad, libreoffice, libssh2_org, poppler, putty, rabbitmq-server, wireshark, xen, xorg-x11-server, and xwayland).
---------------------------------------------
https://lwn.net/Articles/955914/


∗∗∗ ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature ∗∗∗
---------------------------------------------
ESET has patched CVE-2023-5594, a high-severity vulnerability that can cause a browser to trust websites that should not be trusted.
---------------------------------------------
https://www.securityweek.com/eset-patches-high-severity-vulnerability-in-secure-traffic-scanning-feature/


∗∗∗ Drupal: Data Visualisation Framework - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-055 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-055


∗∗∗ Foxit: Security Advisories for Foxit PDF Reader ∗∗∗
---------------------------------------------
https://www.foxit.com/support/security-bulletins.html


∗∗∗ NETGEAR: Security Advisory for Stored Cross Site Scripting on the NMS300, PSV-2023-0106 ∗∗∗
---------------------------------------------
https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ CISA Adds Two Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/12/21/cisa-adds-two-known-exploited-vulnerabilities-catalog

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily