[CERT-daily] Tageszusammenfassung - 12.02.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 09-02-2024 18:00 − Montag 12-02-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Free Rhysida ransomware decryptor for Windows exploits RNG flaw ∗∗∗
---------------------------------------------
South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/free-rhysida-ransomware-decryptor-for-windows-exploits-rng-flaw/


∗∗∗ Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor ∗∗∗
---------------------------------------------
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-exploit-ivanti-ssrf-flaw-to-deploy-new-dslog-backdoor/


∗∗∗ Exploit against Unnamed "Bytevalue" router vulnerability included in Mirai Bot, (Mon, Feb 12th) ∗∗∗
---------------------------------------------
Today, I noticed the following URL showing up in our "First Seen" list: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/30642


∗∗∗ Microsoft Defender: Der Erkennung mit Komma entgehen ∗∗∗
---------------------------------------------
Ein IT-Forscher hat entdeckt, dass sich die Erkennung des Microsoft Defenders mit einem Komma austricksen lässt.
---------------------------------------------
https://www.heise.de/-9625770.html


∗∗∗ SiCat: Open-source exploit finder ∗∗∗
---------------------------------------------
SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential vulnerabilities and corresponding exploits.
---------------------------------------------
https://www.helpnetsecurity.com/2024/02/12/sicat-open-source-exploit-finder/


∗∗∗ Warzone RAT Shut Down by Law Enforcement, Two Arrested ∗∗∗
---------------------------------------------
Warzone RAT dismantled in international law enforcement operation that also involved arrests of suspects in Malta and Nigeria.
---------------------------------------------
https://www.securityweek.com/warzone-rat-shut-down-by-law-enforcement-two-arrested/


∗∗∗ Diving Into Gluptebas UEFI Bootkit ∗∗∗
---------------------------------------------
A 2023 Glupteba campaign includes an unreported feature - a UEFI bootkit. We analyze its complex architecture and how this botnet has evolved.
---------------------------------------------
https://unit42.paloaltonetworks.com/glupteba-malware-uefi-bootkit/


∗∗∗ Bitdefender warnt vor neuer Backdoor für macOS ∗∗∗
---------------------------------------------
Sie bleibt vermutlich mindestens drei Monate unentdeckt. RustDoor erlaubt die gezielte Suche nach Daten und deren Übertragung an einen externen Server.
---------------------------------------------
https://www.zdnet.de/88414203/bitdefender-warnt-vor-neuer-backdoor-fuer-macos/


∗∗∗ Angreifer spoofen Temu ∗∗∗
---------------------------------------------
Die Popularität des E-Commerce-Shops lockt Betrüger, die sich auf gefälschte Werbegeschenkcodes spezialisieren.
---------------------------------------------
https://www.zdnet.de/88414209/angreifer-spoofen-temu/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ ExpressVPN: Fehler führt zu ungeschützter Übertragung von DNS-Anfragen ∗∗∗
---------------------------------------------
Durch den Fehler können Drittanbieter potenziell nachverfolgen, welche Webseiten ExpressVPN-Nutzer besucht haben - trotz aktiver VPN-Verbindung.
---------------------------------------------
https://www.golem.de/news/expressvpn-fehler-fuehrt-zu-ungeschuetzter-uebertragung-von-dns-anfragen-2402-182088.html


∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog ∗∗∗
---------------------------------------------
CVE-2024-21762 Fortinet FortiOS Out-of-Bound Write Vulnerability
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/02/09/cisa-adds-one-known-exploited-vulnerability-catalog


∗∗∗ CISA Adds One Known Exploited Vulnerability to Catalog ∗∗∗
---------------------------------------------
CVE-2023-43770 Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/02/12/cisa-adds-one-known-exploited-vulnerability-catalog


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libgit2), Fedora (chromium, firecracker, libkrun, openssh, python-nikola, runc, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, virtiofsd, webkitgtk, and wireshark), Mageia (filezilla and xpdf), Oracle (gimp), Red Hat (libmaxminddb, linux-firmware, squid:4, and tcpdump), Slackware (xpdf), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont and suse-build-key), and Ubuntu (python-glance-store and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/961842/


∗∗∗ Mehrere Cross-Site Scripting Schwachstellen in Statamic CMS ∗∗∗
---------------------------------------------
https://sec-consult.com/de/vulnerability-lab/advisory/mehrere-cross-site-scripting-schwachstellen-in-statamic-cms/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily