[CERT-daily] Tageszusammenfassung - 08.11.2023

Wed Nov 8 18:54:16 CET 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 07-11-2023 18:00 − Mittwoch 08-11-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Example of Phishing Campaign Project File, (Wed, Nov 8th) ∗∗∗
---------------------------------------------
We all have a love and hate relation with emails. When newcomers on the Internet starts to get emails, they are so happy but their feeling changes quickly. Then, they hope to reduce the flood of emails received daily... Good luck! Of course, tools have been developed to organize marketing campaigns. From marketing to spam or phishing, there is only one step. Bad guys started to use the same programs for malicious purpose.
---------------------------------------------
https://isc.sans.edu/diary/rss/30384


∗∗∗ Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation ∗∗∗
---------------------------------------------
Cybersecurity researchers have developed whats the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Cybersecurity company SafeBreach said it discovered three different methods to run the miner, including one that can be executed on a victims environment without attracting any attention.
---------------------------------------------
https://thehackernews.com/2023/11/researchers-uncover-undetectable-crypto.html


∗∗∗ Hunderte Experten warnen vor staatlichen Root-Zertifikaten ∗∗∗
---------------------------------------------
Bald sollen EU-Bürger sich auf grenzüberschreitende elektronische Dienste und Vertrauensstellen verlassen müssen. Experten schlagen Alarm.
---------------------------------------------
https://www.heise.de/-9355165.html


∗∗∗ Angebliches LinkedIn-Datenleck: Daten von Tätern konstruiert ∗∗∗
---------------------------------------------
Im digitalen Untergrund haben Kriminelle Daten aus einem angeblichen LinkedIn-Leck angeboten. Diese entpuppen sich als künstlich aufgebläht.
---------------------------------------------
https://www.heise.de/-9355976.html


∗∗∗ Tool Release: Magisk Module – Conscrypt Trust User Certs ∗∗∗
---------------------------------------------
Android 14 introduced a new feature which allows to remotely install CA certificates. This change implies that instead of using the /system/etc/security/cacerts directory to check the trusted CA’s, this new feature uses the com.android.conscrypt APEX module, and reads the certificates from the directory /apex/com.android.conscrypt/cacerts. Inspired by this blog post by Tim Perry, I decided to create a [...]
---------------------------------------------
https://research.nccgroup.com/2023/11/08/tool-release-magisk-module-conscrypt-trust-user-certs/


∗∗∗ Sumo Logic Urges Users to Change Credentials Due to Security Breach ∗∗∗
---------------------------------------------
Cloud monitoring and SIEM firm Sumo Logic is urging users to rotate credentials following the discovery of a security breach.
---------------------------------------------
https://www.securityweek.com/sumo-logic-urges-users-to-change-credentials-due-to-security-breach/


∗∗∗ Vorsicht vor stark verbilligten Amazon-Schnäppchen ∗∗∗
---------------------------------------------
Man glaubt es kaum: Tablets, Smartphones oder Notebooks, die auf Amazon um die Hälfte billiger angeboten werden. Solche Schnäppchen entpuppen sich aber als Lockangebote, um Ihnen Geld zu stehlen. Wir zeigen Ihnen, wie diese Betrugsmasche funktioniert!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-stark-verbilligten-amazon-schnaeppchen/


∗∗∗ Vorsicht vor vermeintlichen Rechnungen der „Click Office World“ ∗∗∗
---------------------------------------------
Fake-Rechnungen sind nichts Neues in der Welt des Unternehmensbetrugs, aktuell scheinen Betrüger:innen jedoch wieder massenhaft solche Rechnungen zu versenden. So erhalten viele Unternehmen derzeit per Post englischsprachige Rechnungen von „CLICK OFFICE WORLD“, in denen eine 14-tägige Zahlungsfrist und ein Betrag von 955 Euro gefordert werden. Zahlen Sie nichts, es handelt sich um Betrug!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-vermeintlichen-rechnungen-der-click-office-world/


∗∗∗ Warning Against Phobos Ransomware Distributed via Vulnerable RDP ∗∗∗
---------------------------------------------
AhnLab Security Emergency response Center (ASEC) has recently discovered the active distribution of the Phobos ransomware. Phobos is a variant known for sharing technical and operational similarities with the Dharma and CrySis ransomware. These ransomware strains typically target externally exposed Remote Desktop Protocol (RDP) services with vulnerable securities as attack vectors.
---------------------------------------------
https://asec.ahnlab.com/en/58753/


∗∗∗ Lazarus-Linked BlueNoroff APT Targeting macOS with ObjCShellz Malware ∗∗∗
---------------------------------------------
Threat Labs’ security experts have discovered a new malware variant attributed to the BlueNoroff APT group.
---------------------------------------------
https://www.hackread.com/lazarus-bluenoroff-apt-macos-objcshellz-malware/


∗∗∗ A Balanced Approach: New Security Headers Grading Criteria ∗∗∗
---------------------------------------------
The Security Headers grading criteria is something that doesnt change often, but when it does, theres a good reason behind the change. In this blog, I will outline the new grading criteria and the reasons why weve made the change.
---------------------------------------------
https://scotthelme.co.uk/a-balanced-approach-new-security-headers-grading-criteria/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patchday: Kritische System-Lücke bedroht Android 11, 12 und 13 ∗∗∗
---------------------------------------------
Google hat wichtige Sicherheitsupdates für verschiedene Android-Versionen veröffentlicht.
---------------------------------------------
https://www.heise.de/-9355953.html


∗∗∗ Malware-Schutz: Rechteausweitung in Trend Micros Apex One möglich ∗∗∗
---------------------------------------------
In Trend Micros Schutzsoftware Apex One können Angreifer Schwachstellen missbrauchen, um ihre Privilegien auszuweiten. Updates korrigieren das.
---------------------------------------------
https://www.heise.de/-9356484.html


∗∗∗ Webbrowser: Lücke mit hohem Risiko in Google Chrome geschlossen ∗∗∗
---------------------------------------------
Google schließt mit dem Update von Chrome eine hochriskante Sicherheitslücke, die Webseiten offenbar das Unterschieben von Schadcode ermöglicht.
---------------------------------------------
https://www.heise.de/-9355888.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python-urllib3 and tang), Fedora (chromium, mlpack, open-vm-tools, and salt), Red Hat (avahi, binutils, buildah, c-ares, cloud-init, containernetworking-plugins, cups, curl, dnsmasq, edk2, flatpak, frr, gdb, ghostscript, glib2, gmp, grafana, haproxy, httpd, mod_http2, java-21-openjdk, kernel, krb5, libfastjson, liblouis, libmicrohttpd, libpq, libqb, librabbitmq, LibRaw, libreoffice, libreswan, libssh, libtiff, libvirt, libX11, linux-firmware, mod_auth_openidc, ncurses, nghttp2, opensc, pcs, perl-CPAN, perl-HTTP-Tiny, podman, procps-ng, protobuf-c, python-cryptography, python-pip, python-tornado, python-wheel, python3.11, python3.11-pip, python3.9, qemu-kvm, qt5 stack, runc, samba, samba, evolution-mapi, openchange, shadow-utils, skopeo, squid, sysstat, tang, tomcat, toolbox, tpm2-tss, webkit2gtk3, wireshark, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), Slackware (sudo), SUSE (squid), and Ubuntu (python-urllib3).
---------------------------------------------
https://lwn.net/Articles/950694/


∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog ∗∗∗
---------------------------------------------
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29552 Service Location Protocol (SLP) Denial-of-Service Vulnerability
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/11/08/cisa-adds-one-known-exploited-vulnerability-catalog


∗∗∗ GE MiCOM S1 Agile ∗∗∗
---------------------------------------------
Successful exploitation of this vulnerability could allow an attacker to upload malicious files and achieve code execution.
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-01


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily