[CERT-daily] Tageszusammenfassung - 30.01.2023

Mon Jan 30 18:50:21 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 27-01-2023 18:00 − Montag 30-01-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Jetzt patchen! Sicherheitsforscher kombinieren Lücken in VMware vRealize Log ∗∗∗
---------------------------------------------
Angreifer könnten zeitnah vRealize Log von VMware ins Visier nehmen und Schadcode mit Root-Rechten ausführen. Sicherheitsupdates sind verfügbar.
---------------------------------------------
https://heise.de/-7474931


∗∗∗ Vorsicht vor gefälschten FinanzOnline-Benachrichtigungen ∗∗∗
---------------------------------------------
Kriminelle versenden gefälschte FinanzOnline-E-Mails. Aktuell sind uns zwei Varianten bekannt: In einem Mail wird behauptet, dass Sie eine Erstattung aus dem Sozialfonds erhalten. In einem anderen Mail steht, dass Sie eine Rückerstattung erhalten und einen QR-Code scannen müssen. Folgen Sie nicht den Anweisungen, es handelt sich um Betrug.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-gefaelschten-finanzonline-benachrichtigungen/


∗∗∗ Malware PlugX infiziert USB-Geräte ∗∗∗
---------------------------------------------
Sicherheitsforscher der Unit 42 von Palo Alto Networks haben Cyberangriffe mit neuer Variante der altbekannten Schadsoftware beobachtet. Die mutmaßlich aus China stammende PlugX-Malware ist aufgefallen, weil diese Variante alle angeschlossenen USB-Wechselmediengeräte wie Disketten-, Daumen- oder Flash-Laufwerke sowie alle weiteren Systeme [...]
---------------------------------------------
https://www.borncity.com/blog/2023/01/28/malware-plugx-infiziert-usb-gerte/


∗∗∗ Laufwerksverschlüsselung per BitLocker: Das sollten Sie beachten ∗∗∗
---------------------------------------------
Die Geräteverschlüsselung von Microsoft schützt Ihre Daten vor unerwünschten Zugriffen. Zuweilen greift BitLocker automatisch, oft muss man selbst Hand anlegen.
---------------------------------------------
https://heise.de/-7467041


∗∗∗ Shady reward apps on Google Play amass 20 million downloads ∗∗∗
---------------------------------------------
A new category of activity tracking applications has been having massive success recently on Google Play, Androids official app store, having been downloaded on over 20 million devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/shady-reward-apps-on-google-play-amass-20-million-downloads/


∗∗∗ SaaS Rootkit Exploits Hidden Rules in Microsoft 365 ∗∗∗
---------------------------------------------
A vulnerability within Microsofts OAuth application registration allows an attacker to create hidden forwarding rules that act as a malicious SaaS rootkit.
---------------------------------------------
https://www.darkreading.com/vulnerabilities-threats/saas-rootkit-exploits-hidden-rules-in-microsoft-365-


∗∗∗ Gootkit Malware Continues to Evolve with New Components and Obfuscations ∗∗∗
---------------------------------------------
The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is "exclusive to this group.
---------------------------------------------
https://thehackernews.com/2023/01/gootkit-malware-continues-to-evolve.html


∗∗∗ Titan Stealer: A New Golang-Based Information Stealer Malware Emerges ∗∗∗
---------------------------------------------
A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel. "The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," [...]
---------------------------------------------
https://thehackernews.com/2023/01/titan-stealer-new-golang-based.html


∗∗∗ Asking MEMORY.DMP and Volatility to make up ∗∗∗
---------------------------------------------
A few days ago Ive posted RE category write-ups from the KnightCTF 2023. Another category Ive looked at – quite intensely at that – was forensics. While this blog post isnt a write-up for that category, I still wanted (and well, was asked to actually) write down some steps I took to make Volatility work with MEMORY.DMP file provided in the "Take care of this" challenge series. Or actually steps I took to convert MEMORY.DMP into something volatility could work with.
---------------------------------------------
https://gynvael.coldwind.pl/?id=762


∗∗∗ Analysis Report on Malware Distributed via Microsoft OneNote ∗∗∗
---------------------------------------------
This document is an analysis report on malware that is being actively distributed using Microsoft OneNote. The ASEC analysis team identified the rapidly increasing trend of OneNote malware distribution from November 2022 and has classified the malware according to the level of intricacy based on the screen that appears when the file is actually opened.
---------------------------------------------
https://asec.ahnlab.com/en/46457/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Qnap-NAS: Kritische Sicherheitslücke ermöglicht Unterjubeln von Schadcode ∗∗∗
---------------------------------------------
In Qnap-Netzwerkgeräten mit QTS- und QuTS-hero-Betriebssystem könnten Angreifer Schadcode einschleusen und ausführen. Updates schließen die kritische Lücke.
---------------------------------------------
https://heise.de/-7475288


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl, dojo, git, lemonldap-ng, libapache-session-browseable-perl, libapache-session-ldap-perl, libzen, node-object-path, openjdk-11, sofia-sip, tiff, tor, and varnish), Fedora (libgit2, open62541, pgadmin4, rubygem-git, rust-bat, rust-cargo-c, rust-git-delta, rust-gitui, rust-libgit2-sys, rust-libgit2-sys0.12, rust-pore, rust-pretty-git-prompt, rust-rd-agent, rust-rd-hashd, rust-resctl-bench, rust-resctl-demo, rust-silver, and rust-tokei), Scientific
---------------------------------------------
https://lwn.net/Articles/921620/


∗∗∗ CERT-Warnung: Standard KeePass-Setup ermöglicht Passwort-Klau (CVE-2023-24055) ∗∗∗
---------------------------------------------
Kurzer Hinweis bzw. Warnung an Nutzer des KeePass Password Safe zur Verwaltung von Kennwörtern und Zugangsdaten. Das Cyber Emergency Response Team aus Belgien (CERT.be) hat am 27. Januar 2023 eine Warnung zu KeePass veröffentlicht. Im Standard-Setup sind Schreibzugriffe auf die [...]
---------------------------------------------
https://www.borncity.com/blog/2023/01/30/cert-warnung-standard-keepass-setup-ermglicht-passwort-klau-cve-2023-24055/


∗∗∗ IBM Planning Analytics Workspace is affected by vulnerabilties ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6848023


∗∗∗ Enterprise Content Management System Monitor is affected by a vulnerability in Eclipse Openj9 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6890603


∗∗∗ Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to Denial of Service (DoS) attacks (CVE-2022-40153) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6890629


∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6855093


∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Go ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6855105


∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6855099


∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6855097


∗∗∗ IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6855101

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily