[CERT-daily] Tageszusammenfassung - 09.10.2023

Mon Oct 9 18:35:21 CEST 2023

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 06-10-2023 18:00 − Montag 09-10-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ HelloKitty ransomware source code leaked on hacking forum ∗∗∗
---------------------------------------------
A threat actor has leaked the complete source code for the first version of the HelloKitty ransomware on a Russian-speaking hacking forum, claiming to be developing a new, more powerful encryptor.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-source-code-leaked-on-hacking-forum/


∗∗∗ High-Severity Flaws in ConnectedIOs 3G/4G Routers Raise Concerns for IoT Security ∗∗∗
---------------------------------------------
Multiple high-severity security vulnerabilities have been disclosed in ConnectedIOs ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data.
---------------------------------------------
https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html


∗∗∗ Turn OFF This WatchGuard Feature - GuardLapse ∗∗∗
---------------------------------------------
Picture this: a feature from a security appliance that willingly dispatches its password hashes to any device on the network. That is precisely what WatchGuards SSO does under certain circumstances.
---------------------------------------------
https://projectblack.io/blog/turn-off-this-watchguard-feature-guardlapse/


∗∗∗ Amazon Prime email scammer snatches defeat from the jaws of victory ∗∗∗
---------------------------------------------
A very convincing Amazon Prime scam landed in our mail server today and...went straight to spam. Heres why.
---------------------------------------------
https://www.malwarebytes.com/blog/news/2023/10/amazon-prime


∗∗∗ Credential Harvesting Campaign Targets Unpatched NetScaler Instances ∗∗∗
---------------------------------------------
Threat actors are targeting Citrix NetScaler instances unpatched against CVE-2023-3519 to steal user credentials.
---------------------------------------------
https://www.securityweek.com/credential-harvesting-campaign-targets-unpatched-netscaler-instances/


∗∗∗ The reality of Apple watch pen testing ∗∗∗
---------------------------------------------
We were approached to do an Apple Watch application test. It seems this isn’t a standard service offered by most companies (including us, although we’ve done plenty of work [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/the-reality-of-apple-watch-pen-testing/


∗∗∗ Immer wieder Abo-Fallen bei IQ-Tests wie auf iq-fast.com/de! ∗∗∗
---------------------------------------------
Wer einen IQ-Test durchführen möchte, findet im Internet unzählige Angebote dafür. Auch iq-fast.com/de lockt mit einem entsprechenden Test auf die eigene Website. Abgesehen von der minderwertigen Qualität des dort angebotenen Tests, der lediglich aus 20 Fragen besteht, führt eine Eingabe der Kreditkartendaten nicht zum Erhalt sinnvoller Ergebnisse, sondern in eine Abo-Falle!
---------------------------------------------
https://www.watchlist-internet.at/news/immer-wieder-abo-fallen-bei-iq-tests-wie-auf-iq-fastcom-de/


∗∗∗ Fake friends and followers on social media – and how to spot them ∗∗∗
---------------------------------------------
One of the biggest threats to watch out for on social media is fraud perpetrated by people who aren’t who they claim to be. Here’s how to recognize them.
---------------------------------------------
https://www.welivesecurity.com/en/social-media/fake-friends-followers-social-media-how-spot-them/


∗∗∗ Android TV Boxes Infected with Backdoors, Compromising Home Networks ∗∗∗
---------------------------------------------
The Android TV box you recently purchased may be riddled with harmful backdoors.
---------------------------------------------
https://www.hackread.com/android-tv-boxes-backdoors-home-networks/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (freerdp2, gnome-boxes, grub2, inetutils, lemonldap-ng, prometheus-alertmanager, python-urllib3, thunderbird, and vinagre), Fedora (freeimage, fwupd, libspf2, mingw-freeimage, thunderbird, and vim), Gentoo (c-ares, dav1d, Heimdal, man-db, and Oracle VirtualBox), Oracle (bind, bind9.16, firefox, ghostscript, glibc, ImageMagick, and thunderbird), Slackware (netatalk), SUSE (ImageMagick, nghttp2, poppler, python, python-gevent, and yq), and Ubuntu (bind9 and vim).
---------------------------------------------
https://lwn.net/Articles/947117/


∗∗∗ Vulnerabilities in Music Station ∗∗∗
---------------------------------------------
Two path traversal vulnerabilities have been reported to affect Music Station.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-23-28


∗∗∗ Vulnerabilities in ClamAV ∗∗∗
---------------------------------------------
Multiple vulnerabilities have been reported in ClamAV.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-23-26


∗∗∗ Vulnerability in QTS, QuTS hero, and QuTScloud ∗∗∗
---------------------------------------------
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating systems.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-23-37


∗∗∗ Vulnerability in QVPN Device Client for Windows ∗∗∗
---------------------------------------------
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client for Windows.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-23-36


∗∗∗ Vulnerability in QVPN Device Client for Windows ∗∗∗
---------------------------------------------
A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client for Windows.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-23-39


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily