[CERT-daily] Tageszusammenfassung - 27.02.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 26-02-2024 18:00 − Dienstag 27-02-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub ∗∗∗
---------------------------------------------
An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost.
---------------------------------------------
https://thehackernews.com/2024/02/open-source-xeno-rat-trojan-emerges-as.html


∗∗∗ Achtung Betrug: Kriminelle locken mit gratis Spar-Geschenkkarten und Klimatickets ∗∗∗
---------------------------------------------
Aktuell kursieren gefälschte Gewinnspiele für kostenlose Spar-Geschenkkarten und Klimatickets. Die Angebote werden per E-Mail, in Sozialen Netzwerken oder per Direktnachricht auf Ihr Handy verbreitet. Die verlockenden Angebote dienen dazu, Ihnen persönliche Daten und Geld zu stehlen!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-betrug-kriminelle-locken-mit-gratis-spar-geschenkkarten-und-klimatickets/


∗∗∗ Booking.com refund request? It might be an Agent Tesla malware attack ∗∗∗
---------------------------------------------
Always be wary of opening unsolicited attachments - they might harbour malware.
---------------------------------------------
https://grahamcluley.com/booking-com-refund-request-it-might-be-an-agent-tesla-malware-attack/


∗∗∗ Phishing Malware That Sends Stolen Information Using Telegram API ∗∗∗
---------------------------------------------
Recently, several phishing scripts using Telegram are being distributed indiscriminately through keywords such as remittance and receipts.
---------------------------------------------
https://asec.ahnlab.com/en/62177/


∗∗∗ Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities ∗∗∗
---------------------------------------------
This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry.
---------------------------------------------
https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html


∗∗∗ Hunting PrivateLoader: The malware behind InstallsKey PPI service ∗∗∗
---------------------------------------------
Read the latest Bitsight research on PrivateLoader including important updates recently, including a new string encryption algorithm, a new alternative communication protocol and more.
---------------------------------------------
https://www.bitsight.com/blog/hunting-privateloader-malware-behind-installskey-ppi-service


∗∗∗ Februar-Sicherheitsupdates für Windows 11 können fehlschlagen ∗∗∗
---------------------------------------------
Microsoft arbeitet an der Lösung eines Problems, das die Installation der Februar-Sicherheitsupdates in Windows 11 verhindert.
---------------------------------------------
https://heise.de/-9639866



=====================
=  Vulnerabilities  =
=====================

∗∗∗ WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk ∗∗∗
---------------------------------------------
A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges.
---------------------------------------------
https://thehackernews.com/2024/02/wordpress-litespeed-plugin.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (engrampa and libgit2), Fedora (libxls, perl-Spreadsheet-ParseXLSX, and wpa_supplicant), Gentoo (PyYAML), Mageia (packages and thunderbird), Red Hat (firefox, kernel, linux-firmware, thunderbird, and unbound), Slackware (openjpeg), SUSE (golang-github-prometheus-prometheus, installation-images, kernel, python-azure-core, python-azure-storage-blob, salt and python-pyzmq, SUSE Manager 4.2.11, SUSE Manager 4.3, SUSE Manager Server 4.2, and wayland), [...]
---------------------------------------------
https://lwn.net/Articles/963805/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ XSA-451 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-451.html


∗∗∗ Zyxel Patches Remote Code Execution Bug in Firewall Products ∗∗∗
---------------------------------------------
https://www.securityweek.com/zyxel-patches-remote-code-execution-bug-in-firewall-products/


∗∗∗ Festo: Multiple vulnerabilities affect MES PC shipped with Windows 10 ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-065/


∗∗∗ Nagios XI: Schwachstellen CVE-2024-24401 und CVE-2024-24402; PoC öffentlich ∗∗∗
---------------------------------------------
https://www.borncity.com/blog/2024/02/27/nagios-xi-schwachstellen-cve-2024-24401-und-cve-2024-24402-poc-ffentlich/


∗∗∗ Mitsubishi Electric Multiple Factory Automation Products ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-058-01


∗∗∗ Santesoft Sante DICOM Viewer Pro ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01


∗∗∗ VMSA-2024-0005 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2024-0005.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily