[CERT-daily] Tageszusammenfassung - 05.01.2024

Fri Jan 5 18:25:57 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 04-01-2024 18:00 − Freitag 05-01-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Kritische Schadcode-Lücke gefährdet Ivanti Endpoint Manager ∗∗∗
---------------------------------------------
Unter bestimmten Voraussetzungen können Angreifer Schadcode auf Ivanti-EPM-Servern ausführen.
---------------------------------------------
https://www.heise.de/-9587991.html


∗∗∗ Ransomware: Nach der Erpressung folgt umgehend die nächste Erpressung ∗∗∗
---------------------------------------------
Online-Kriminelle werden immer dreister und schlachten Opfer von Erpressungstrojanern gleich mehrfach aus.
---------------------------------------------
https://www.heise.de/-9588424.html


∗∗∗ Fitness-App „Mad Muscles“: Kostenfalle statt Unterstützung bei Neujahrsvorsätzen ∗∗∗
---------------------------------------------
Der unseriöse Anbieter „Mad Muscles“ schaltet derzeit massiv Werbung auf Facebook und Instagram. Die Botschaft? „Building muscle isnt as hard as it sounds!“ („Muskelaufbau ist nicht so schwer, wie es klingt!“) - gerade zum Jahreswechsel sind solche Botschaften beliebt, sollen die Angebote doch dabei helfen, Neujahrsvorsätze einzuhalten. Was die Werbung verschweigt: Die Betreiber:innen von madmuscles.com und der dazugehörigen „Mad Muscle App“ machen Informationen zum Unternehmen genauso wenig transparent wie die Gesamtkosten. Hinzu kommt: Kündigungen werden laut Erfahrungsberichten erschwert.
---------------------------------------------
https://www.watchlist-internet.at/news/fitness-app-mad-muscles-kostenfalle-statt-unterstuetzung-bei-neujahrsvorsaetzen/


∗∗∗ The source code of Zeppelin Ransomware sold on a hacking forum ∗∗∗
---------------------------------------------
Researchers from cybersecurity firm KELA reported that a threat actor announced on a cybercrime forum the sale of the source code and a cracked version of the Zeppelin ransomware builder for $500.
---------------------------------------------
https://securityaffairs.com/156974/cyber-crime/zeppelin-ransomware-source-code.html


∗∗∗ New Bandook RAT Variant Resurfaces, Targeting Windows Machines ∗∗∗
---------------------------------------------
A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines, underscoring the continuous evolution of the malware. Fortinet FortiGuard Labs, which identified the activity in October 2023, said the malware is distributed via a PDF file that embeds a link to a password-protected .7z archive.“
---------------------------------------------
https://thehackernews.com/2024/01/new-bandook-rat-variant-resurfaces.html


∗∗∗ SpectralBlur: New macOS Backdoor Threat from North Korean Hackers ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors. “SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the [...]
---------------------------------------------
https://thehackernews.com/2024/01/spectralblur-new-macos-backdoor-threat.html


∗∗∗ Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer ∗∗∗
---------------------------------------------
Using extractors written in Python, we detail our system for extracting internal malware configurations from memory dumps. GuLoader and RedLine Stealer are our examples.
---------------------------------------------
https://unit42.paloaltonetworks.com/malware-configuration-extraction-techniques-guloader-redline-stealer/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Inductive Automation Trust Center Updates ∗∗∗
---------------------------------------------
Inductive Automation offers a special thanks to the following security researchers from Trend Micro Zero Day Initiative, Star Labs, Incite Team, and Claroty Research Team82 for their hard work in finding and responsibly disclosing security vulnerabilities described in this tech advisory. All reported issues have been resolved as of Ignition 8.1.35. Inductive Automation recommends upgrading Ignition to the current version to address known vulnerabilities.
---------------------------------------------
https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b


∗∗∗ QNAP Security Advisories ∗∗∗
---------------------------------------------
- Vulnerability in QcalAgent 
- Multiple Vulnerabilities in QTS and QuTS hero 
- Multiple Vulnerabilities in QuMagie 
- Multiple Vulnerabilities in Video Station 
- Vulnerability in Netatalk
---------------------------------------------
https://www.qnap.com/en-us/security-advisories


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (asterisk, chromium, exim4, netatalk, and tomcat9), Fedora (chromium), Gentoo (BlueZ, c-ares, CUPS filters, RDoc, and WebKitGTK+), Oracle (firefox, squid:4, thunderbird, and tigervnc), SUSE (python-aiohttp and python-paramiko), and Ubuntu (linux-intel-iotg).
---------------------------------------------
https://lwn.net/Articles/957005/


∗∗∗ Security Update for Ivanti EPM ∗∗∗
---------------------------------------------
[...] We are reporting this vulnerability as CVE-2023-39366. We have no indication that customers have been impacted by this vulnerability. 
This vulnerability impacts all supported versions of the product, and the issue has been resolved in Ivanti EPM 2022 Service Update 5. 
If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication.
---------------------------------------------
https://www.ivanti.com/blog/security-update-for-ivanti-epm


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily