[CERT-daily] Tageszusammenfassung - 03.11.2023

Fri Nov 3 18:08:58 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 02-11-2023 18:00 − Freitag 03-11-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ New macOS KandyKorn malware targets cryptocurrency engineers ∗∗∗
---------------------------------------------
A new macOS malware dubbed KandyKorn has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-macos-kandykorn-malware-targets-cryptocurrency-engineers/


∗∗∗ Atlassian warns of exploit for Confluence data wiping bug, get patching ∗∗∗
---------------------------------------------
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/atlassian-warns-of-exploit-for-confluence-data-wiping-bug-get-patching/


∗∗∗ Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons ∗∗∗
---------------------------------------------
Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users.
---------------------------------------------
https://www.darkreading.com/dr-global/spyware-designed-for-telegram-mods-also-targets-whatsapp-add-ons


∗∗∗ Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments ∗∗∗
---------------------------------------------
The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments.
---------------------------------------------
https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html


∗∗∗ 48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems ∗∗∗
---------------------------------------------
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm Phylum said.
---------------------------------------------
https://thehackernews.com/2023/11/48-malicious-npm-packages-found.html


∗∗∗ Prioritising Vulnerabilities Remedial Actions at Scale with EPSS ∗∗∗
---------------------------------------------
In this article, I’m presenting the Exploit Prediction Scoring System and its practical use cases in tandem with Common Vulnerability Scoring System.
---------------------------------------------
https://itnext.io/prioritising-vulnerabilities-remedial-actions-at-scale-with-epss-23bb60d614d9?gi=a4cadff2db3e


∗∗∗ Einstufung von Sicherheitslücken: Der CVSS-4.0-Standard ist da ∗∗∗
---------------------------------------------
Von niedrig bis kritisch: Das Common Vulnerability Scoring System (CVSS) hat einen Versionssprung vollzogen.
---------------------------------------------
https://www.heise.de/-9352555


∗∗∗ Apples "Wo ist": Keylogger-Tastatur nutzt Ortungsnetz zum Passwortversand ∗∗∗
---------------------------------------------
Eigentlich soll es helfen, verlorene Dinge aufzuspüren. Unsere Keylogger-Tastatur nutzt Apples "Wo ist"-Ortungsnetz jedoch zum Ausschleusen von Daten.
---------------------------------------------
https://www.heise.de/-9342791


∗∗∗ Lücke in VMware ONE UEM ermöglicht Login-Klau ∗∗∗
---------------------------------------------
Durch eine unsichere Weiterleitung können Angreifer SAML-Tokens angemeldeter Nutzer klauen und deren Zugänge übernehmen. VMware stellt Updates bereit.
---------------------------------------------
https://www.heise.de/-9352599


∗∗∗ Should you allow your browser to remember your passwords? ∗∗∗
---------------------------------------------
It’s very convenient to store your passwords in your browser. But is it a good idea?
---------------------------------------------
https://www.malwarebytes.com/blog/news/2023/11/should-you-allow-your-browser-to-remember-your-passwords


∗∗∗ You’d be surprised to know what devices are still using Windows CE ∗∗∗
---------------------------------------------
Windows CE — an operating system that, despite being out for 27 years, never had an official explanation for why it was called “CE” — finally reached its official end-of-life period this week. This was Microsoft’s first operating system for embedded and pocket devices, making an appearance on personal pocket assistants, some of the first BlackBerry-likes, laptops and more during its lifetime. 
---------------------------------------------
https://blog.talosintelligence.com/threat-source-newsletter-nov-2-2023/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ QNAP Security Advisories 2023-11-04 ∗∗∗
---------------------------------------------
QNAP released 4 new security advisories (2x Critical, 2x Medium). Music Station, QTS, QuTS hero, QuTScloud, Multimedia Console and Media Streaming add-on.
---------------------------------------------
https://www.qnap.com/en-us/security-advisories


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (phppgadmin and vlc), Fedora (attract-mode, chromium, and netconsd), Red Hat (.NET 7.0, c-ares, curl, ghostscript, insights-client, python, squid, and squid:4), SUSE (kernel and roundcubemail), and Ubuntu (libsndfile).
---------------------------------------------
https://lwn.net/Articles/950061/


∗∗∗ Vulnerability in IBM SDK, Java Technology Edition may affect IBM Operations Analytics Predictive Insights ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7066311


∗∗∗ Multiple security vulnerabilities in Go may affect IBM Robotic Process Automation for Cloud Pak ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7066400

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily